Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.



Identifying and Documenting Third-Party Risk Management Issues

CPE Credit Eligible

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg

Track TPRM issues throughout the vendor lifecycle.

No matter the vendor, there may be issues that arise at any point in the vendor relationship. In this podcast, learn examples of third-party risk management issues you may encounter and what to do next.

You may also be interested in:


Podcast Transcript

Hi - this is Jill Sherman with Venminder. 

Third-party risk management issues can occur at any stage of the lifecycle, from the initial vendor due diligence to the termination of the contract. No matter how much planning you do, it’s likely that you’ll have to face a few unexpected scenarios that can increase risk for your organization.  

In this podcast, you'll learn a few examples of third-party risk management issues and why you need to document and manage them.   

Here at Venminder, we have a team of third-party risk management professionals who can help establish an effective issue management process. That includes identification, documentation, and overall management.  

Issue management is an essential practice that identifies, remediates, and tracks issues in your third-party risk management program. Without proper documentation, these issues might go unresolved, which causes you to overlook risks that can harm your organization.  

Some issues might originate on the vendor side, such as a decline in contractual performance or a vendor disruption that was not communicated well to you as the customer. But other issues can be found internally to your organization.  

For example, maybe there are inefficient processes that are costing extra time and money. Let’s review a few examples of issues and why they need to be documented. 

  • The first example we’ll look at is an issue found within the due diligence process. Imagine that you’re reviewing a vendor’s business continuity and disaster recovery plan during your ongoing due diligence and you discover that the testing results are outdated.  

    You let the vendor know that they need to provide new and current testing results before the next due diligence period. As the next review period comes around, you realize that the testing results remain outdated. This would be an issue that needs to be formally documented so that you have a record of the vendor’s non-compliance. Documentation could then be used to help make decisions about contract termination.  
  • In this next example, the due diligence issue is caused by your organization, not the vendor. Due diligence should always be reviewed by a qualified subject matter expert who specializes in a specific risk domain. That could be financials, information security, business continuity, and more.  

    The subject matter expert is responsible for providing a qualified opinion on whether the vendor’s controls are sufficient. But in this case, your organization doesn’t have the appropriate subject matter expert who can review the vendor’s due diligence.  

    Documenting this issue may help provide evidence that your third-party risk management program needs additional resources to run more effectively or that you should outsource this activity. 
  • The last example is an issue with the vendor’s performance. It’s important to continuously monitor your vendor’s performance to make sure that it’s meeting contractual obligations.
    Maybe your vendor provides a service for your customers, and you’ve implemented a service level agreement about the system’s uptime. Your contract states that the system must be available between 99 - 100% every month. The issue develops when the uptime falls to 97% three months in a row.  

    An issue like this would put your reputation at risk and might impact your customers’ operations, so it’s critical to document this decline in performance. That will help you determine whether this warrants an end to the vendor relationship or escalation to their management for discussing the contract breach and efforts to avoid it in the future.  

Now you have a better idea of the issues that can occur in third-party risk management and why it’s important to document them. There’s no such thing as a perfect vendor relationship where everything goes according to plan, so it’s essential to identify and document issues that can expose your organization to additional risk. 

Even if the issues are more prevalent in your vendor’s processes, your organization is still responsible for documenting and resolving these problems to create a safer third-party risk relationship. 

Thanks for tuning in; Catch you next time! 


Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.


New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo