Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

video

Vendor Business Continuity and Disaster Recovery

CPE Credit Eligible

Can your vendor survive a disaster?

Ensuring your critical vendor can survive a disaster helps ensure your financial institution can also survive. Learn what business continuity and disaster recovery are and what you should look for when reviewing them. 

You may also be interested in:


Video Transcript

Welcome to this week’s Third Party Thursday! Hello, my name is Josh Steil, I’m one of the Information Security Specialists here at Venminder. 

Today we’re going to discuss what Business Continuity and Disaster Recovery Plans are, and what we look for when reviewing them.

Let’s define what Business Continuity and Disaster Recovery are.

Business Continuity allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined, and accepted, level of availability.

Disaster Recovery allows a business to plan what needs to be done immediately after a disaster to begin recovery.

Business Continuity Plans include planning for loss of personnel, facilities or services;  planning with public entities such as emergency services, local or state disaster relief agencies; and communications with identified key vendors, clients, employees and the media.

Disaster Recovery includes things such as gathering of key personnel at a predetermined control center, retrieving items or information that have been stored offsite specifically for disasters, failing over to a cold, warm or hot site for data operations, assessment of damages, and if possible, salvage operations.

Disaster Recovery is not limited to just Information Technology disasters either, Disaster Recovery Plans should be created for all disaster scenarios.

A Business Continuity Program begins with the involvement and support of business leaders, such as senior level and or board level personnel. Without the involvement and commitment from this level of your vendor’s organization, funding is not available, policies cannot be approved and continuing evolution of plans falls to the wayside.

The next component of building a Business Continuity Plan involves assessing risks through a risk analysis and deciding to mitigate, transfer or accept the risk.

One commonly overlooked aspect of risk is the Reputational Impact that can occur to a business from the failure to respond in the event of a disaster or the failure to continue operations. Reputation is difficult to cultivate, easy to lose and very hard, if not impossible, to re-gain once lost.

The results of a Risk Assessment are used to create the Business Impact Analysis. Using standardized criteria to measure and assess the financial, operational, customer related, regulatory or reputational impacts Recovery Time Objectives and Recovery Point Objectives can be established for business processes.

  • A Recovery Time Objective is the timeframe from the moment of disruption to the return to an accepted level of service.
  • A Recovery Point Objective, sometimes referred to as Maximum Data Loss, is the point in time to which information has be restored to enable the business function to operate once resumed.

The Business Impact Analysis is then used to identify the gaps between what the business requires and what the actual resources and capabilities are.

Once a Business Continuity Plan and Disaster Recovery Plans are created they need to be exercised on a regular basis. These exercises ensure that everyone involved in the plan has knowledge and experience in the activities they will be required to perform. The results of these exercises allow a business to adjust and improve their plans.

Business Continuity, Disaster Recovery Plans and the Business Impact Analysis need to be reviewed and updated regularly or when significant change occurs within an organization. New risks and answers to those risks emerge and evolve constantly.

Regular reviews, along with plan exercises assure that the vendor is prepared and able to respond to whatever situations arise and allow the corresponding plans to be improved to minimize the impact of the event.

Ensuring that your critical vendor’s can survive in the face of disaster helps ensure that your business can also survive.

Thank you for viewing. I’m Josh. Don’t forget to subscribe to our Third Party Thursday series.

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo