Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

video

Third-Party Due Diligence

CPE Credit Eligible
HubSpot Video

What third-party due diligence entails.

In this video, you'll learn four key things you need to know regarding third-party due diligence and what your due diligence checklist should contain.

 

Video Transcript

Welcome to this week’s Third Party Thursday! My name is Kay Perry and I’m the Senior Operations Manager here at Venminder. Today we’re going to talk about Third-Party Due Diligence – what you need to know and what your due diligence checklist should contain.

Due diligence is a science and an art – by that, I mean there are times when not everything will be available and you have to get creative. But let’s think about the basic aspects of due diligence:

1. Risk-based & Reasonable: For example, if one of your service providers is the guy who mows the lawn, you obviously aren’t going to ask him for his SSAE 18 report. Well, you could but the response likely would not be appropriate for repeating.

2. Request list & the nature of the items should match the service provided: one element of due diligence may lead you to ask for another.

For example, if you’re looking for a call center’s compliance policies and they refer to training materials, you’re likely going to need those as well.

3. The due diligence should be done pre-contract: at least as much as possible. That means well before the contract, not in a frantic effort to get things done to hit a supposed contract date.

There will be times that you cannot complete due diligence prior to the contract. Some items you may even have to contractually oblige them to provide, but make sure you document it and commit them to provide as soon as reasonably possible.

A few examples are things like evidence of audits, financials, and customer records – it’s understandable that they want to hold onto them but at the same time, if you need them, make sure the contract provides you the avenue to obtain them.

4. Must be timely, thorough and ongoing: 

    • Due diligence must be timely: This is a common pitfall that we turned into a best practice. One of the things that is easy to get stale dated is the financial reports – if you simply lock due diligence on a particular month on the calendar, you could be looking at financials that are a year old.

      So in my experience, we changed and set it up so that we initiated the due diligence cycle 90 days after their fiscal year end. That way we would always have the most updated information.
      There may be times that it’s hard from a workload standpoint – especially if there are hundreds or even thousands of third parties to review - but we tried to get financials as the most timely item…. And it paid off several times.

    • Due diligence must be thorough: It’s easy to cut corners but that can lead to ugly surprises, particularly if you follow a checklist mentality and just obtain the documents without adequately reviewing them.

    • Due diligence must be ongoing: This became an actual requirement in 2013 when the OCC issued its updated guidance, but it has always been a sound business practice. This doesn’t mean everything has to constantly be updated, but it should be tracked so major documents and major milestones are not missed.

If you need more information, we certainly can offer a vendor vetting package that includes some of the essential elements that you should consider with every third party, from articles of incorporation, to a reputation risk check, to a secretary of state check, and several other fundamental items.

So to recap…

  • Your due diligence should be risk based and reasonable
  • The request list and the nature of the items should match the service provided
  • Due diligence should be done pre-contract
  • And should be timely, thorough, and ongoing

Again, I’m Kay and thank you for watching! If you haven’t already, subscribe to the Third Party Thursday series.

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo