Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

podcast

The Value of On-Site Vendor Visits

CPE Credit Eligible

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg

On-site vendor visits are incredibly valuable.

Even in today's increasingly remote working environment, you need to perform on-site vendor visits. In this podcast, we'll highlight 6 reasons on-site vendor visits are a valuable part of your due diligence practice.

You may also be interested in:

Checklist and Infographic: Vendor Site Visits

Infographic: Understanding a Vendor Risk Appetite Statement

 

Podcast Transcript

Hi - this is Jill with Venminder. 

In this podcast, you'll learn six reasons why on-site vendor visits are still incredibly valuable, even in today's increasingly remote working environment. 
Jill-Sherman-headshot-circle-2022

Here at Venminder, our certified industry professionals provide expert advice on what to include in your vendor due diligence process, depending on the vendors relationship and risk. When necessary, this can include an on-site visit. 

As you collect due diligence information to assess your vendor's risk, you may consider performing an on-site visit. Just as you can tell a lot about a person by visiting their home, on-site visits to your vendor's offices and facilities can provide valuable insight about the vendor that you just can't get from viewing due diligence documents. 

Six reasons why on-site vendor visits can be a valuable part of your due diligence practice: 

  • The first advantage of an on-site vendor visit is that you can observe and verify specific security controls. While on site, you can verify that your vendor's physical security controls match their written security policies and procedures. You can also evaluate the identification and access controls to protect their data centers or other privileged work areas. A walkthrough of the premises can help you validate that cameras are installed to monitor the sensitive areas of the facilities. If necessary, you can request to see live feeds or footage to ensure the cameras are working correctly. Spending time on site also allows you to see if any data, documents, or other devices are left exposed or unattended. Any gaps in physical or information security can be addressed to your vendor immediately.
  • Second, you may be able to gather additional information from your vendor that has otherwise been difficult to obtain. Some vendors may be uncomfortable sharing too much information by answering a questionnaire, sending documents, or during virtual meetings. Most vendors will allow you to review sensitive information in person while on the premises. If not, that could be a red flag and something to consider in your risk assessments and due diligence reviews.
  • Third, an on-site visit allows you to build a relationship with the vendor. During an on-site visit, vendors commonly introduce you to their staff and management, allowing you to form connections you might not have otherwise been able. Throughout these interactions, you can convey that your organization takes vendor risk management seriously. Those conversations can also help you learn more about the vendor's business and hear their ideas for improving products or services. There is no substitute for meeting people in person and giving them your time and attention.
  • Fourth, observing the general working conditions, facilities, and employees can help you discover important information about the vendor's company culture. Even though many organizations are moving to remote or to hybrid work solutions, it’s easy to gather clues about what a company values from their physical locations. Suppose workspaces and common areas are untidy and disorganized, or basic safety precautions aren't being followed. What if employees don't appear to be doing much, seem extremely stressed out, or are just not very happy to be there? These could all be indicators of underlying organizational, financial, or management problems that could affect the vendor's delivery of products and services to your organization.
  • Fifth, you can address complex or sensitive concerns in person. Conference calls and virtual meetings have challenges like technical difficulties, outside interruptions, and distracted participants. Poor performance, long-overdue issue mitigation, or troubleshooting personnel problems can be addressed more effectively when you have a captive audience with undivided attention.  
  • Finally, a remote or virtual visit simply can't replace an on-site visit. We all know the pandemic forever changed the business environment. During the height of outbreaks and infection, it was necessary to substitute virtual meetings for on-site vendor visits because something was better than nothing at the time. But, while many organizations may have successfully transitioned to remote or hybrid work for their employees, the same can’t be said for remote vendor visits. The fact is there is no good substitute for an on-site visit, especially when it’s for one of your critical vendors.

While on-site vendor visits are extremely valuable, they do require your time and resources. Make sure you plan for the visit and have a prioritized list of controls to verify and objectives to meet and remember that sometimes you may need a subject matter expert on hand to review and assess specific controls. If time and resources limit the number of on-site visits you can make, focus on your critical vendors, as they should always be your priority.

Overall, on-site visits are an important due diligence tool to help you verify security controls, address sensitive issues, and build relationships with your vendors.

Thank you for tuning in; catch you next time!

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo