Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.



7 Steps of Risk-Based Vendor Due Diligence

CPE Credit Eligible

Learn how to do risk-based vendor due diligence.

Not all vendors have the same level of risk. Risk-based vendor due diligence can save your organization time and resources in your vendor risk management program. But, do you know the steps to take and when? This informative video explains the 7 steps. 

You may also be interested in:


Video Transcript

Have you ever considered how risk-based vendor due diligence can save your organization time and resources in your vendor risk management program? Let’s walk through how to do it in seven steps.

Step one. Not all vendors have the same level of risk, so you must first determine each vendor’s inherent risk and criticality. Each vendor should have its own inherent risk rating from low, moderate, to high, and be deemed critical or non-critical. That risk rating will help you to determine the amount and frequency of due diligence you need to perform with each vendor. 

Step two. To begin, you’ll validate the vendor's legitimacy and good standing and request baseline information. 

Step three. To help accomplish these tasks, do things like research any negative news that might be linked to the vendor and gather standard company information from every vendor, regardless of risk level or type, such as address, articles of incorporation, and tax ID. 

Step four. Additionally, have the vendor complete a risk questionnaire, asking specific questions about the vendor's risk management practices and controls and obtaining detailed information for consideration during due diligence.

Step five. Request additional information as needed. Let’s start with your low-risk vendors. You really only need to do the basics. For example, confirm their reputation and good standing using reports from agencies, such as the Better Business Bureau.

Your moderate vendors need a bit more work. You’ll need to review items like financials, compliance, or cybersecurity. And of course, be sure to get all the basic information, too, just like you did with your low-risk vendors!

Now, it kicks up a notch with high-risk vendors. You should be doing a pretty robust review, looking at the same things you looked at with your low- and moderate-risk vendors. But now you’ll also need to look at items like business continuity and disaster recovery planning and testing, do a full cybersecurity evaluation, and more!

And then you have your critical vendors. A vendor is critical if their failure or closure would have a significant impact on your organization. Critical vendors should have the most rigorous due diligence because they are so important to your organization.

Step six. Don’t forget to have a qualified subject matter expert review the due diligence information provided.  

Finally, step seven. And always repeat the process! You need a formal due diligence review at the highest-risk level and on all critical vendors at least annually. Moderate-risk vendors need to be re-assessed every 18-24 months, depending on the vendor's product or service. Low-risk vendors every two to three years, also depending on the product or service, or before contract renewals.

Knowing how to define and manage the risk levels helps you direct your energy and effort where it’s needed the most. 


Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.


New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo