Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.



10 Steps to Creating Your Vendor List for your Third-Party Risk Program

CPE Credit Eligible

Learn how to create your vendor list in this short video.

We're going to talk through the 10 main steps you need to take in creating your vendor list for your third-party risk management program. 

You may also be interested in:

Video Transcript

Welcome to this week’s Third Party Thursday! My name is Kelly Vick and I am the President here at Venminder.

Today we’re going to talk through the 10 main steps you need to take in creating your vendor list for your third party risk management program. So let’s get started.

  1. The first thing you need to do is establish a threshold for vendors to be reviewed. This can easily be done by setting a targeted spend amount. Something like all payments made to a service provider over $50,000 on a quarterly basis, or a monthly basis. Just some amount and timing that is appropriate for your organization.
  2. Second, ask your Accounts Payable department for a report detailing all expenditures over your chosen threshold amountBe sure they include the name of the service provider, the frequency and the amount of spend in that report. 
  3. Third, after you have received this list from Accounts Payable, you will need to review it, of course. This is also a good time to involve the lines of business in this review to be certain you haven’t missed any vendors and to remind them they need to bring new service providers to your attention – it’s easy for the business managers to forget that!
  4. On to number Four . . . Now you will need to determine which items should be removed. Certain expenses that are not forward-looking, recurring expenses might need to be excluded. For example – maybe there is a discontinued service provider or an expense that is so incidental the vendor does not need to be included. There could be any number of valid reasons for excluding vendors in this process. The most important thing is to thoroughly evaluate the entire list. 
  5. Five and somewhat an extension of four . . .See if the list includes certain exclusions mandated by your board or audit committeeAn example could be a consultant that was hired to do a board level recommendation. 
  6. Six . . . Now it’s time for your senior management team to conduct a detailed review of the list to determine which service providers will continue to be usedAs importantly, they need to identify any vendors that may be on the horizon and, therefore, not on the list today, And, any on the list today that they may be planning to terminate. 
  7. Seven . . . By now, you’ve likely pared down the original Accounts Payable list by about two thirds or more. What you have left is a list of vendors who need to be actively managed from a risk standpoint
  8. Eight . . . Congratulations, your list is now finalized. You should present it to your senior management or risk committee for approval and then ensure these service providers/vendors are included in the ongoing work by your third party risk management team. 

    But wait . . .you aren’t done yet!

  9. Nine. . . Compare your list to the scope in your third party risk management policy statement to make sure that both your list and the scope are still accurate. You may need to adjust the scope and, if so, you will want to get it approved by the board.
  10.  And Finally . . .we reach Number 10. We recommend that you repeat this entire process at least twice a year. 

And that was the 10 main steps you need to take to create your vendor list for your third party risk management program. 

Again, I’m Kelly and I thank you for watching! If you haven’t already, we welcome you to subscribe to our Third Party Thursday series.


Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.


New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo