Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

podcast

How GDPR Impacts Third-Party Risk Management

CPE Credit Eligible

Is your third-party risk management program in order for GDPR?

While the General Data Protection Regulation, aka GDPR, is a European regulation, it has a global impact on any company which is collecting, storing or accessing European resident private data. The effective date of this regulation begins on May 25, 2018. Listen to Third Party Thursday to learn what you need to know about GDPR and third-party risk in order to be prepared and stay in compliance.

 

Podcast Transcript

steve greenfield chief risk officerHello everyone, and thank you for joining me today for our Third Party Thursday podcast. I’m Steve Greenfield, Director of Third Party Risk here at Venminder.

This week, we’ll discuss a pending regulation from across the Pond.  It’s the European Union’s GDPR. GDPR stands for General Data Protection Regulation. 

As the name suggests, while this is a European regulation, it has a global impact on any company which is collecting, storing  or accessing European resident private data.  A common misconception is that the regulation only applies for firms who are doing business in Europe, however the export of this data off European soil also falls under the jurisdiction of the law. Cloud storage vendors for that matter, would therefore be required to be compliant with the regulation and would be classified as a data processor.

The regulation itself was passed by the European Union Parliament in April of 2016. After a 2-year implementation period, the effective date goes live on May 25, 2018, so time is running out. If your compliance team is behind the eight ball on this requirement, then I encourage you to make this a top priority in reviewing if you are responsible for compliance to GDPR.   

The regulation is timely given the increasing amount of known data breaches that continue to come to light. From a third party risk perspective, GDPR could be considered a regulation which puts third-party risk management (TPRM) in the spotlight since there is a strong focus on third party vendors who have access to personal data. With known data breaches being linked to a third party vendor over 63% of the time, GDPR will essentially address the importance of not only citizens’ rights to data privacy but will also require that data breach notification time frames are adhered to.   

As with any regulation, noncompliance may result in fines. Monetary fines are set in place of up to four percent of a firm’s global revenue, or 20 million euros. Based on today’s exchange rates, this equates to about $24 million. This reminds me of the important fact of monitoring your vendor's financial health. The question to ask yourself is could they in fact survive such a fine and if they couldn’t do you have a backup plan in place? It’s a key aspect of vendor management.  

The regulation is broken down over 11 chapters and contains in total 99 articles. Each article really expands on the law itself and gives guidance to what you need to be looking for.  Areas include the basic principle of data privacy as a right of the individual, but also regulates the movement of private data. To empower citizens, there are specific rights provided which include the right to be forgotten, that is it say, that the data collected on the data subject can be removed from all storage systems at the data subject's request. It’s noted that there is a provision, however that the right to be forgotten does not apply if the data is being used for a criminal investigation or one that poses a threat to public safety. In the context of data privacy, the scope of the information which is collected and stored is not limited to the typical NPPI data that financial institutions are used to collecting such as social security records.  

Moving forward, IP addresses, biometric data, geographic location or other social factors which could be used to identify the individual all fall under the scope of the GDPR from the sense that this increasing amount of data collection can be used to identify the individual. 

We can’t cover everything in this podcast but I hope this gives you some initial information which you can use to begin thinking on how best you’ll tackle this important new regulation. For more resources, I encourage you to visit our company page at www.venminder.com 

Thanks again for tuning into our podcast. If you haven’t already done so, please subscribe to our Third Party Thursday series. Until next time, trust but verify.

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo