Make informed decisions and reduce exposure to vendor risks
This assessment is part of Vendiligence™ , an outsourced service that lets you augment your team by having Venminder information security experts perform on-demand control assessments so you can confidently weigh threats introduced by vendors and respond to the resulting risks.
Augment Your Team to Streamline Information Security & Privacy Reviews
Expert Risk Ratings
Easy to Understand
Our experienced information security professionals are assigned to gather all evidence and review your vendor’s controls to provide you with an in-depth risk-based assessment. Your team can now skip the tedious task of going through piles of paperwork and instead review the finished assessment to assess the risks posed by your use of the vendor.Request a Demo
Mapped to Regulatory and Industry Requirements
Our team of information security professionals thoroughly examines the evidence to assess whether the vendor has implemented critical controls found within regulatory requirements, standards, frameworks, and laws, such as those from NIST, ISO, and Center for Internet Security, as well as industry specific such as the FFIEC Examination Handbooks, Interagency Guidance on Information Security and Third-Party Risk Management, and HIPAA.
The assessment is also mapped to US state and international privacy laws such as CPRA and EU GDPR. Now, your organization’s decision-makers can make informed choices about risks posed by vendors and take action to mitigate or address them with confidence.
Our assessment provides you with a standardized and consistent approach to compare and review your organization’s vendor’s information security and privacy controls. By using standardized assessments, your organization can be confident that each assessment adheres to the highest quality control standards.Request a Demo
How it works
Collection of evidence and documents
Venminder’s team directly works with your vendor to collect the numerous technical documents needed for a qualified and comprehensive assessment.
Review by information security professionals
Venminder’s experienced information security professionals thoroughly examine the evidence to assess whether your vendor has implemented critical controls.
Streamlined assessment delivery
You receive an easy-to-understand risk assessment on your vendor’s information security and privacy controls that is viewable in-app, or available for download.
Better risk-based decisions
You and your organization’s decision-makers can now make an informed choice about risks posed by the vendor and take action to mitigate or address them with confidence.
Technology Standards and Frameworks
AICPA Trust Services Criteria
NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations
NIST SP 800-63b Digital Identity Guidelines
Regulations, Statutes, and Laws
California Consumer Privacy Act
California Privacy Rights Act
Canadian Personal Information Protection and Electronic Documents Act
China Personal Information Protection Law
Colorado Privacy Act
Connecticut Data Privacy Act
EU General Data Protection Regulation
Health Insurance Portability and Accountability Act
Interagency Guidelines Establishing Information Security Standards
Interagency Guidance on Third-Party Relationships
New York Department of Financial Services - 23 NYCRR 500
Center for Internet Security – Critical Security Controls v8
FFIEC IT Examination Handbook – Audit Booklet
FFIEC IT Examination Handbook – Business Continuity Booklet
FFIEC IT Examination Handbook – Management Booklet
FFIEC IT Examination Handbook – Operations Booklet
FFIEC IT Examination Handbook – Outsourcing Technology Services
FFIEC IT Examination Handbook - Wholesale Payment Systems Booklet
FINRA Report on Cybersecurity Practices
OCC 2021-36 Authentication and Access to Financial Institution Services and Systems
SEC Regulation SCI reference to NIST 800-53 Rev. 4
Information Security and Privacy Assessment
Get a sample copy of this risk assessment to see how Venminder can help you identify areas of possible weakness in your third party's information security practices.