Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.



6 Third-Party Due Diligence Best Practices

CPE Credit Eligible

Due diligence best practices. 

Due diligence is a science and an art. Ensure your organization is doing due diligence correctly, follow these best practices and you'll be in a good spot.

You may also be interested in:


Video Transcript

Welcome to today’s Third Party Thursday! My name is Stephanie DellaCamera and I’m the Pre-Sales Technical Pricing Consultant here at Venminder. Today, we’re talking about vendor due diligence best practices.

Due diligence is a science and an art – by that, I mean there are times when not everything will be available, and you have to get creative. But let’s think about the basic facets of due diligence:

  1. Due diligence should be risk based and reasonable. For example, if one of your service providers is the guy who mows the lawn, you obviously aren’t going to ask him for his SSAE 18 report – well, you could but he would mostly not understand what you are asking for.

  2. The request list and the nature of the items should match the service provided. One element of due diligence may lead you to ask for others. For example, if you’re looking at a call center’s compliance policies and they refer to training materials, you’re likely going to need to request those as well.

  3. Your due diligence should be done, at least as much as possible, pre-contract. That means well before the contract is signed, but not in a frantic effort to get things done to hit a specific contract date. There will be times that you cannot complete due diligence prior to the contract – some items you may even have to contractually oblige them to provide, but make sure you document it and commit them to supply as soon as reasonably possible. A few examples are things like evidence of audits, financials and customer records. It’s understandable that they want to hold on to these, but at the same time, if you need them, make sure the contract provides you the means to obtain.

  4. Due diligence must be timely. This is a common pitfall that we turned into a best practice. One of the things that is easily received outdated is the financial reports. If you simply choose to request due diligence on a particular month of each year, you could be looking at financials that are a year old. We changed this to initiate the due diligence lifecycle 90 days after their fiscal year end, to ensure we always have the most updated information. From a workload standpoint, there may be times where you need to follow that designated calendar request – especially if there are hundreds or even thousands of third parties to review, but we try to get financials as the most timely item. And it’s paid off several times. 

  5. Due diligence must be thorough. It’s easy to cut corners, but that can lead to ugly surprises, particularly if you follow a checklist mentality and just obtain the document without sufficiently reviewing them.

  6. Due diligence must be ongoing. This doesn’t mean everything has to be constantly updated, but it should be tracked so major documents and major milestones are not missed. The lifecycle approach to due diligence can be a grind, as this diagram shows, but it can also be a well oiled machine.

Again, I’m Stephanie and thank you for tuning in! Don’t forget to subscribe to the Third Party Thursday series.


Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.


New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo