Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Resource Library

Browse and search through our free resources created by our in-house experts based on industry guidance and best practices to help you build and improve your third-party risk management program.

eBooks

Third-Party Risk Management Guidance and Regulations

Regulatory guidance and best practices can change, so it's worth reviewing new information as it becomes available. This eBook contains tips to comply with third-party risk management guidelines across different industries and around the globe.

Interagency Guidance, OCC, FDIC, FTC, The fed, FFIEC, CFPB, Securities and Exchange Commission, SEC, NCUA, HHS, tprm regulations, tprm guidance

Whitepapers

State of Third-Party Risk Management 2025 Survey

We want to know how you've managed third-party risk this year! Responses will be aggregated into our complimentary State of Third-Party Risk Management 2024 whitepaper and shared back with you in early 2025. Take just five minutes out our day to fill out the survey.

vendor management, vendor risk management, third-party risk management survey, manage third-party risk, manage vendor risk, vendor management survey, survey

Infographics

The Differences Between a High-Risk and Critical Vendor

Learn more about the specific differences between high-risk and critical vendors with this helpful infographic.

high risk vendor, critical vendor, differences between high risk critical vendors

Infographics

OCC Third-Party Risk Management Regulations and Priorities

Third-party risk management is becoming a larger focus area, not only for the OCC, but also for other regulators across the financial industry. Reading and understanding these regulations can help strengthen your compliance program and ensure it's headed in the right direction.

OCC exam priorities, examination priorities, regulatory exam, vendor exam, occ regulations, occ priorities

Infographics

What Vendor Documents Are Needed to Assess Cybersecurity

As you review the cybersecurity information provided, you'll notice that vendors often have a wide assortment of cybersecurity documents available. To help, this infographic breaks down the types of evidence to collect from vendors.

vendor cybersecurity, cybersecurity documents, document collection, vendor cybersecurity documents

Podcasts

6 Best Practices for Managing Third-Party Cybersecurity Risk

Take steps to protect your organization from vendor cybersecurity risk. Listen to this podcast for 6 steps to manage third-party cybersecurity risk.

Infographics

Applying Complementary User Entity Controls (CUECs) to Mitigate Vendor Risks

Your organization is solely responsible for implementing CUECs, and failing to do so means your organization isn’t protected from known vendor risks. By identifying, reviewing, and mapping vendor CUECs, your organization can ensure the right controls are implemented.

vendor cuecs, soc report cuecs, complementary user entity controls, mapping cuecs, vendor soc controls,

Infographics

4 Steps to Take When Your Vendor Has Poor Cybersecurity Practices

As cybersecurity risk continues to evolve it's getting more challenging to identify and manage. Learn next steps to address a vendor's poor cybersecurity practices in this infographic.

poor cybersecurity practices, cybersecurity red flags, vendor cybersecurity risk, cybersecurity practices

eBooks

How-to Guide: Determining Third Parties or Vendors That Are In Scope and Out of Scope

Ensure you're getting the most out of your third-party risk management resources. Download this eBook to get a better understanding of which of your third parties or vendors are determined in scope or out of scope.

vendor management, exclusion, inclusion, in scope third parties, out of scope third parties

eBooks

How Outsourcing Benefits Both New and Maturing Third-Party Risk Management Programs

Lean third-party risk management teams and large vendor inventories only add to the complexity and work effort, especially if the program's TPRM process involves manual processes, etc. In this eBook learn how TPRM platforms support your program, regardless of maturity.

outsourcing tprm, outsourced vendor management, when to outsource, outsourcing vendor management processes, outsourcing tprm task, mature program, new program

Whitepapers

State of Third-Party Risk Management 2024

Venminder’s State of Third-Party Risk Management 2024 whitepaper provides third-party risk management insight and industry statistics to help you make informed programs decisions. Learn how others are managing third-party risk.

vendor management, vendor risk management, data, analyze, results, analysis

Infographics

What Vendor Documents Are Needed to Assess Business Continuity and Disaster Recovery

This infographic breaks down the elements you should look for in vendor business continuity and disaster recovery plans.

bdcr, bcdr plans, bcp, drp, business continuity management, business impact analysis

Podcasts

The 3 Vendor Risk Management Frameworks

There are three vendor risk management frameworks to consider: centralized, decentralized and a hybrid approach. We'll teach you the differences and guide you toward the best framework for you.

eBooks

A Guide to Ongoing Monitoring in Third-Party Risk Management

Ongoing monitoring isn't a one-time process, but rather a series of activities based on the third party's risk. Learn tips and best practices for ongoing monitoring in this eBook.

third-party ongoing monitoring, ongoing monitoring, monitoring third-party risk, risk monitoring, continuous monitoring

eBooks

How to Plan Your Third-Party Risk Management Budget Using Roadmaps

Mapping out your annual budget for third-party risk management can be challenging. Developing a budget roadmap is one way to tackle these challenges head on. Download the eBook to learn more.

third-party risk budget, budgeting, budget roadmaps, vendor management budget, tprm budget, budget allocation

Infographics

Benefits and Best Practices of Mid-Term Vendor Contract Reviews

Lack of preparation in advance of the contract end date leaves little time for negotiation or modification. Mid-term contract reviews are effective to ensure your vendors continue to deliver products and services as expected.

vendor contract management, contract assessment, mid-term agreement, vendor agreement

Infographics

9 Techniques for Vendor Contract Compliance

Incorporate sound contract compliance techniques to lessen exposure to vendor risk and improve contract management practices. Use these techniques to help you with the process.

contract negotiation, contracts, vendor contract compliance, vendor contracting, contract management

Podcasts

Common Third-Party Risk Management Findings in Exams and Next Steps

If your organization is in a regulated industry, you should anticipate regular examinations. It's good to review your regulators website to become familiar with their exam process, classification of issues, etc. In this podcast, learn common exam findings and next steps.

vendor management exams, vendor management exam findings, tprm exam findings, tprm exam, third-party risk management exams

eBooks

How to Identify, Assess, and Mitigate Vendor Artificial Intelligence Risks

As organizations continue to rely on outsourced products and services, the rapid deployment and wide variety of AI use brings about many news risks that require careful consideration. This eBook explores the risks associated with third-party AI.

third-party ai, ai risks, third-party ai risk, vendor ai risk, artificial intelligence risks

Infographics

Understanding the Differences Between a Vendor SOC 1, 2, 3

Download the infographic to learn the definitions of each type of SOC report and how they can benefit your organization.

information security, soc report, vendor soc, vendor soc 1, vendor soc 2, vendor soc 3

eBooks

Using KPIs to Maintain Strong SLAs in Vendor Relationships

Vendor performance must be closely monitored and tracked to ensure it remains at the expected level outlined in the service level agreement. Learn how to use key performance indicators to maintain SLAs in this eBook.

strong vendor relationships, kpis, key performance indicator usage, strong SLAs, maintaining slas

Infographics

Common Vendor Data Breaches and Tips to Prevent

Vendor data breaches can range in severity, from minor incidents to significant events that create operational failures and require public disclosure. Protect your organization by learning about the different categories and types of vendor data breaches.

vendor breach, data breach, types of data breaches, tips to prevent breaches, breach, third-party breach

eBooks

Reducing Your Organization's Financial Liability Through a Vendor's Insurance Coverage

A vendor's insurance can reduce the financial risk posed to your organization. This eBook explains how your organization can better align its use of vendor insurance coverage as a risk mitigation technique.

vendor insurance, insurance coverage, financial liability, reduce financial liability, third-party insurance, certificate of insurance

Podcasts

How Vendor Risk Management Software Streamlines Your Program

Anyone who's involved in vendor risk management knows the intricacies of the various tasks. In this podcast, learn tips and commons ways you can utilize VRM software to streamline your processes

vrm software, tprm software, streamlines processes, streamline vendor management tasks, streamline tprm tasks

Infographics

Contracts and Service Level Agreements (SLAs): The Answer to Poor Vendor Financial Health

There are many consequences that can arise from a vendor’s poor financial performance. In this infographic learn strategies and tips to help your organization use relevant contract language and SLAs to address a vendor’s poor financial health.

poor vendor performance, vendor financial performance, SLA, vendor contracts, service level agreements, track vendor financial health

Interviews

Panel Interview: Effects of Fintechs on Credit Unions

As relationships between fintech organizations and credit unions have revolutionized the industry, third-party risk management has become more crucial for both parties to have. Learn how third-party risk management has evolved for credit unions and fintech in this panel interview.

fintech, credit union, panel interview, industry expert interview, financial technology

eBooks

Using Vendor Risk Management Processes to Comply With NERC CIP-013-1

The North American Electric Reliability Coporation's (NERC) standard, CIP-013-1 Cyber Security - Supply Chain Risk Management requires effective vendor risk management in the energy industry. Learn how to comply in this eBook.

nerc regulation, north american reliability corporation vendor management, vendor risk management regulation, energy organization, energy company, energy risk management

eBooks

Mini Vendor Risk Management Handbook

Vendor risk management is a complex practices that requires a thorough understanding of your organization's objectives, regulatory requirements, and vendors' business practices. Follow the tips and best practices in this mini handbook to help you maintain an effective vendor risk management program.

vendor management, third party risk management, vendor management handbook, risk management handbook

eBooks

How to Determine Who Your High-Value vs Low-Value Vendors Are

With the number of vendors in an organization, it may not always be obvious where a vendor sits on the high-low value spectrum. This eBook will help you determine who your low and high-value vendors are, and how to get the best value from your vendors.

vendor quality, vendor risk, operational risk, reputation damage, due diligence, performance management, vendor owner, vendor manager

Videos

How to Manage Third-Party Risk

While you can't eliminate all the risks posed by your vendors, you can reduce them by following the steps of the third-party risk management lifecycle. Watch this video to learn how to effectively manage third-party risk.

mitigate third-party risk, managing vendor risk, mitigate vendor risk, how to manage vendor risk, effective tprm, effective vendor management, third-party risks, vendor risks

Infographics

9 Steps to Complete the Vendor Risk Assessment Process

Managing vendor risks is crucial to the success of any business. It requires identifying all potential risk associated with products and services provided by a vendor. Learn the steps to complete the vendor risk assessment process in this infographic.

vendor risk, vendor profiling, questionnaires, risk assessment process, assessing vendors

Infographics

When and How Often to Perform Vendor Due Diligence

Vendor due diligence is one of the most vital activities within third-party risk management. But, it's not always clear when and how often vendor due diligence should be done. By following these recommended guidelines for the frequency of due diligence, you can ensure your time and efforts are well spent.

vendor due diligence process, perform due diligence, perform vendor due diligence, when to perform due diligence, how often perform due diligence

eBooks

Guidance on How to Master Third-Party Risk Management in 2024

The success of a TPRM program depends on a carefully integrated combination of rules, tools processes, and people. In this eBook, learn the existing roadmap, known as the third-party/vendor risk management lifecycle and more.

vendor risk management, risk management, third-party risk management lifecycle, vendor risk, mitigate risk

Toolkits

How to Report Third-Party Risk Management Activity to the Board

This complimentary toolkit includes reporting (annual and monthly) templates and provides you with guidance on how to format vendor board reports.

third-party risk reports, board reporting, report vendor risk management activity, report third-party risk management activity, reporting

Infographics

6 Steps of an Inherent Risk Assessment on Vendors

One of the first activities in the third-party risk management lifecycle is completing an inherent risk assessment. This process identifies the different types and levels of inherent risk, which occur naturally within the vendor’s product or service. Learn the steps to complete an inherent risk assessment in this infographic.

vendor inherent risk, risk assessment process, vendor risk assessments, how to complete risk assessments, due diligence

Podcasts

4 Important Vendor Risk Management FAQs for Beginners

In this podcast we’ll discuss 4 important vendor risk management frequently asked questions for beginners to help get you started. The questions like: what vendor risk management is, why it’s important, who is involved and how vendor risk is completed.

vendor risk management beginner, beginner tprm, tprm frequently asked questions, beginner vrm, vendor management question, third-party risk management questions

eBooks

31 Third-Party Risk Management Best Practices in 2024

It's critical to take into account recent best practices in order to be as prepared as possible for vendor management. This eBook has 31 best practices everyone should know.

vendor management best practices, best practices, third-party risk best practices, vendor risk best practices

eBooks

How to Develop a Third-Party Risk Culture

To manage risks effectively, an organization's risk culture plays a crucial role. A risk culture refers to an organization's mindset and approach toward managing risks. Learn how to develop a third-party risk culture in this eBook.

risk culture, develop a culture, tprm culture, vendor risk culture, vendor management culture, developing risk cultures

Toolkits

Onboarding a Vendor

The first stage in a third-party risk management program is onboarding any new vendor. There's a lot to consider in this stage, including risk assessments, due diligence, and more. This toolkit will help ensure your vendor relationships starts of on the right foot.

how to onboard vendor, vendor onboarding, onboarding vendors, steps onboarding vendor, stage of lifecycle, third-party risk management lifecycle onboarding

Samples

Free Financial Health Assessment

As part of vendor risk management, you need to know your third party's financial condition. Download a free analysis on your core vendor now.

financial health sample, sample, free assessment

Infographics

Vendor Cybersecurity and Privacy Compliance: Key Regulations and Tips to Know

Maintaining regulatory compliance with third-party vendors can be challenging, especially when it comes to cybersecurity guidance and state privacy laws. Learn key cybersecurity regulations and tips to strengthen compliance in this infographic.

vendor cybersecurity, cybersecurity preparation, preparing for cybersecurity regulations, state privacy laws

Infographics

New York Regulators Take Aim at Third-Party Cybersecurity Expectations

Cybersecurity threats will always exist, but maintaining regulatory compliance can help your organization prevent and respond to events more effectively. Learn who must comply with 23 NYCRR 500, highlights of the regulation, and more.

regulatory compliance, guidance

Podcasts

How to Build a Fourth-Party Vendor Inventory

Building a fourth-party vendor inventory can be challenging, but it's crucial to protect your organization from an extensive risk landscape. This podcast explains how to build a fourth-party vendor inventory and tips to keep in mind.

vendor inventory, inventor building, fourth-party risk, fourth parties, build inventory, tips building vendor inventory

eBooks

How to Use Financial Benchmarks in Vendor Reviews

Reviewing a vendor’s financials is an essential step of every successful third-party risk management program. Comparing this data to financial benchmarks is an effective strategy that can bring greater clarity to your vendor’s financial health. Learn more in the eBook.

vendor financial benchmarks, financial reviews, benchmarking, reviewing financial data, financial data, third-party financial review, third-party financial benchmarks

Infographics

Using Adverse Media Screening to Monitor Third-Party Risk

Keeping your eye on any negative news or adverse media on a third-party vendor is necessary for any organization that wants to safeguard its reputation. Learn examples of adverse media, tips to monitor adverse media, and more.

negative news, reputation risk, vendor reputation, adverse media screening, screening news, safeguard your reputation

Whitepapers

VRM: 2024 SEC Examination Priorities and Cybersecurity and Resiliency Observations Reports

Use this as your guide to understand vendor risk management takeaways from the SEC's recent examination priorities report.

vendor risk management, SEC examinations, SEC, regulations, guidance, regulator, guidelines, cybersecurity report, observations resiliency reports

Infographics

How To Maximize Your Third-Party Risk Management Resources

Understanding how to maximize your TPRM resources will take some effort, but it's a worthwhile goal to help your organization manage risk, regardless of limitations. This informative infographic covers how to maximize your resources.

maximize resources, tprm resources, manage resources, vendor management resources, tprm processes

Templates

Third-Party Risk Management Policy Templates

Writing and updating a third-party risk management policy is known to be time-consuming and without guidance or help, it can be challenging to know where to start. Download these templates with accompanying instructions and guide to get started.

free policy template, vendor management policy, third-party risk management policy, policy updates

Podcasts

Risk-Based Due Diligence in Third-Party Risk Management

Conducting risk-based due diligence on your vendors can help you streamline your vendor reviews. In this podcast, learn 3 ways risk-based due diligence can improve your efficiency.

risk-based due diligence, vendor risk due diligence, risk-based, due diligence, vendor due diligence, conduct due diligence, risk assessment, risk profiling

Templates

Artificial Intelligence Sample Vendor Questionnaire

Artificial intelligence (AI) is becoming more prevalent in many organizations - it's no longer a matter of if your vendor is using AI, it's a matter of how. And there's still uncertainties with its risks. Use this questionnaire to get started.

ai vendor risk, ai risk, ai template, ai questionnaire, free ai questionnaire, ai sample vendor questionnaire, artificial intelligence vendor risk

Interviews

Interview with Rachael Ormiston

In this thought leadership interview, Rachael Ormiston, Head of Privacy at Osano discusses how to implement vendor privacy scores in your third-party risk management practices.

privacy score, vendor privacy, privacy score benefits, privacy risk

Infographics

What to Do If a Vendor Has Weak Business Continuity and Disaster Recovery Plans

Reviewing a vendor's business continuity and disaster recovery plans is an essential step in your due diligence process. A weak finding as you assess plans should be concerning, as this can expose your organization to significant risks. Learn more in the infographic.

business continuity testing, bcp, business continuity planning, weak bc/dr plans, weak business continuity, vendor business continuity, vendor disaster recovery

eBooks

A Business Case for Third-Party Risk Management

Third-party risk management is a highly rewarding practice for an organization and its stakeholders, but it can be difficult to understand the value this practice can bring. This business case for third-party risk management explores why your organization should invest in this essential area.

business case tprm, tprm business case, vendor management business case, outsourcing risk, outsourcing third-party risk management activities, buy-in, invest third-party risk management

Infographics

Mitigating Vendor Risk Through Effective Contract Management Best Practices

Effective vendor contract management has many benefits that all organizations can experience, including potential cost savings and safer third-party vendor relationships. Learn effective contract management practices in the infographic.

vendor contract management, vendor contract risk, contract management risk, vendor contracts, contract risk, effective contract management, contract management practices

Infographics

Using Privacy Scores to Manage Vendor Risk

By monitoring vendor privacy scores as part of your vendor risk management program, you can mitigate potential risks associated with third parties more effectively. Download this infographic to learn what vendor privacy scores are and more.

privacy scoring, vendor privacy, vendor privacy scores, how to use privacy scores, manage vendor risk, risk mitigation

Infographics

Ways to Improve Vendor Document Collection Efficiency

Without the right documents, your vendor risk assessment can't be completed correctly, if at all. In this infographic, learn best practices and tips to improve document collection efficiency.

document collection, vendor due diligence, due diligence, vendor documents, documents

eBooks

Top 21 Third-Party Risk Management Resources for Beginners

New to third-party risk management or looking to stay up-to-date on a wide range of industry topics? This interactive guide is full of resources for beginners.

vendor management, risk management, third-party risk management resources

eBooks

Top 21 More Advanced Third-Party Risk Management Resources

Level up your third-party risk management knowledge with this interactive guide. Continually improve your knowledge, program and more!

vendor management, risk management, third-party risk management resources

Podcasts

Who Is Involved in Third-Party Risk Management?

Understanding the key roles involved in third-party risk management is important to you and your organization. Learn their responsibilities and how they fit into your third-party risk management program.

vendor management, involvement, staffing

Infographics

3 Planning Steps Before You Onboard a Vendor

Having an effective planning process will justify the need, cost, and benefits of a vendor relationship and start your onboarding process on the right foot.

onboarding a vendor, planning onboarding, planning steps,

Infographics

Vendor Performance Management: Steps and Questions to Ask

For the vendor performance management process to be effective, organizations must think carefully and plan ahead. An effective process helps reduce costs, enhance customer satisfaction, mitigate risks, and more.

vendor performance, performance management, performance process, vendor performance process, managing vendor performance, performance questions

Podcasts

Why Third-Party Risk Management Matters in a Struggling Economic Climate

The economy has faced many challenges the past few years. These events present many challenges for organizations, and some are looking to cut costs. But, reducing TPRM may be a mistake as it can help protect your organization.

reduce costs, cut third-party risk management, economic climate, cutting costs, reduce budget

Infographics

How to Write a Third-Party Risk Management Program Document

The program document answers the "how" of each third-party risk management activity. In this infographic, learn how to write an effective third-party risk management program document.

third-party program document, write policy and program, program writing, program document, write third-party risk management program document

Infographics

6 Techniques to Manage Third-Party Compliance Risk

Third-party compliance risk can be one of the more challenging areas to manage, but it's necessary to protect your organization from significant consequences. Use the 6 techniques covered in this infographic.

compliance management, vendor compliance, third-party compliance, manage compliance risk, manage vendor compliance

Interviews

Interview with Andrew Moyad

In this thought leadership interview, Andrew Moyad, CEO at Shared Assessments, discusses the importance of cyber insurance in third-party risk management. Learn what it covers and how it can help protect your organization from third-party cyber risk.

vendor cybersecurity, cyber insurance, cybersecurity insurance, infosec insurance, cybersecurity risk

Checklists

Training New Vendor Owners

Have new or existing vendor owners that need to be trained? This checklist will help your vendor risk management team prepare vendor owners to fulfill their roles and responsibilities.

checklist, vendor owners, vendor management, vendor manager

Infographics

Building an Effective Vendor Risk Management Program

When you learn the key steps, building a vendor risk management program doesn't have to be an overwhelming task. Organizations of all sizes can build a program that will satisfy regulators and manage vendor risk.

vendor management, effective vendor risk management program, program building, building a program, vendor risk management program

Infographics

Managing Banking as a Service Vendor Partnerships

While there are many benefits of BaaS, these services come with risks on both sides of the partnerships. It’s crucial to identify and assess the associated risks and the measures banks and non-bank entities can take to manage them effectively.

banking as a service risk, banking as a service partnerships, banking as a service vendors, baas vendor partnerships, baas vendor relationship, banking as a service

Podcasts

Third-Party Risk Management Recommendations for 2024

Learn 4 key recommendations to implement in your third-party risk management programs to mitigate third-party risk this upcoming year. Listen now.

third-party risk management best practices, tprm best practices 2024, third-party risk recommendations, tprm recommendations, best practices for 2024, cybersecurity recommendations, data breach recommendations, due diligence recommendations

eBooks

Creating and Updating Your Third-Party Risk Management Policy

There isn’t a one-size-fits-all solution to third-party risk management policies. This eBook will help you understand the dos and don'ts for creating a policy and best practices.

vendor risk management policy, risk management policy, creating policy, updating policy, tprm policy, third-party risk policy

Infographics

How to Use the RACI Method to Determine Third-Party Risk Management Responsibilities

Defining the roles and responsibilities within your TPRM program is crucial for success. Learn how to implement the RACI method with this infographic and customizable template.

raci method, roles and responsibilities, tprm roles, tprm responsibilities, organizational structure

Interviews

Interview with Tom Rogers

In this thought leadership interview, Tom Rogers, Vendor Centric, defines the characteristics that make up a fourth-party vendor and uncovers the steps to manage them. Listen to this interview to learn about fourth-party due diligence, regulations, and best practices.

fourth parties, fourth-party vendor, thought leader interview, managing vendors

Videos

Venminder Holiday Experience

To celebrate the holidays, experience the magic of Venminder's 2023 Holiday Village with a message from the team, a fun Venmonster game, and the opportunity to send in a eCard!

holiday experience, happy holidays

Podcasts

Third-Party Risk Management Takeaways From 2023

Learn best practices that should be included in your third-party risk management program to ensure you keep your organization protected from data breaches and other cybersecurity incidents.

third party risk trends, third-party risk management, best practices, tprm best practices, tprm trends, svb, republic bank, signature bank

eBooks

InfoSec and Third-Party Risk Management: Better Vendor Risk Management Through Collaboration

Without collaboration, organizations can face many challenges. In the eBook, explore some ways InfoSec and TPRM can proactively partner to benefit both teams.

information security, collaboration, better risk management, collaboration benefits

Infographics

How to Get Support for Third-Party Risk Management: Setting the Tone-From-the-Top With the Board & Senior Management

This infographic covers why the board and senior management should set the "tone-from-the-top", responsibility guidelines, and tips to help you gain support.

Organizational buy-in, vendor owners, vendor managers, board of directors, reporting, data

eBooks

How to Comply with OSFI Third-Party Risk Management Guideline B-10

Learn the necessary actions to comply with Canada's Office of the Superintendent of Financial Institutions (OSFI) final Third-Party Risk Management Guideline B-10.

regulations, governance, compliance, FRFI, federally regulated financial institutions

Infographics

Creating a Vendor Risk Management Program that Protects Your Organization

If your organization doesn't have the right vendor risk management practices, your organization's and customers' data is at risk. To protect data, you must understand how your vendors plan to use it and safeguard it.

data privacy, cybersecurity, information security, lines of defense, third-party risk management lifecycle, documenting, reporting

eBooks

Consequences of a Vendor Breach & How to Prepare For One

Vendor data breaches will always be unexpected, but it’s possible to anticipate your response, which can minimize the damage to your organization and customers.

cybersecurity, information security, breach notification, data privacy, reputational damage, operational disruptions, cybersecurity posture

eBooks

Business Associate Data Breaches in Healthcare: Consequences and How to Prepare

It's increasingly common for healthcare organizations to experience a data breach stemming from a business associate. Learn the 6 key steps to prepare your organization for a breach.

data privacy, reputational damage, operational disruptions, breach notification, information security, cybersecurity

Infographics

Strategic Advantages of Third-Party Risk Management

An effective third-party risk management program provides many strategic advantages to an organization. One obvious benefit is meeting regulatory requirements, but there's a much broader range of benefits.

SLA, service level agreement, operational advantages, outsourcing

Podcasts

Drafting Cybersecurity Requirements Into the Vendor Contract

Learn best practices that should be included in your third-party risk management program to ensure you keep your organization protected from data breaches and other cybersecurity incidents.

breach notifications, cyber right to audit, data protection, information security, data privacy, infosec

Infographics

7 Layers of Protection Against Third-Party Cybersecurity Risk

While technology sophistication is growing, so are the capabilities of hackers. Use this infographic to learn how to build a solid defense against cybersecurity risks.

data breach, information security

Interviews

Interview with Mike Morris

Mike Morris talks about the proposed SEC Outsourcing Rule and its impact in vendor risk management. Listen to learn answers to common questions, tips, and suggestions, as well as a general overview of the proposed rule.

regulations, financial services, fintech, guidance, registered investment advisors

eBooks

How to Get Organizational Buy-In and Commitment for Third-Party Risk Management

This eBook explores how you can articulate the many requirements and benefits for your stakeholders to enhance their understanding and improve their third-party risk management program buy-in.

board reporting, stakeholder buy in, vendor owners, vendor managers, implementing third-party risk management platform, outsourcing,

Checklists

Vendor Due Diligence Checklist for Healthcare

There are many due diligence considerations unique to healthcare organizations. Use this handy checklist when thinking through the vendor due diligence you should be assessing, and the foundational documents to request from every vendor.

document collection, ongoing monitoring, continuous monitoring, hipaa compliance, ongoing vendor management, business associates

Infographics

The Differences Between Vendor Assessments, Questionnaires, Due Diligence, and Continuous Monitoring

While all are important, there are differences to be aware of between questionnaires, risk assessments, due diligence, and continuous monitoring.

ongoing monitoring, risk re-assessments, vendor offboarding, third-party risk management lifecycle

Checklists

Vendor Offboarding

Offboarding a vendor is a critical step within the third-party risk management lifecycle. The process will differ based on the vendor and your organization, and details of the offboarding process need to be established before the contract is signed. Use this checklist for important considerations when offboarding a vendor.

offboarding a vendor, vendor offboarding, offboarding, exit strategy, offboarding checklist

eBooks

7 Takeaways From the Final Interagency Third-Party Risk Management Guidance

The Board, FDIC, and OCC released the official interagency guidance on managing third-party relationships. This eBook gives you 7 takeaways you should be aware of.

regulations, banking, vendor scope, critical vendors, due diligence, ongoing monitoring, documentation, reporting

Podcasts

Board Oversight in Third-Party Risk Management and Regulatory Exams

Regulatory examiners have distinct expectations when it comes to the boards involvement in third-party risk management. Listen to learn the board's place in regulatory exams, and how you can lend a helping hand.

TPRM, regulations, regulatory exams, contract management, audit, due diligence

Podcasts

Learning the Fundamentals of Third-Party Risk Management

Learn the key takeaways from important third-party risk regulatory guidance released by the OCC, FDIC and FFIEC from our compliance expert.

regulatory guidance

Infographics

Healthcare: What to Look For in a Vendor's SOC 2

Some healthcare organizations will accept an independent audit report in lieu of a vendor completing an assessment questionnaire. In this infographic learn what to look for in a vendor's SOC 2 Type II audit report and key elements to review.

risk posture, risk assessment, audit report, cybersecurity, PHI, protected health information, healthcare due diligence

Podcasts

Manage Large Vendors Successfully in Your Third-Party Risk Management Program

Larger vendors can be more difficult to manage. Learn essential tips and best practices to mitigate vendor risk with your large vendors in this podcast.

large vendor inventory, large vendors, vendor risk, mitigate vendor risk, mitigate large vendor risk, manage large vendors

Infographics

What to Do If Your Vendor Has a Negative SOC Report

What do you do if a vendor's SOC report is filled with issues? Use this infographic as a guide to determine how to proceed with the vendor, whether that's addressing the issues or passing on the vendor relationship.

cybersecurity, due diligence, regulatory audit, vendor offboarding, controls

eBooks

Vendor Risk Management for Utility Companies

This eBook explains what vendor risk management is and how you can implement it. Done right, a good vendor risk management program creates a real strategic advantage for your utility company.

risk mitigation, continuous monitoring, ongoing monitoring, third-party risk management

Infographics

6 Third-Party Risk Management Reports to Maintain

Use this infographic as a guideline for important data to collect and continuously update. Ensure that the appropriate stakeholders are well-informed to drive action in your third-party risk management program.

document collection, risk assessment, ongoing monitoring, issue management, Inventory

eBooks

7 Steps to Implement ESG Into Your Third-Party Risk Management Program

ESG is a rapidly growing business principle that aims to better measure the success and sustainability of an organization. This eBook provides steps to implement ESG into your TPRM program successfully

CSR, corporate social responsibility, environmental, social, governance

Infographics

Healthcare Cybersecurity: 7 Steps to Protect Against Rising Vendor Risks

By understanding your vendor's cybersecurity posture and doing the appropriate steps to prevent risk, you can reduce the chances of your healthcare third parties compromising you.

inherent risk, due diligence, information security, infosec, controls, HITRUST, data breach

Videos

7 Steps of Risk-Based Vendor Due Diligence

Not all vendors have the same level of risk. Risk-based vendor due diligence can save your organization time and resources in your vendor risk management program. But, do you know the steps to take and when? This informative video explains the 7 steps.

third-party risk management lifecycle, inherent risk, risk level, risk questionnaire, critical vendor, low-risk vendor

Podcasts

Leverage Resources for Increased Third-Party Risk Management Value

Prioritizing TPRM is essential, even if your resources are limited. There are many advantages in utilizing third-party risk management tools. Listen to this podcast to learn more.

third-party risk management resources, leverage resources, tprm resources, limited resources, software

eBooks

Managing Issues in Your Third-Party Risk Management Program

An effective TPRM program requires strategy to identify, address, and resolve any issues in a timely manner. Vendor relationships will never be perfect, issue management is a necessary component that will help prevent larger problems down the line.

issue management, managing vendor issues, vendor issues, risk management issues

eBooks

Top Third-Party Risk Management Terms to Know

Developed by industry experts, you can reference this third-party management glossary for key words in the vendor management process.

third-party risk terms, tprm terms, tprm terminology, understanding third-party risk management terms

eBooks

Third-Party Risk Management for Higher Education

Higher education institutions have become increasingly dependent on the utilization of third-party vendors in today's climate. In this eBook, learn the importance between TPRM and higher education.

higher education, school districts, higher education TPRM, higher learning vendor risk

Infographics

7 Steps of Risk-Based Vendor Due Diligence

Risk-based vendor due diligence can save your organization valuable time and resources. In this infographic learn what vendor risk-based due diligence is and why it matters

Vendor due diligence, risk-based due diligence, level of risk, due diligence frequency

eBooks

Biotech: Due Diligence and Selection of Contract Research Organizations

It's not surprising that most sponsoring small pharma and biotech startups choose to perform their clinical trials with the assistance of CROs. But, not all CROs are created equal, so selecting the right CRO is crucial.

biotech, due diligence, vendor due diligence, contract research organization selection, CROs

Podcasts

Tips to Improve Collaboration With Vendor Owners

Collaboration with vendor owners involves a lot of day-to-day activities, spanning across the three stages of the third-party risk management lifecycle. This podcast outlines tips to improve collaboration between your third-party risk management team and your vendor owners.

vendor owner, training vendor owner, vendor management

eBooks

5 Steps for a Successful Vendor Exit Strategy

Not all of your third-party relationships will end naturally at the end of a contract period. Sometimes, early contract termination is needed, so your organization must be prepared. This eBook outlines the necessary steps.

vendor offboarding, proactive termination, reactive termination, periodic reviews, third-party contracts

eBooks

Framework for a Successful Third-Party Risk Management Program

Not sure where to begin in implementing a third-party risk management program? Download this eBook to learn the foundational components of a third-party risk management framework.

vendor management, third-party risk management lifecycle, scoping, onboarding, operating model, contract management

Whitepapers

VRM: 2023 SEC Examination Priorities and Cybersecurity and Resiliency Observations Reports

Use this as your guide to understand vendor risk management takeaways from the SEC's recent examination priorities report.

vendor risk management, SEC examinations, SEC, regulations, guidance, regulator, guidelines

Infographics

Healthcare: How to Conduct a Third-Party Risk Assessment to Protect Your Data

For a third-party risk assessment to be effective, you must know what kind of data they can access within your network and what kind of data they will access, process, transmit, or store on their networks. Learn more in the infographic.

vendor risk assessment, healthcare risk assessment, healthcare vendor management, healthcare vendor

eBooks

What to Look For in a Vendor HITRUST Certification Review

The HITRUST certification ensures that a healthcare organization has met the requirements outlines in the HITRUST Cybersecurity Framework (CSF). This eBook outlines how to review your vendor's HITRUST certification.

HITRUST certification, HITRUST, review of HITRUST, cybersecurity framework

Podcasts

Identifying and Documenting Third-Party Risk Management Issues

No matter the vendor, there may be issues that arise at any point in the vendor relationship. In this podcast, learn examples of third-party risk management issues you may encounter and what to do next.

issue management, vendor issues, vendor issue management, third-party risk issues

Infographics

How to Develop Metrics in Your Third-Party Risk Management Program

Successful TPRM programs should involve key metrics that evaluate a vendor's health and stability. To help you better understand how to develop key metrics for your TPRM program, we've created this informative infographic.

key metrics, KPIs, third-party risk metrics, develop metrics

eBooks

How to Review Third-Party Risk With Vendor Risk Assessments

Whether you're new to the world of TPRM, or an experienced veteran, you've probably heard the term "vendor risk assessment". In the eBook, learn the process of vendor risk assessments and what to look for in the document.

vendor risk assessment, third-party risk, third-party risk assessment, risk assessments

Podcasts

Mitigate Supply Chain Risk With Third-Party Risk Management Best Practices

Natural disasters and cyberattacks are just two examples of business disrupting events that occur in the supply chain. This podcast outlines four examples of how TPRM can help you mitigate supply chain risk.

supply chain risk, mitigate supply chain risk, third-party risk management best practices

Infographics

Who Is a Critical Vendor?

Identifying critical vendors is a necessary process that drives many TPRM activities. In this infographic, learn how to identify which vendors are critical to your organization.

high risk, identifying critical vendor, critical vendor overview, high risk vendor

Podcasts

8 Best Practices for Creating or Updating Your Vendor Management Program Documentation

Whether you’re creating your program for the first time, or revising it, here are 8 best practices.

Infographics

What/Why/Who/How of Vendor Risk Management

There's a lot to know to have a successful vendor risk management program. This infographic breaks down the what, why, who, and how to help. 

risk management, involved in vendor management, third-party risk management, vendor risk management basics, beginner vendor management

Infographics

Vendor Risk Management Cheat Sheet

What is vendor management and where to start, what you should know to mitigate risk, vendor lifecycle stages, who's responsible for what in a typical lifecycle and useful links and resources.

third-party risk management, to-do list, vendor management

Podcasts

Vendor Financial Importance in Today's Business Climate

In today's business climate, vendor financial health monitoring is extremely important. There are several factors to consider when reviewing vendor financial health, including inflation, political instability, and more.

vendor financial health, financials, vendor financials, financial importance

Infographics

The Process of Inherent to Residual Vendor Risk

Vendor risks are always present. Although you can't eliminate the vendor's inherent risk you can lessen the likelihood by identifying and implementing controls. In this infographic, learn the process of inherent to residual vendor risk.

inherent vendor risk, residual vendor risk, inherent to residual risk process

eBooks

Benefits, Concerns, and Vendor Risk Management Considerations for Hospital Data In Transit

Healthcare organizations must know how their vendors access, transmit, and store PHI and other sensitive data to remain compliant to protect their organization's and patient's data. Learn more in the eBook

hospital data, healthcare vendor management, healthcare organization, hospital risk management

eBooks

Creating Your Third-Party Risk Management Program: A Step-By-Step Guide

Tasked with building a third-party risk management program from scratch? Developing and implementing a TPRM program requires considerable planning and coordination. This step-by-step guide will help you get started.

vendor management program, risk management program, TPRM program, third-party risk program

Podcasts

6 State of Third-Party Risk Management Highlights for 2023

After conducting our State of Third-Party Risk Management Survey in November of 2022, we've analyzed the results and found six key highlights you should be aware. Listen to this podcast to find out what they are.

state of tprm, third-party risk management highlights, best practices, cybersecurity

eBooks

12 Ways You Can Improve Your Third-Party Risk Management Program

It may be time to revisit your third-party risk management program. This eBook walks you through 12 ways you can start to improve your third-party risk management program.

program improvement, improve third-party risk management program, vendor management program improvement, improve vendor management

eBooks

Guide for Third-Party Vendor Risk Management in Clinical Research

Most clinical studies are being conducted with the assistance of third-party vendors. Learn how clinical trial oversight remains a critical activity for sponsor organizations in this eBook.

healthcare vendor management, contract research organizations, CRO, clinical trial oversight

Podcasts

The Value of On-Site Vendor Visits

Even in today's remote working environment, you need to perform on-site vendor visits. In this podcast, we'll highlight 6 reasons on-site vendor visits are a valuable part of your due diligence practice.

vendor visits, on-site visit, vendor management, due diligence

eBooks

Mini Vendor Risk Assessment Guidebook and Best Practices

A standardized and repeatable vendor risk assessment process is essential to protect your organization and customers from avoidable risks. In this eBook, we'll walk you through what you need to know for effective and efficient assessments.

risk assessment, vendor risk, risk assessment guide, vendor risk management

eBooks

The Essential Third-Party Risk Management Guide

Identifying requirement and best practices for your industry, and following the TPRM lifecycle are great building blocks when implementing TPRM programs. Learn more in this guide.

vendor risk management, TPRM, vendor risk, essential guide, lifecycle, roles and responsibilities, program essentials

eBooks

Guide to Your Third-Party Risk Management Policy, Program, and Procedures

TPRM is a complex process that involves many rules, requirements, and processes all of which must be documented. This eBook will explain each of the governance documents and more.

vendor risk management, governance documents, vendor management policy, tprm documents, third-party risk governance documents

Videos

Venminder Holiday Experience

To help celebrate the holiday season, experience the magic in Venminder's 2022 Holiday Village. Play a fun game, watch a video from our CEO and team, or send us a message!

venminder holiday

Podcasts

6 Third-Party Risk Management Best Practices for 2023

2022 was challenging for some organizations this year. In this podcast, learn six third-party risk management best practices to bring into 2023.

best practices, new year, vendor management, third-party risk

eBooks

SEC Outsourcing Rule Proposal and Its Impact to Investment Advisers

The SEC recently released a series of amendments & a new rule under the Investment Advisers Act of 1940, prohibiting outsourcing certain services and functions. We breakdown the due diligence and monitoring requirements and how to prepare in the eBook.

outsourcing vendor management, vendor management, SEC, outsourced providers, outsourced vendors, SEC outsourcing, ongoing monitoring, due diligence

eBooks

The Contract Research Organization's Guide to Third-Party Vendor Management

Contract research organizations (CROs) demonstrating strong vendor risk management programs can help sponsors feel their exposure to risk is well managed. In this eBook, learn the importance of sound vendor risk management for CROs.

CRO, contract research organization, outsourcing, clinical trial, risk exposure, due diligence, ongoing monitoring, third-party risk management program, vendor risk management, vendor risk

eBooks

Healthcare: What Is a Vendor Risk Assessment?

What does it mean for a healthcare organization to perform a risk assessment on a vendor? Is it a questionnaire, review, or process? Learn what a vendor risk assessment entails in this eBook.

healthcare, healthcare vendor management, risk assessment

Infographics

Understanding a Vendor Risk Appetite Statement

In order to properly manage your vendors' associated risk, you need to thoroughly understand your organization’s vendor risk appetite statement. Use this infographic to help.

third-party risk management, vendor risk appetite, risk appetite statement, vendor risk

Podcasts

5 Advantages of Outsourcing Third-Party Risk Management Tasks

Third-party risk management involves many activities that can take up a lot of your team's time and resources. Listen to this podcast to learn 5 advantages of outsourcing TPRM tasks.

outsourcing vendor management, outsourcing tprm, outsourced vendors, third-party risk management tasks

eBooks

SOC 1 vs SOC 2: Which Report to Request From a Vendor

The two most common reports, the SOC 1 and SOC 2, each assess a different scope of the vendor's controls and performance. In this infographic, you'll learn the difference between the two and which report you'll want to request.

vendor soc, soc reports, request soc report, SOC 1 report, SOC 2 report

eBooks

Vendor Cybersecurity Elements to Include in Business Continuity and Disaster Recovery Plans

A cybersecurity incident can have detrimental effects on your organization's financial health, reputation, and more. In this eBook, we'll cover why cybersecurity and business continuity are linked.

cyber risk, cybersecurity risk, vendor cyber risk, BCP, cybersecurity measures

Podcasts

How to Safeguard Your Organization From Third-Party Cyber Risk

Protecting your customers' sensitive information is important. In this podcast, learn ways to safeguard your organization from third-party cyber risk.

cybersecurity, vendor cybersecurity, cyber risk, cybersecurity risk

Infographics

Setting Breach Notification and Cyber Right to Audit Expectations in a Vendor Contract

Establishing clear expectations with your vendor from the earliest stages of entering a relationship is important. There are two clauses that are essential, learn more about them in this infographic.

right to audit, cybersecurity, information security, data protection, data breaches, vendor management

eBooks

How to Assess Cloud Vendors

As many organizations have turned to cloud vendors to store sensitive information, it's more important than ever to look at how you should assess cloud vendors. Learn how to in this eBook.

cloud vendor management, vendor risk, cloud vendors, cloud risk, assessing vendors

eBooks

How Healthcare Organizations Can Mitigate Vendor Risk

You've completed your vendor risk assessment, performed due diligence, and have identified the inherent risk the vendor brings. This eBook highlights examples of ways your organization can improve the security of a vendor's system in your network.

mitigate risk, vendor risk, healthcare vendor risk, healthcare vendor management, third-party vendor risk, hipaa

eBooks

How to Do Vendor Due Diligence Reviews: The Complete Breakdown

Due diligence is a fundamental component of any third-party risk program. We will break down how to do vendor due diligence reviews on 6 of the most common reports we do.

ongoing monitoring, oversight, vendor management, due diligence

Samples

Venmonitor™ Report

Venmonitor™ is a new software tool that brings the industry’s best risk intelligence data into one central location, allowing you to easily screen vendor or supplier performance across multiple risk domains.

venmonitor sample, risk intelligence data, risk domains, risk management, software

Infographics

10 Reasons for a Third-Party Risk Budget

The truth is that a good third-party risk management program can be a valuable strategic asset. However, it's sometimes necessary to push your organization to ensure that you have a sufficient third-party risk budget. Learn more in the infographic.

vendor management budget, TPRM budget, budget, vendor manager budget

Podcasts

4 Best Practices for Critical Vendor Contract Management

Critical vendor contract management is important. Learn 4 best practices in this podcast to ensure your monitoring your critical vendor contracts.

contract management, vendor contracts, critical vendor, podcast, critical vendor contracts

eBooks

How Many People Should You Dedicate to Third-Party Risk Management?

Many often ask "how many people should you dedicate to third-party risk management?" Even regulatory guidance offers little assistance in this area. Learn considerations, industry data, and more in the eBook.

vendor management, staffing, TPRM staffing

Checklists

Due Diligence Checklist for Low, Moderate, and High-Risk Vendors

Use this checklist on specific common due diligence items you need to gather for based on if your vendor is classified as low, moderate or high risk.

due diligence checklist, high-risk vendor, checklist, vendor due diligence

Infographics

What Is the Process of Vendor Risk Management?

Vendor risk management is a best practice, and, for many organizations, it's also a regulatory requirement. Dive deeper into the process of vendor risk management in this infographic.

vendor management process, vendor risk, risk management process,

Infographics

Understanding Subservice Organizations Within Vendor SOC Reports

Understanding what subservices (fourth parties) your vendors use is important. This infographic outlines how to review your subservice organizations within SOC reports.

subservice organizations, fourth-party vendor, reviewing SOC reports, vendor SOC report

Podcasts

How to Create a Vendor Risk Management Program for a Health Organization

Keeping the patient proactive care model in mind when considering TPRM is important. This podcast highlights 4 steps to take in creating a TPRM program for a health organization.

healthcare vendor management, proactive vendor management, third-party risk, health third-party risk

Checklists

Vendor Contract Renewals

As a part of your ongoing monitoring, you need to stay on top of vendor contracts and renewal dates. Use this checklist to help.

contract management, vendor contracts, contract renewals, renewals

Toolkits

Integrating ESG Into Your Third-Party Risk Management Framework

There is a lot to consider when incorporating CSR and ESG into current third-party risk management workflows and processes – including updates to your policy, risk assessments, due diligence, contracts, questionnaires and more.

third-party risk management, corporate social responsibility, environmental, social and governance, vendor management, toolkit

Infographics

Separating Vendor Criticality From Risk Ratings

When managing vendor risk, many mistakenly consider critical and high risk synonymous, but they are not. There's an important difference between these terms and how they should be applied. Learn more in this infographic.

risk ratings, vendor criticality, high-risk vendor, vendor risk

Podcasts

How to Prepare Your Vendors for ESG Disclosures

There is still limited legislation on mandatory ESG disclosures, but regulators are continuing to address issues like climate change and modern slavery. Listen to this podcast to learn 3 ways to prepare your vendors.

esg disclosures, vendor esg, environmental, social and governance, regulations, disclosures

eBooks

Choosing a Cloud Vendor: Benefits, Drawbacks and Considerations

Ensure your organizations can balance the risks and rewards of the cloud by identifying the potential risks and thoroughly vetting your cloud service providers to make sure they meet your requirements.

cloud vendor, cloud service provider, cloud supplier, vendor management, considerations for cloud vendors

Checklists

Vendor Due Diligence

Use this handy checklist when thinking through the due diligence items you should be performing on your third parties.

vendor management, vendor risk management, check the box, document collection

Infographics

How to Effectively Manage International Vendors

Your contract and due diligence processes requires a unique focus when working with an international vendor. Use this infographic to help.

due diligence, contract management, overseas, international vendors, international vendor management

eBooks

What to Do With Vendor Due Diligence Information

Knowing how to conduct your vendor due diligence processes is only part of the equation. The real challenge for some organizations is understanding how to interpret and act on due diligence results. Learn how in this eBook.

vendor due diligence, due diligence collection, due diligence results, conducting vendor due diligence

Infographics

3 Vendor Financial Statements to Review

No single financial statement will provide a full picture of a vendor's financial health. There are three statements that should be analyzed together to better understand financial risks posed.

financial statements, vendor financial health, financial performance, vendor financial statements

Infographics

3 Ways to Measure Vendor Performance

Measuring a vendor's performance is a necessary process that ensures the engagement continues to be beneficial. Also, helps protect your organization's reputation and ensures any issues are identified and addressed quickly.

measure vendor performance, vendor performance management, ways to measure, performance management

eBooks

Vendor Data Breach in Healthcare: Consequences and How to Prepare

Has one of your critical healthcare vendors experienced a data breach? You can prepare now and anticipate you response to minimize damage, especially if that damage may involve your PHI or patient care.

patient care, healthcare data breach, healthcare organization, healthcare vendor management, vendor risk, cybersecurity

Podcasts

4 Exit Strategies for Offboarding a Vendor

Having an exit strategy in case your vendor relationship must come to an end is crucial. Learn 4 exit strategies in this informational podcast.

vendor exit strategies, exit strategy, vendor management, contract management, terminate vendor

Infographics

Vendor Risk Categories Quiz

Knowing the risk your vendor brings to your organization is crucial. But, do you know and understand the risk categories or types to be reviewing and monitoring? Take the quiz to test how much you know!

quiz, risk categories, vendor management risk, vendor risk, third-party risk quiz

Infographics

Proactive Vendor Risk Management for Hospitals

The healthcare industry practices proactive care, this same concept can be done for managing its third-party risks. Learn the importance for proactive vendor risk management in healthcare in this infographic.

healthcare, proactive care, proactive vendor risk management, vendor management, vendor risk, hipaa

Infographics

6 Vendor Risk Categories and Common Red Flags

Outsourcing a product or service to a vendor is a standard business strategy that can provide many benefits. Ensure you know these 6 vendor risk categories and common red flags.

red flags, outsourcing, risk categories, vendor management categories, vendor risk

Whitepapers

Vendor Risk Management: SEC Examination Priorities and Cybersecurity and Resiliency Observations Reports

The SEC released their 2022 Examination Priorities. Download this whitepaper to ensure your organization has your TPRM program in order.

exam preparation, vendor management exams, exam priorities, third-party risk management exam, cybersecurity, reports

eBooks

How to Analyze a Vendor's Business Continuity and Disaster Recovery Plans

Give yourself the ability to more successfully sidestep the aftermath of potentially disastrous scenarios by analyzing your vendor's business continuity and disaster recovery plans.

ongoing monitoring, disaster recover planning, business continuity planning, business planning, risk management

Podcasts

3 Frequent Mistakes Regarding Vendor Financials

Vendor financial health includes many factors that your organization should be cognizant of and review accordingly. This podcast highlights three mistakes to avoid when reviewing.

vendor financial health, financial stability, financial reviews, vendor performance

eBooks

Inherent Vendor Risk: Sample Questions and Next Steps

When outsourcing a product or service to a third-party vendor, your organization is exposed to risks that naturally occur, referred to as inherent risks. Learn sample questions to ask and next steps to take after completing a questionnaire in this eBook.

inherent risk, vendor risk, sample questionnaire, vendor risk assessment, eBook, questionnaire

Samples

Free SIG Lite Assessment

The Standard Information Gathering (SIG) Lite questionnaire is a standardized questionnaire developed by Shared Assessments and used by organizations to provide information surrounding their control environment. Download a free SIG Lite assessment today.

sig lite, sig assessment, sig lite sample, free sig lite assessment

Toolkits

Offboarding a Vendor

Vendor relationships can end for many reasons. Your organization's needs may have shifted and you're looking for a different vendor that better aligns with your goals. Whatever the reason for ending the relationship, you want to ensure you have an established offboarding process that minimizes issues.

offboarding, toolkit, comprehensive eBook, interactive checklist, vendor relationship management , exit strategy, termination

Podcasts

The Stages in the Third-Party Risk Management Lifecycle

There is a beginning and end to every third-party relationship. In this podcast, you'll learn the stages of third-party risk management lifecycle.

lifecycle stages, onboarding, offboarding, ongoing activities, podcast

Toolkits

Third-Party Risk Management Lifecycle

Learn the steps of the third-party risk management lifecycle to protect your organization from vendor risks using this toolkit.

third-party risk management lifecycle interactive toolkit PowerPoint Template Printable 1-Page PDF due diligence, contract management, risk assessment, scoping

Checklists

Vendor Site Visits

When your organization is exposed to a variety of vendor risks, it doesn't hurt to have the extra layer of protection that vendor site visits provide. Use this handy checklist and infographic to ensure your organization understands the importance of site visits.

checklist, on-site visit, virtual vendor visit, vendor risk

eBooks

Vendor Contract Considerations: Sample Language and Recommended Tips

Not sure where to include in your vendor contracts? This eBook outlines sample contract language and recommended tips to help with contract creation.

contract management, vendor management, contract compliance, contract clauses

Checklists

Third-Party Risk Management Audit or Regulatory Exam

Use this checklist of things to help you manage and be sure you’re prepared when you have an upcoming audit or regulatory exam.

checklist, auditors, vendor management exam, vendor management audit

Infographics

My Vendor Has Suffered a Data Breach: Now What?

Are you prepared to handle it when your vendor suffers a data breach? Cyber attacks have become a normal part of daily routine. Learn what to do.

vendor data breach, suffered data breach, vendor data breach next steps, cyber attack next steps

Infographics

Fourth-Party Due Diligence Questions: What to Ask Your Third Party

Although you don't have direct contact with your fourth parties, it's essential to understand how your third-party vendors manage their risk. Use this helpful infographic when discussing fourth-party due diligence with your vendors.

vendor relationship, vendor risk, vendor management, fourth-party risk

eBooks

How to Engage, Educate and Enable Your Vendor Managers

Successful vendor risk management requires the teamwork of stakeholders across the organization, and vendor managers play a crucial role. This eBook will help you engage, educate and enable your vendor managers.

vendor manager education, manager training, vendor manager tips, vendor management

Podcasts

How to Mitigate Vendor Risk

Mitigating vendor risk is an important component of your vendor management program to ensure that your overall business operations can continue on. Listen to this podcast to learn how to mitigate vendor risk.

mitigate third-party risk, third-party risk mitigation, vendor risk management

Checklists

Developing Your Third-Party Risk Management Program Document

Your third-party risk management program document lays out the concepts within the policy. Download this checklist to assist in creating an effective and mature third-party risk management document.

governance documentation, vendor management program document, policy documents, documentation

Infographics

Identifying Critical Vendors: 6 Fool-Proof Questions

Your critical vendors provide products or services that your organization is highly dependent on. Learn the questions you can ask to determine if a vendor is critical or non-critical in this infographic.

high-risk vendor, vendor management, vendor risk, third-party vendor

eBooks

Understanding Vendor Performance Metrics and Scorecards

Vendor scorecards are a valuable tool to help you track and measure vendor performance. Download this eBook and template to improve your understanding of vendor performance metrics.

vendor vetting, ongoing monitoring, vendor management, performance monitoring, vendor scorecard

Toolkits

Who Is Responsible for Third-Party Risk Management?

Third-party risk management in practice is a complex ecosystem of processes, tasks, timing and risk mitigation. Various responsibilities and requirements are distributed across a range of accountable stakeholders. Download this toolkit for helpful templates and charts.

vendor management, vendor oversight, stakeholders, roles and responsibilities

Podcasts

Top 4 Third-Party Risk Management Trends

Our annual State of Third-Party Risk Management survey highlighted four areas that are top concern for third-party risk management professionals this year. Listen on to learn them.

ESG, emerging risks, vendor management, due diligence

Infographics

Is it time to break up with your vendor?

You should partner with a vendor who meets your organization’s expectations. Download this infographic for signs that it is time to end your vendor relationship.

vendor relationship, vendor management, third-party risk management, vendor profiling

Infographics

10 Tips for Collecting Due Diligence Documents

Better understand when to start your due diligence, what to do if you can't get a document, why you need a good working relationship with your lines of business.

vendor management, third-party risk, document collection

Infographics

How to Mitigate Third-Party Risk

All vendor relationships have inherent risks. If you choose to work with the vendor, you'll need different techniques to handle the risk. This infographic covers three risk handling techniques known as mitigation, transference and acceptance.

inherent risk, vendor relationship, vendor management

Infographics

How Third-Party Risk Management Has Evolved

Third-party risk management is no exception, and as a practice, has steadily changed its tune over the past few decades. Explore the advances in third-party risk management in this infographic.

vendor management evolution, vendor lifecycle, industry change

Podcasts

3 Vendor Management Best Practices for 2022

2022 is going to be another year with a strong vendor management focus. Are you prepared? Listen to this podcast to learn 3 best practices to follow this year.

due diligence, vendor profiling, third-party risk management

eBooks

Vendor Vetting: 19 Things You Should Be Doing

As part of your vendor due diligence process and regardless of risk level, there are 19 items your organization should be committing to file for every third-party involved with your business.

initial vendor vetting, due diligence, onboarding

Podcasts

Third-Party Risk Management Lessons Learned in 2021

Listen to this podcast that highlights three main third-party risk management lessons learned in 2021. Learn how your organization can use these lessons to prepare for 2022.

due diligence, tips, vendor management

Checklists

Third-Party Risk Management

Whether you're just getting started or simply are looking to refresh your program, use this comprehensive checklist to guide you to successful vendor management.

due diligence, program improvement, document collection

eBooks

The Vendor SOC Dictionary

To help guide you and your team in understanding some of the most common terms found in a SOC report.

cybersecurity, information security, data breach

Infographics

What to Consider for Vendor Contract Renegotiations or Amendments

Well-written contracts are the foundation of the relationship between your organization and your vendor. Download this infographic to learn 5 reasons you should renegotiate vendor contracts.

vendor contract management, addendum, vendor relationship

Podcasts

4 Tips for Building a Third-Party Risk Management Program

Not sure where to start when building a third-party risk management program? This podcast covers 4 essentials tips to building a TPRM program and what you should include.

vendor management, due diligence, vendor risk

Infographics

Spooky Tales of Risky Vendor Behavior

Don't let your vendors scare you this Halloween. Discover risky vendor situations that should be laid to rest in the third-party risk management cemetery in this infographic.

vendor management, vendor behavior, critical vendor, third-party risk management

Infographics

Critical Risk Vendors: What should you be reviewing?

Your third parties should be ranked as critical or non-critical for business disruption. This infographic outlines 10 general items that are needed to be on file for critical vendors.

vendor management, vendor risk, critical vendor management, due diligence, due diligence items to review

Infographics

Top 4 Areas of Vendor Cybersecurity to Pay Attention To

This infographic breaks down four key areas to pay attention to regarding vendor cybersecurity that will help you prepare your organization.

cybersecurity areas, vendor risk, vendor management

Podcasts

What to Review in a Third-Party Incident Response Plan

This podcast will highlight what you should be reviewing in your third-parties incident response plans. Gain an understanding of how your vendor will respond to an incident when it happens.

vendor management, third-party risk, continuity planning, vendor risk

Checklists

Vendor Cybersecurity Checklist

To help ensure you gather the information you need, use this handy checklist that covers what you need to review when analyzing your vendor’s cybersecurity.

data breach, information security, vendor cybersecurity checklist, cybersecurity checklist, checklist, vendor risk, cybersecurity risk

Interviews

Interview with Michael Kossman

Michael Kossman, Chief Operating Officer and Chief Compliance Officer at Aspiriant, talks about the challenges of implementing a third-party risk program in asset management and the importance of third-party risk management.

third-party risk management program, due diligence, third-party risk challenges, vendor management

eBooks

How to Review a Vendor SOC Report

Learn how proper review of a vendor SOC report helps your org, when to obtain and review a SOC, differences between SOCs, Complementary User Entity Controls, key areas to review and more.

vendor management, security organization controls, vendor risk

eBooks

Guide to Vendor Contract Renewals

Timing is everything to be successful in vendor contract management. Download this guide to help get the most value from your vendor contracts during renewal time.

contract management, vendor management, contract guide

eBooks

Setting Expectations with Prospective Third Parties: A Playbook for Third-Party Vendor Managers

Clearly communicating setting expectations with your third party is essential for building a healthy and productive relationship. Download this playbook designed to support third-party risk management teams.

vendor relationships, prospective clients, communication, playbook for vendor managers

Podcasts

What Is a Vendor Confidentiality Agreement?

In this podcast, understand what a vendor confidentiality agreement is and how to create and review an agreement. Also, learn why these agreements are important in a third-party risk management strategy.

vendor risk, vendor management, NDA

eBooks

How to Master Vendor Contract Management

Contract management is a key component in managing risk and vendor relationships. Our eBook is your tool to master vendor contract management.

contracts, third-party risk management, vendor contracts

Infographics

How to Do a Vendor Risk Assessment

Performing risk assessments may seem daunting, but are a worthwhile investment. Download this infographic to learn the tried-and-true steps to complete a vendor risk assessment.

vendor risk assessment, risk assessment, how-to, TPRM, vendor risk, risk management, vendor risk management, assessments, third-party risk

eBooks

What to Include in Your Critical Vendor Contracts

Vendor contracts work both as a roadmap to guide you through the business relationship and as a safety net. Download this eBook to learn what to include in critical vendor contracts.

critical vendors, critical vendor management, vendor contract management, vendor management

Podcasts

How to Get From Inherent Vendor Risk to Residual Risk

Understand how to get from inherent vendor risk to residual risk in this podcast. Learn the basics to calculate these risks.

vendor risk management, risk rating, calculating risk

Infographics

Strategic Advantages of Third-Party Risk Management

Learn how to maximize value, cost, quality, day-to-day advantages and more. Download this infographic to understand the strategic advantages of doing TPRM.

Third-party risk management, cost advantage, quality advantage, maximize benefits, vendor management

Infographics

Do Your Business Continuity and Disaster Recovery Plans Consider Your Critical Vendors?

Well-written business continuity and disaster recovery plans are important. Ensure your critical vendors are accounted for in your plans. Download the infographic to learn how.

third-party risk management, critical vendor management, continuity planning

eBooks

Third-Party Risk Management: Building a Relationship with Your Cybersecurity and Information Security Team

Organizations are feeling the strain of keeping data and systems safe. Download this eBook to understand how TPRM and InfoSec teams can collaborate.

data, third-party vendors, relationship building, collaboration

Podcasts

Various Types of Vendor Business Continuity and Disaster Recovery Testing

Listen to this podcast to understand the various types of vendor business continuity and disaster recovery testing.

third-party risk management, testing, bc/dr testing, vendor management

Whitepapers

Vendor Risk Management: 2021 SEC OCIE Priorities

Many of the OCIE's priorities changed as new risks emerged and existing risks were mitigated or heightened. Download the whitepaper to ensure you have your third-party risk management in order. 

cybersecurity, vendor risk, third-party risk management, vendor management, ocie priorities

eBooks

How-to Guide: Creating a Vendor Risk Questionnaire

This eBook will guide you through creating an effective vendor risk assessment questionnaire of your own for proper third-party risk management.

vendor risk management, third-party risk management, questionnaires, assessments

Infographics

How to Write Fourth-Party Vendor Requirements Into the Contract

Learn examples of fourth-party related clauses and how to write these requirements into your vendor contracts.

third-party risk management, due diligence, contract management, fourth parties, requirements

Checklists

Vendor Business Continuity and Disaster Recovery Checklist

Download this checklist to ensure your vendor's business continuity and disaster recovery plans are in place and on the right track.

checklist, vendor management

eBooks

What Are Inherent and Residual Third-Party Risks?

Inherent and residual third-party risk are interconnected, but they do have differences you should be aware of. Learn the differences between them and how they can affect your organization in this eBook.

vendor management, third-party risk management lifecycle, strategic enabler, regulatory compliance, organization strategy

eBooks

How Third-Party Risk Management Enables an Organization's Strategies

Realizing the value of third-party risk management as a strategic enabler requires you to look beyond the routine check-the-box requirements. Download the eBook to get an understanding on how TPRM can enable your organization's strategies.

vendor management, third-party risk management lifecycle, strategic enabler, regulatory compliance, organization strategy

Infographics

14 Third-Party Risk Myths You Should Ditch

Learn the most common myths of third-party risk management and learn the truth about the misconceptions in this infographic.

due diligence, vendor management, vendor risk

Podcasts

What Is Vendor Compliance Risk?

Understand the basis of vendor compliance risk and how to protect your organization from it in this podcast.

third-party risk management, risk assessment, risk category, due diligence

Infographics

6 Actions to Take After Reviewing Your Vendor's Financials

Download the infographic to learn the next steps to take that enhance your organizations internal processes and procedures.

financial risk, financial assessment

Podcasts

What Is Third-Party Risk Management?

Understand the three core practices of third-party risk management in this podcast.

third-party risk management, vendor management, due diligence

eBooks

Types of Third-Party Vendor Risk

It's essential to understand the risks posed in third-party relationships. Download this eBook to learn about the different types of vendor risk and how they can impact your operations.

due diligence, risk assessment, vendor risk, vendor management, financial risk, reputational risk, operational risk

Podcasts

5 Acceptable Financial Documents if a Vendor Is Privately Held

Vendor financials are an important topic. Understand what documents are acceptable to ask for from privately held vendors in this podcast.

third-party risk management, vendor management, due diligence, document collection

Podcasts

3 Best Practices for Overseeing International Vendors

Listen to this 90 second podcast to learn the three best practices for overseeing international vendors.

third-party risk management, risk assessment, risk category, due diligence, best practices, international vendors

eBooks

The Importance of Vendor and Supplier Financial Performance

Download this eBook to understand the importance of your vendor's financial health, especially your critical vendors and how they can affect your organizations reputation.

due diligence, risk assessment, vendor selection, financials

eBooks

Flight Path to Master Third-Party Risk Management

This extensive flight path assists with mastering third-party risk management. Successfully navigate through these third-party risk terminals to help your organization, your customers and your key stakeholders remain safe on the third-party risk trip.

due diligence, risk assessment, vendor selection

Podcasts

3 Tips to Avoid a Vendor Fooling You

There are vendor management best practices you should be aware of to help avoid being deceived by a vendor. Listen to this podcast to quickly learn three tips to help you with the process.

vendor oversight, due diligence

eBooks

Guide for Collecting Vendor Due Diligence

This in-depth guide will walk you through the process of collecting due diligence and solutions for related common hurdles.

ongoing monitoring, oversight monitoring

Podcasts

4 Tips to Dust Off an Outdated Vendor Management Process

Spring is the perfect time to dust off your vendor management program and clean up your processes with these tips.

vendor management, due diligence, policy

eBooks

5 Pitfalls of Vendor Risk Interactive Game and Quick Guide

Play this interactive game and read the quick guide to learn why these 5 pitfalls of vendor risk come into play and what to do.

due diligence, vendor issues, third-party risk management, vendor risk

Podcasts

The Differences Between a Vendor Questionnaire and Assessment

Listen to this 90-second podcast to hear more about the differences between questionnaires and assessments and why your organization needs both.

vendor assessments

Podcasts

Vendor Due Diligence: 4 Fast Facts to Know

Listen to this 90-second podcast to hear vendor due diligence fast facts you need to know to be successful.

due diligence

Podcasts

5 Tips for Offboarding Vendors

Listen to this 90-second podcast to hear more about how you can successfully offboard one of your vendors.

offboarding

Infographics

How to Review a Vendor's Pandemic Plan

This infographic will breakdown what you need to be looking for in your vendor's pandemic plan to keep your employees and customers safe.

business continuity, disaster recovery, pandemic planning, due diligence

eBooks

How-to Guide: Mature Third-Party Risk Management Governance Documentation

Use this guide when developing, managing mature vendor management governance documentation.

ongoing monitoring

Podcasts

How to Create Third-Party Risk Management Procedures

Listen to this week's podcast to help you create your third-party risk management procedures to be more successful.

Podcasts

What Is Ongoing Vendor Due Diligence?

Find out what you need to know about the process and the key points of ongoing vendor due diligence that you should be aware of in this 90-second podcast.

ongoing monitoring, oversight management

Infographics

6 Best Practices to Include in Your Vendor Management MAP for 2021

Learn 6 best practices you need to do when measuring, assessing and planning vendor management processes in the new year.

Podcasts

7 Unique Vetting Elements for Core Processing Vendors

Are you selecting a core processing vendor? Listen to this 90-second podcast to learn about the factors you need to keep top of mind.

vendor vetting

eBooks

Vendor Reputation Risk and Its Impact

Reputation vendor risk is every bit as important as other categories of risk, but it can be harder to gauge. This eBook will help you navigate it.

ongoing monitoring

Podcasts

Why Vendor Management Is Important

New to third-party risk management? Understand what vendor management is and why it's important with this 90-second podcast.

vendor management, third-party risk management, best practices

eBooks

Reviewing and Understanding a Vendor’s SOC Report

View this interactive guide for how to review your vendor’s SOC reports by walking you through each section and the important areas to pay attention to.

cybersecurity

Podcasts

4 Main Third-Party Risk Management Updates from 2020

Find out what important lessons you need to be aware of going into the new year, so you can be more successful in vendor management.

vendor management

Podcasts

5 Vendor Risk Management Tasks to Do Before the End of the Year

This podcast covers a few of the items that you should tackle before the end of the year to be better prepared for 2021.

vendor management

Checklists

How to Verify Your Vendor Is on the Nice List

With the holiday season upon us, it’s time to determine if your vendors made the nice list! To help you, we’ve put together this checklist with what to consider.

vendor checklist, determine vendors, vendor due diligence

Videos

6 Steps to Completing a Vendor Risk Assessment Process

Whether you are new to vendor risk assessments, or want to improve your current approach, this video walks you through how to manage the process successfully.

risk assessment, risk rating

Videos

4 Reasons Monitoring Vendor Financial Health Is Important

This video breaks down the basics of what vendor financial health is and why you should be including this step in your organization’s due diligence process.

oversight monitoring, ongoing monitoring

Podcasts

4 Tips for Gathering Useful Vendor Management Resources

Listen to this podcast to help you figure out the best way to gather vendor management resources.

vendor management

Videos

Managing Third-Party Cybersecurity Risk

Proper cybersecurity has never been more important than it is today. Use the six best practices covered in this video to help ensure your vendor can prevent, detect and respond to a cybersecurity issue.

data breach, information security

Infographics

The Scary Statistics Behind Third-Party Cyber Breaches

If you don’t have an adequate plan to properly manage your vendor’s risk, then your organization could be another scary statistic. Learn how to stay safe.

data breach, information security, data breach statistics

Podcasts

Raking in Vendor Risk Management ROI

Listen to this week’s podcast for the top three benefits and ROI you can achieve by investing in third-party risk management.

vendor management

Podcasts

5 Vendor Data Breach Precautions

You can take proactive steps that will help you better protect your customers and reputation from a third-party data breach. Listen to this 90-second podcast for our top five tips.

data breach, cybersecurity, information security

Infographics

The Changing Vendor Management Expectations for Fintechs

To help fintechs win points with your clients, use this infographic that covers what you need to know about the changing vendor management expectations.

third-party risk management

Podcasts

Scary Consequences of an Incomplete Vendor SOC Assessment

Find out what the three scariest consequences are that can occur if you have a missing item on your vendor SOC report by listening to this week’s podcast.

cybersecurity

Podcasts

4 Fintech Vendor Management Tips to Meet Regulator and Client Expectations

In this podcast, learn the top four tips that will help fintech organizations more successfully meet their client and regulator expectations.

regulatory compliance

Podcasts

3 Vendor Information Security Best Practices

Learn about the importance of strong vendor information security and three best practices our experts recommend in this podcast.

data breach, cybersecurity

Podcasts

How to Maximize Your Third-Party Risk Management Budget

You can take specific steps that will help you maximize even the smallest budget for vendor management. Listen to this week’s podcast for the top three tips we recommend to help you make the most of your organization’s budget.

Infographics

A Quick Guide: How to Manage Fourth-Party Risk

Use this quick, but comprehensive, guide to help mitigate fourth-party risk.

Podcasts

Vendor Oversight Strength Depends on the Contract

If you have well-developed vendor contracts, then you're setting your organization up for success when it comes to vendor oversight. Find out the top three reasons why your vendor contracts directly affect your level of oversight.

due diligence, contract management, ongoing monitoring

Interviews

Interview with Chris Caputo

Chris Caputo, External Audit Coordinator at CMG Financial, shares his thoughts on commonly seen vendor management struggles and how to overcome them.

third-party risk management, due diligence

Podcasts

Top 10 Vendor Contract Negotiation Tips

To help you better manage this stage in the vendor contract process, listen to this week’s 90-second podcast for the top tips our experts recommend.

contract management, contracts

Podcasts

5 Next Steps After You Receive a Vendor Contract

Once you receive a vendor contract, there are specific steps that you should take for a more successful process. This 90-second podcast covers the 5 most important steps our experts recommend you're following.

contract management, contract negotiation

Infographics

8 Vendor Service Level Agreement Best Practices

To make sure both your organization and your vendors are on the same page, follow the best practices covered in this infographic.

contract management, contract negotiation, contracts

Podcasts

7 Must-Haves for Vendor Management Examiners Right Now

Whether your exam is conducted in-person or remotely, this 90-second podcast covers the 7 most important items you should always have prepared.

examinations

Samples

Free CAIQ Assessment

Understand the quality of your cloud vendor's control environment. Our CAIQ Assessment will show you if there's sufficient confidentiality, availability and integrity in key areas.

Interviews

Interview with Jenn Wilkinson

Jenn Wilkinson, Vice President of Strategic Vendor Management at Cenlar FSB, shares her thoughts on the process of building an expert vendor management program from the ground up.

third-party risk management program, due diligence, initial vendor vetting

eBooks

Creating and Updating Your Third-Party Risk Management Procedures Documentation

This comprehensive eBook breaks down how to create your third-party risk management procedures documentation.

vendor risk management program

Podcasts

The Hazards of Incomplete Vendor Due Diligence

By not being aware of the hazards of incomplete vendor due diligence, you could be putting your organization at risk. Listen to this 90-second podcast for the most important hazards to know.

ongoing monitoring, oversight management

Infographics

How to Manage Issues with Vendors

This infographic will walk you through key best practices and a process that will help you mitigate some of the risks of dealing with issues with your vendors.

issue management, vendor issues, vendor issue management

Podcasts

3 Questions to Include in Vendor Information Security Assessment Questionnaires

Listen to this week’s podcast to find out three important questions we recommend you include in your questionnaire.

cybersecurity

Podcasts

What Is Vendor Business Continuity Management?

Understand the basics of business continuity management with this 90-second podcast that breaks down what you need to know about the process.

BCP

Infographics

How to Rate Your Vendor's Risk

When it comes to vendor risk assessments, the process can seem overwhelming. This infographic helps you determine your vendor's risk rating.

rate vendor risk, risk rating, vendor risk ratings

Podcasts

5 Requests to Always Negotiate into a Vendor Contract

There are important requests you need to include in all of your vendor contract negotiations. These 5 will help set your organization up for success. Find out what they are by listening to this podcast.

Infographics

COVID-19 Shines a Light on the Importance of Third-Party Risk Management

Looking for ways to improve your program in light of the recent pandemic? This infographic breaks down what you need to know.

covid 19, third-party risk management covid, covid 19 tprm, pandemic third-party risk management

Infographics

Are You Ready for the COVID-19 Vendor Risk Management Tsunami?

With COVID-19 impacting many vendors' businesses, use this infographic to help you prepare for the aftermath.

Podcasts

Handling Problem Vendors

Listen this roundtable discussion to hear from three third-party risk management experts as they share their thoughts on handling problem vendors who won't play nice in the sandbox.

ongoing monitoring, oversight, due diligence

Infographics

What to Do After a Vendor Management Exam

Do you know what steps to take after the vendor management exam concludes? This infographic breaks down the main areas that you should focus on.

examinations, vendor management exam, vendor exams

Podcasts

5 Signs It's Time to Augment Third-Party Risk Staff

Organizations may not have the internal capabilities to properly manage every step of the process. Listen to this podcast to learn how to determine if your organization could benefit from outsourcing vendor management support.

staffing, outsourcing

Podcasts

7 Steps to Take When You Have a Vulnerable Vendor

You should be proactively taking steps to mitigate risks posed by potentially vulnerable vendors. This podcast covers seven steps you can take to ensure your organization is safe against vulnerable vendors.

ongoing monitoring, oversight, due diligence, oversight management

Infographics

7 Speedy Vendor Oversight Tips to Know

You must maintain proper vendor oversight, especially in today's changing environment. Download this infographic that breaks down how to handle the process efficiently.

ongoing monitoring, oversight, due diligence, vendor oversight tips

Podcasts

Understanding Vendor Cybersecurity Posture with the CIA Triad

There are three key components of information security that you should monitor when analyzing your vendor’s information security strength. Listen to this podcast to understand the CIA Triad.

cybersecurity, information security

Podcasts

10 Quick Signs Your Vendor's Financial Performance Is Declining

Protect your organization by looking out for the 10 signs covered in this 90-second podcast that will indicate your vendor's financial performance is declining.

financials

Podcasts

5 Vendor Pandemic Planning Takeaways Learned from COVID-19

To be better prepared for future pandemic related situations, use these 5 takeaways learned from COVID-19 to improve your third-party risk management procedures.

vendor management procedures, business continuity, disaster recovery

Podcasts

11 Items to Look for in Your Critical Vendor’s Business Continuity Plan

There will be business events that occur with your vendor that can impact your organization. Listen to this 90-second podcast to learn 11 items to look for in business continuity plans.

Infographics

11 Things to Do Before You Jump Into Vendor Risk Management

Use the 11 tips in this infographic to help you prepare yourself for properly managing vendor risk.

third-party risk, third-party risk management, vendor management

Podcasts

What to Know About the FDIC Fintech and Third Parties Guide

There are specific requirements fintech companies and third parties must comply with if they're going to partner with a bank. Listen to this week's podcast to learn what you need to know about the FDIC guide for fintechs and third parties.

Infographics

Vendor Financial Health Monitoring: Warning Signs to Watch Out For

Is your vendor’s financial performance declining? To protect your organization there are some warning signs to look out for. Be aware of what the consequences are and your steps for recourse.

oversight, ongoing monitoring

Podcasts

3 Constant Requirements in the Vendor Lifecycle

There are 3 "behind the scenes" vendor lifecycle requirements that are constant and should be maintained throughout the entire vendor relationship. Listen to this week's 90-second podcast to learn more about what they are and why.

third-party risk management

Infographics

10 Vendor Risk Management Practices You Should Be Doing During the COVID-19 Pandemic

These COVID-19 vendor management best practices will help you with current challenges.

third-party risk best practices

Podcasts

5 Next Steps After the Vendor Management Exam Concludes

While preparing for a vendor management exam is a crucial step in the process, how you follow-up after the exam is equally as important. Listen to this podcast that will cover the 5 next steps you should be taking after a vendor management exam concludes.

examination, third-party exam, audit

Podcasts

4 Ways to Optimize Ongoing Vendor Oversight

By periodically conducting due diligence, you will be able to ensure your vendors are still meeting your organization’s needs. This 90-second podcast covers 4 tips that will help get you started.

Podcasts

Overview of the 7 Pillars of Vendor Management

Regulatory guidance sets out fundamental expectations. It’s important from the management and exam standpoint that these pillars are in place. Learn more in this podcast.

Infographics

Applying Multiple Layers of Collaboration Within Vendor Risk Assessments

Communication and collaboration are key in implementing a risk assessment process. Download this infographic for how to collaborate during the process.

vendor risk assessments, risk assessments, collaborate vendor risk assessment process

Podcasts

4 Underlying Reasons Why Vendor Financial Reviews Are Critical

Does your organization understand your vendor’s financial viability and performance? Here are 4 reasons why your vendor’s financial performance is crucial for you to report on.

Infographics

Why Vendor Due Diligence Reviews Are Not a "Check-the-Box" Activity

Due diligence is an important step in vendor management, so cutting corners can be dangerous. Learn what could go wrong with a check-the-box approach.

eBooks

Unacceptable Vendor Due Diligence

Performing vendor due diligence is a regulatory requirement and sound business practice. This eBook helps you identify unacceptable vendor due diligence in 5 major reports.

vendor due diligence, unacceptable vendor due diligence, bad due diligence

Podcasts

4 Tips to Help Make Vendor Management a Priority

Vendor risk management is important to meet regulatory guidelines. Listen to this podcast for 4 tips to help you make third-party risk a key priority in your organization.

Podcasts

Who, What and Why of a Vendor Risk Appetite Statement?

Do you need help determining what your vendor risk appetite is? This podcast answers common questions you may have when it comes to determining your organization’s risk appetite.

Podcasts

6 Tips for a Strong Vendor Management Program

Your vendor management program should be specific and unique to your organization’s needs. Listen to the 6 best practices covered in this podcast for creating a third-party risk program.

Podcasts

Understanding Initial Vendor Due Diligence

This podcast breaks down what initial vendor due diligence is and why your organization should incorporate it into your vendor management program.

eBooks

Is Your Vendor Management Program Inadequate?

Do you know the signs of an inadequate vendor management program? Download this eBook to walk you through what you need to look out for.

vendor management program, bad vendor management, signs of bad vendor management

Podcasts

The 6 Primary Categories of Vendor Risk

Different types of vendor risk require unique approaches. This podcast breaks down the 6 main categories of vendor risk to help you improve your organization's overall approach.

Interviews

Interview with Glen Trudel

Join us and Glen Trudel, Partner at Ballard Spahr, LLC. We discuss the biggest third-party risk struggles financial institutions face today, how to handle ongoing vendor risk management and vendor oversight, addressing cybersecurity, board involvement, industry expectations and more.

Podcasts

4 Similar Yet Different Vendor Management Concepts

Each vendor management concept brings varying components to an organization’s overall structure. Listen to this podcast to dive deeper into each concept.

Podcasts

5 Next Steps to Address Repeat Vendor SLA Failures

When your vendor fails to meet the SLA requirements outlined in your contract, it can have negative consequences. Listen to this podcast for next steps.

Podcasts

7 Steps to Take If It's Time for a New Vendor in 2020

If your vendor isn't meeting your organization’s needs, it may be time to start searching for a new vendor. Listen to this podcast for steps to help you with the process.

Checklists

Vendor Checklist: Determine If Your Vendor Is Naughty or Nice

When you are evaluating your vendors, you can use this handy checklist to help walk you through the process.

vendor risk, checklist, vendor management, risk management

Podcasts

5 Best Practices of Successful Vendor Risk Assessments

One of the most crucial aspects of vendor management is performing a third-party risk assessment. Use these 5 practices to help get started.

Podcasts

4 Big Third-Party Risk Management Updates from 2019

Use the third-party risk lessons and guidance learned this year to help your organization be even more successful with vendor management in 2020.

Podcasts

4 Best Practices to Improve Your Vendor Due Diligence Strategy

Listen to this 90-second podcast to hear our four third-party risk expert tips to help you when improving your vendor due diligence strategy.

eBooks

Horror Stories: Third Parties Behaving Badly

Here are examples of vendor management horror stories so you know what to avoid in order to better protect your organization.

Podcasts

8 Benefits of Vendor Risk Management

There are many benefits of vendor risk management. Understand why vendor risk is important and how to use these steps in your organization by listening to this podcast.

Podcasts

5 Tips for Budget Planning in Third-Party Risk Management

Budget season is upon us! Prepare yourself and your organization by planning ahead now for third-party risk. Listen to this podcast for more information.

Infographics

Importance of Vendor Due Diligence and Oversight

To help you with the due diligence and vendor oversight stages of the third-party risk process, use this infographic to help walk you through what you need to know.

ongoing monitoring

Podcasts

Is Your Vendor's Cybersecurity Your Weak Link? Avoid the Horror

You can start to better understanding of what specific items you need to look for in your vendor’s cybersecurity plan with this 90-second podcast.

Infographics

Fintech Provider: Why Your Third Parties Have Become Important to Financial Institutions

Understand why the risk your third parties pose to you is important to your financial institution clients. Download the infographic.

fintech provider, financial institution

Infographics

Third-Party Risk Management Practices for Fintech Companies

What fintech companies need to know about third-party risk management, regulations and 4 tips to meet regulator and client expectations.

tprm practices, fintech tprm, fintech best practices, best practices for tprm, fintech tprm practices

Infographics

6 Ways for Ongoing Monitoring of Your Vendors

You need to focus on oversight and ongoing monitoring of your vendors before and after you sign the contract using the 6 ways to improve your process.

Infographics

Vendor Contract Negotiations: What to Negotiate for Third-Party Risk Management

This useful infographic that will walk you through what to negotiate into a contract for third-party management.

Podcasts

10 Ways to Improve Your Third-Party Risk Management Program

Proper vendor management requires you to periodically go update and improve elements of your program. Listen to this 90-second podcast to hear specific steps to take to improve your third-party risk program.

vendor management program, vendor risk management program

Podcasts

7 Steps to Take After Receiving a Vendor SOC Report

There are steps you can take to make the process more efficient when reviewing a SOC report. Listen to this week’s podcast to find out 7 steps to take.

eBooks

Are You Reviewing Your Vendor's BCP and Disaster Recovery?

It's critical to verify if your vendor is implementing strong business continuity and disaster recovery planning. This eBook will break it down for you.

Podcasts

5 Ways to Prevent Problems in Third-Party Risk

The constant shift can lead to occasional problems in third-party risk management. If you take the time to manage the process correctly and implement specific procedures, it could help you avoid costly errors down the line.

ongoing monitoring, oversight, due diligence, issue management

Infographics

Vendor Risk: Contract Negotiations Best Practices

In this infographic, dive into the negotiation component and ensure maximum value from your outsourced relationship.

Videos

9 Tips for Successful Vendor Contract Management

Improving how your organization manages the process will help you clearly define vendor expectations and responsibilities. Watch this 90-second video to get a fast overview and best practices for vendor contract management.

eBooks

Choosing the Right Third-Party Risk Operating Model

Because there's no one-size-fits all approach to vendor management, it's important you determine which model will help your organization reach its goals. This eBook will help.

Podcasts

9 Tips to Prepare for a Third-Party Risk Examination

For a smooth third-party risk examination, 3-4 months in advance of the examiners’ arrival you should prepare or fine-tune these 9 documentation items. We'll tell you what they are and some tips.

exams

Interviews

Interview with Jo Ann Barefoot

Jo Ann Barefoot, CEO at Barefoot Innovation group and Cofounder at Hummingbird Regtech, shares her thought provoking insight on how organizations are handling third-party risk management.

regtech

eBooks

6 Elements of a Successful Vendor Risk Management Program

Make your vendor risk management program is successful, here 7 are the seven critical items that you need to focus on.

Interviews

Interview with Michael Donnella

This interview features Michael Donnella, Corporate Compliance Officer of Murphy Oil Corporation. Michael shares his perspective on corporate compliance and why having a culture of compliance in third-party management is crucial for organizations.

regulatory compliance, regulatory guidance

Videos

Pre and Post-Contract Vendor Due Diligence

Throughout your vendor risk management process, you should be conducting due diligence both pre and post-contract. In this 90-second video, learn the different due diligence items you should be requesting from your third-party vendors.

contract management

Podcasts

Why Vendor Complaints Matter and Why You Should Care

You need to also monitor your vendor's complaints as a critical part of third-party risk management. Listen to this podcast for more information.

Podcasts

How to Determine Vendor Regulatory Risk

Regulatory risk is used to determine the vendor relationship’s risk rating . Listen to this 90-second podcast to learn more about the categories of regulatory risk and how you can determine your vendors' regulatory risk.

eBooks

What Is the ROI of Vendor Risk Management?

Vendor management may seem like a large investment, but there is a significant ROI if the process is managed properly. Better understand how your third-party efforts can save your organization money.

Videos

3 Questions to Determine Critical Vendors in Third-Party Risk Management

Determining who your critical vendors are is an important part of the process. Watch this 90-second video, and hear important questions to ask yourself in order to figure out which of your vendors are critical.

risk assessments

Infographics

Strategies to Improve Your Vendor Due Diligence Process

Improve your vendor due diligence process, with this informative infographic that covers specific strategies that you can use to protect your organization.

Podcasts

5 Mid-2019 Tips to Be Proactive in Vendor Management in 90 seconds

With 2019 underway, we decided to put together some tips to help your organization stay proactive in vendor management. This podcast will give you a quick refresher on third-party risk best practices.

Videos

9 Steps to Creating an Effective Third-Party Risk Program in 90 Seconds

An effective third-party risk management program is key to protecting your organization. Watch this 90-second video to learn the 9 steps that you should take in order to create a third-party risk program.

Infographics

10 Best Practices of Really Good Vendor Managers

To help you and your team succeed in your vendor management, we’ve put together an infographic on the top 10 best practices that every good vendor manager should follow.

Interviews

Interview with Lori Frank

Listen to this interview to hear President and CEO of Argos Risk, Lori Frank, cover current third-party risk management challenges and shifts in ongoing monitoring trends in the industry today.

oversight management

eBooks

Vendor Risk Management Exam Prep Guidebook

Download this educational eBook to learn how to impress auditors and requirements to be more prepared for your next vendor risk exam.

Podcasts

Developing an Effective Complaint Management System for Vendor Management

How your organization manages and responds to complaints has become critical. Here are some tips to help you develop an effective complaint management system.

Infographics

What / Why / When / Who / Where of Vendor Risk Assessments

Risk assessments are vital to the success of an organization’s vendor management program as you delve further into any risks vendors pose. This infographic shows you the what, why, when, who and where of them.

Podcasts

What's In the News Matters

Vendor management is covered a lot more in industry news now. It's hard to keep up, and sometimes tempting not to try. This video mentions recent examples of important items covered.

Podcasts

Fourth Party Vendor Risk Management in 90 Seconds

Here are some specific steps you can take with fourth party risk management that will help be more prepared and protect your organization.

Infographics

Creating a Vendor Risk Management Program that Protects Your Organization

Having a strong vendor risk management program is a great way to protect you and your customers. This infographic covers how to create a program.

Videos

Third-Party Document Collection Best Practices in 90 Seconds

Due diligence is another term for third-party document collection. It is one of the most critical activities in third-party risk management. Watch this quick overview of best practices for third-party document collection.

Podcasts

5 Steps to Measuring Your Vendor’s Financial Health in 90 Seconds

Listen to this podcast for 5 important steps that you can take to measure your vendor's financial health.

Podcasts

6 Vendor Contract Management Best Practices in 90 Seconds

Listen to this podcast to learn about vendor contract management from our experts, the importance of contracts to your organization and what steps you should take to protect your institution.

Samples

Free Vendor SOC Assessment

Download a sample SOC analysis summary document that allows you to focus on the important components, including the set of controls that you control directly.

cybersecurity, information security

Infographics

Do You Have Dirty Vendors? It May Be Time to Spring Clean

Is there a way to know if you have “dirty” vendors who could use some dusting off? Ensure you know everything important and what steps to take to help you spring clean your vendors.

Interviews

Interview with Jennie Fowler

This interview features Jennie Fowler, Director of EPMO and Vendor Management Officer, at American Credit Acceptance. Throughout the interview, Jennie shares her recommendations to obtain support from the C-suite when it comes to vendor management.

regulatory guidance, buy-in, reporting

Infographics

When Does a Fourth-Party Vendor Require Your Attention?

Do you know who your fourth parties are? This infographic will help get you started with the when and how of identifying your fourth-party vendors.

fourth-party management, fourth-party vendors, fourth-party vendor risk

Podcasts

Do I Have to Risk Rate Every Vendor?

In this 90-second podcast, we will cover the specific steps you should take in order to determine the vendors that need to be included in your vendor oversight.

Interviews

Interview with Nicole DeSantis

This interview focuses on the three lines of defense model discussion and how there should be a well-developed vendor management structure at all organizations regardless of the size.

information security

eBooks

Vendor Issues and Challenges: What Leverage Do You Have?

Download this eBook for the challenges and possible solutions you may potentially encounter to help you prepare for various vendor management issues.

Podcasts

8 Tips on Maintaining Good Vendor Relationships in 90 Seconds

Maintaining strong vendor management relationships will help lead to a successful partnership for your organization. In today’s podcast, we’ll cover 8 important tips to maintain good vendor relationships in 90 seconds.

Podcasts

Your Third Parties - Potential UDAAP Risk in 90 Seconds

UDAAP has presented some concern to third-party risk professionals. In this podcast we cover procedures and best practices to effectively manage UDAAP and your third parties.

regulatory compliance, guidance

Podcasts

7 Reasons Why You Shouldn’t Use Spreadsheets for Vendor Risk Management

With the increase in regulations and vendor oversight requirements, managing vendors with a spreadsheet is very inefficient. Here are 7 reasons why spreadsheets will not cut it anymore.

reporting, regtech

Interviews

Interview with Spencer Knibbe

This interview focuses on the role of vendor management in financial institutions from a legal and regulatory perspective. We cover the pain points organizations are experiencing for third-party risk, which includes data aggregation, organizational consistency, reporting and cybersecurity.

Podcasts

5 Quick Tips for Developing a Vendor Risk Assessment Template

We'll cover tips for developing a vendor risk assessment template, also referred to as a VRA questionnaire. These are important while assessing how much risk your vendor presents to you. Check out our 5 recommendations.

Podcasts

How to Write a Vendor Management Policy

When getting started in vendor management, there are three sets of documents that you want to create. The first document that you should focus on writing is your third-party risk policy. In this podcast, we're going to walk you through 6 steps to take in order to write an effective policy.

Infographics

Inherent vs. Residual Vendor Risk

What is inherent risk and how to determine it, why residual risk is never higher than inherent risk and 4 important tips to follow.

inherent vendor risk, residual vendor risk, inherent vs residual risk

Infographics

How to Rate Your Vendors Regulatory Risk

Evaluating your vendor's regulatory risks ahead of time can help you avoid some very costly surprises down the road. Use this infographic to see how to rate your vendor's regulatory risks.

regulatory risk, vendor regulatory risk, rate vendor risk, rate vendor regulatory risks

Podcasts

5 Best Practices of Hiring Vendor Management Staff for 2019

Are you looking to expand your vendor management team? There are certain steps you can take in order to find the most effective team your organization. In this podcast, we discuss 5 tips to recruit potential vendor management team candidates.

staffing

Infographics

Let's Solve the Third-Party Risk Management Puzzle

Put your knowledge to the test by downloading this crossword puzzle that is filled with third-party risk clues and phrases.

Podcasts

7 Attributes of Good Vendor Managers to Continue in 2019

Vendor management typically takes an individual who is meticulous in detail, thorough and patient to perform the job. In this podcast, we’ll wrap up the year and touch on some attributes found in good vendor managers.

staffing

Samples

Free Initial Vetting Package of a Third Party

In every new relationship should be doing the necessary research to know your vendor and meet regulatory requirements. This assessment shows you how to do the research.

Interviews

Interview with Keith Koo

This interview covers qualifications that are needed on a third-party risk management team, why cybersecurity risk is something that you can never defeat and a thought provoking conundrum about the introduction of decentralized technology.

cybersecurity, team

Infographics

25 Common Vendor Risk Management Errors to Avoid in 2019

It's easy to get so involved with vendor management that you miss basic, but key, items. Find out what the top 25 errors are to avoid in your vendor management program in 2019.

risk management errors, how to avoid vrm errors, vendor risk management, third-party risk errors

Podcasts

Top 7 Best Practices in Vendor Management from 2018

This podcast covers 7 of the 2018 best practices that you should continue into the new year. They range from engaging the first line of defense through continuing education.

third-party risk management process

Podcasts

10 Reasons to Be Thankful for Vendor Management

Now is the time to reflect on the year and some of those reasons to be thankful for a well-developed vendor management program. Let's go through 10 reasons now.

Interviews

Interview with Brian Tate

This interview covers both a legal and industry perspective on third-party risk, impact of fraud in third-party risk management, discussion regarding increased oversight at the state level and a post Dodd-Frank Act lesson - senior management and the board must be involved.

regulatory compliance, guidance, reporting

Podcasts

Preparing for Periodic Vendor Updates to the Board

Third-party risk management needs to be a part of the board's regular activities. Listen to our 5 tips to help you prepare for periodic vendor updates to the board

Infographics

UDAAP and Your Vendors

This infographic will guide you through what you need to know about UDAAP and add clarity to what to do as it relates to your vendors.

udaap, vendors udaap, udaap vendors, what is udaap

Infographics

8 Actionable Ways to Increase Efficiency in Your Third-Party Risk Management

With the increase in regulatory demands, it's crucial to be as efficient as possible. Take the right steps to increase efficiency - we have 8.

third-party risk efficiency, improve third-party risk management, vendor management improvement, program improvement

eBooks

8 Terrifying Third-Party Risk Management Stories

We gathered 8 terrifying real-life third-party risk management stories from compliance officers and vendor management teams across various sizes of organizations. Learn from their mistakes.

third-party risk management stories, tprm stories, vendor management stories

Infographics

10 Best Practices When Handling a Vendor Data Breach

Be prepared for when your vendor experiences a data breach by doing these 10 best practices. Hackers do not discriminate when looking for an asset to attack.

handle vendor data breach, vendor data breach, how to handle vendor data breach, vendor data breach best practices

Infographics

How to Mitigate Vendor Risk with Contract Management

Follow these basic dos and don'ts of vendor contract risk management. There are steps to take, 8 additional tips to help mitigate vendor risk and 5 huge mistakes to avoid.

vendor contract, contract management, vendor contract management process

Interviews

Interview with Ashley Kelley

Join us and Ashley Kelley, VP of ERM at APCU, for a discussion on third-party risk overall, centralizing third-party risk management - why it can be a struggle but is needed, insight from the VP for the International Association of Financial Crimes Investigators (IAFCI) on cybersecurity expectations and concerns and more.

Podcasts

Quick Tips for Developing Your Third-Party Policy, Program and Procedures

A well-developed policy, program and procedure documents are all crucial to the success of an organization’s third-party risk management department. Listen for some quick tips to help you.

vendor management program

Infographics

7 Steps to Protect Against Rising Vendor Cybersecurity Risks

Could your vendors be your weak link? To learn how to protect your organization from third-party vendor cyber risk, our infographic covers 7 key steps to follow.

cybersecurity, information security, rising vendor risk

Podcasts

What Is the Difference Between a Vendor SOC 1 and SOC 2 Report

SOC reports differ based on what they cover, how the auditor performs the assessment and what level of detail the reports include. Learn the differences between a vendor SOC 1 and SOC 2 report and Type 1 and Type 2.

cybersecurity, information security

Infographics

Fourth Party Oversight and How to Organize the Effort

Fourth parties are just as important as third parties. They can have access to your confidential information and thus you must make sure you do proper oversight and effort with these companies.

fourth-party vendor, fourth-party vendor oversight, vendor oversight

Interviews

Interview with Amy Hanna Keeney

Join Venminder and Amy Hanna Keeney, Attorney with Adams and Reese LLP, for a thought-provoking interview on 2018 CFPB progress & activities, what you can expect from the CFPB in regards to regulatory guidance, the future of UDAAP enforcement actions, CFPB hot topics for the coming months and more.

regulatory guidance, regulatory compliance

Infographics

Don't Sign the Vendor Contract Just Yet

Whether negotiating a new vendor relationship or renewing an existing one, learn how to develop a contract that clearly defines expectations and responsibilities of the vendor, tips and best practices.

vendor contract, contract management, sign vendor contract

Podcasts

10 Reasons for a Third-Party Risk Management Budget in 2019

In this podcast, we'll go through 11 reasons to consider your third-party risk management department/program when budgeting for the upcoming year.

budget, ROI

Interviews

Interview with Michael Morris

Join us and Michael Morris, Systems Partner at Porter Keadle Moore, LLP, for an auditor's perspective on vendor risk management. Topics covered include: best practices for managing risk, addressing today's cybersecurity threats and risks, top areas of concern for a SOC audit report and more.

Samples

Free Information Security and Privacy Assessment

This information security and privacy assessment that covers key cybersecurity and information security risks that can help identify areas of possible weaknesses.

Podcasts

Budgeting for 2019: 5 Vendor Contract Considerations

It's a best practice to consider the costs associated with negotiating key contract terms and pricing within your third-party risk management program. Listen to this podcast that covers 5 vendor contract considerations for your budget.

ROI

Podcasts

Vendor Risk Management and FFIEC Appendix J

This podcast covers how FIEC’s Appendix J relates to your vendor risk management program and 4 key elements of business continuity planning that you should address when contracting with a third-party service provider.

regulatory guidance, compliance

Infographics

Why You Should Assess Vendors at the Product Level

Learn what to include, reasons why you'd need multiple assessments, an example and 3 best practices.

assess vendors, product level assessment, how to assess vendors

Infographics

24 Best Practices to Minimize Vendor Risk

Take a look at what we consider to be 24 of the current best practices to minimize vendor risk and ensure your org is a top performer in TPRM.

minimize vendor risk, how to minimize vendor risk, best practices to mitigate risk, mitigate vendor risk

Podcasts

5 Third-Party Risk Management Best Practices for a Fintech Provider

Allow your clients to feel much more at ease when selecting you as their preferred vendor of choice to continue doing business with - follow these 5 best practices now for a well-developed and organized third-party risk management process.

Infographics

Are Your Vendors in Compliance?

Ensuring that your vendors are meeting their regulatory exam expectations is a key part of vendor risk management. Download this infographic now to learn about managing and mitigating compliance risk.

vendor compliance, know your vendor

Podcasts

The Importance of Vendor Due Diligence

Vendor vetting and ongoing monitoring are both important stages of the vendor lifecycle and due diligence process, but, why exactly is due diligence so important for vendor risk management? Listen to our third-party risk management podcast now to learn the top 5 reasons.

Infographics

Vendor SOC for Cybersecurity Report

When and how to request a SOC for Cybersecurity, what it includes and differences between a SOC 2 vs. a SOC for Cybersecurity. Mitigate cybersecurity risk now.

vendor soc report, soc for cybersecurity, cybersecurity soc report

eBooks

Vendor Risk Management and the SSAE 18 Audit

As a third-party service provider, the SSAE 18 audit requires that you have an effective vendor management program in place. Are you prepared? In our latest eBook, we'll take you through all the steps you need to know for..

regulatory compliance, regulatory guidance, ssae 18, ssae 18 audit

Podcasts

4 Best Practices to Take Away During a Breach

We all hope to never experience a breach at our organization, but if it does happen, do you know what to do? You can minimize the chance of it happening again by using these 4 best practices to improve your third-party risk management program.

data breach, cybersecurity, information security

Infographics

SLAs - Trying to Get Out of a Vendor Contract

What the SLA should state, opportunities provided by SLAs to your organization, negotiating service levels, the 8 elements a model SLA should include, best practices and more.

exit strategy, get out of vendor contract, vendor contracts, contract management

Podcasts

6 Tips to Balance Third-Party Risk Management Tasks

Third-party risk management is associated with a great deal of tasks and a large workload, so here are 6 tips that can provide some relief.

Infographics

Advantages & Best Practices Vendor On-Site Visits

On-site visits are an important part of vendor due diligence. While the vendor types which warrant one will vary, these tried and true best practices remain the same.

vendor on-site visits, best practices site visits

eBooks

Contract Management Guide & Best Practices

Proper vendor contract management can mitigate risk. Learn the phases of contract management, how to overcome challenges and best practices.

contract management, vendor contract management, vendor contracts

Podcasts

How to Do a Vendor Risk Assessment

Listen to this third-party risk management podcast where we take into consideration regulatory guidance OCC Bulletins 2013-29 and 2017-7 and FDIC Letter 44-2008 to help guide you through the vendor risk assessment process. Learn how to complete a vendor risk assessment, steps and tips.

Infographics

Simplify Information Security Assessments

A third-party information security assessment is an integral part of judging a vendor's risk level. Learn 3 core principles, key regulatory guidance, why use one and 3 questions to ask.

cybersecurity, information security assessments, what are infosec assessments, infosec assessments

Interviews

Interview with Loraine DeBonis

Join us and Loraine DeBonis of Ubiquity Compliance Solutions for key takeaways from a panelist at the NBPCA’s Power of Prepaid conference perspective, challenges banks & prepaid program managers are facing regarding the Fed’s Regulation E, improving risk management and more.

Podcasts

Improving the Process & Documenting a Mid-Year TPRM Progress Check

You've gone through the 6 steps and best practices for a mid-year third-party risk management progress check, so now what? Listen to learn the next steps to take, how to document your findings and how to improve upon the process as a whole.

Interviews

Interview with Ed DeMarco

Join us and Ed DeMarco, General Counsel and Director of Operational Risk & Regulatory Relations/Communications of the Risk Management Assocation (RMA), for a discussion on vendor risk management challenges & best practices, cybersecurity, regulatory compliance and more.

Infographics

Why We Do Vendor Due Diligence for VRM

When you understand why vendor due diligence reviews are necessary, it’s easier to see the increased benefits and make due diligence a priority. Download this vendor management infographic where we'll further explain why.

vendor due diligence, why do we do vendor due diligence, conduct vendor due diligence, how to conduct vendor due diligence

Podcasts

Fundamentals of BCP within Vendor Management

Business continuity planning (BCP) is important to you and your vendors. Listen as we guide you through the appropriate regulatory guidance to follow, what to plan for, what to restore first and how to recover.

Interviews

Interview with Jim Hussey

Join us and Jim Hussey, Founder of IT-TPRM.com, for a discussion on vendor risk management challenges, why you should place heavier focus on technology or fintech risk, how to engage the first line of defense, advice on meeting OCC lifecycle expectations, best practices and more.

Podcasts

Understanding your Vendors SOC Report - The Basics

What is a SOC report? It's an audit report performed by a public accounting firm and attests to the existence & effectiveness of the controls put in place to safeguard your data. Listen as we break down 6 important parts.

Infographics

Best Practices for Identifying Critical Vendors

Learn what is a critical vendor, how to identify your critical vendors, examples of critical vendors and best practices to monitor for proper third-party risk management.

risk assessments, critical vendor, identify critical vendor

Interviews

Interview with Andrew Lorentz

Join us and Andrew Lorentz, Attorney at Davis Wright Tremaine LLP. We discuss balancing commercial opportunities with compliance initiatives, importance of community involvement and legal analysis, cybersecurity at exams and outside counsel's view on if the board is properly involved.

Infographics

Assessing Vendor Financial Risk Beyond Numbers

How to assess vendor financial risk. Failing to do so can be detrimental to not only your third-party risk management program, but may have direct implications on how you operate your business.

vendor financial risk, assess financial risk, vendor financials, vendor financial risk assessment

Podcasts

7 First Line of Defense Best Practices

The first line of vendor risk management defense has direct interaction on a day-to-day basis with your third-party. Listen to our podcast for 7 best practices for properly engaging the first line of defense.

eBooks

Examination Preparation GuideBook

Items to have prepared, key steps to ensure a successful exam and 14 tips for planning for the day of the examiner's arrival.

exam prep, vendor management exam prep, examination prep, examination preparation

Podcasts

Fourth Party Vendor Monitoring

Fourth party risk and liability is often overlooked because there isn't direct relationship with the fourth party vendor. Listen now for the 3 oversight steps to take regarding your fourth party vendors.

Podcasts

Criticality and Vendor Oversight

When determining your level of oversight on a vendor, you’ll clearly want to determine their criticality and risk level first. Listen to this podcast to help guide you through the process.

Infographics

The Final Countdown to GDPR

Be prepared to comply with the General Data Protection Regulation (GDPR) - it impacts EU and U.S. companies.

GDPR, general data protection regulation, EU regulation

Infographics

How to Do Vendor Due Diligence

Guide for initial and ongoing due diligence that covers how to do it properly, benefits, items to request, understanding your vendor's regulatory risk impact and more.

vendor due diligence, how to do vendor due diligence, vendor due diligence how to, conduct vendor due diligence

Interviews

Interview with Glen Trudel

Glen Trudel, Banking and Corporate Attorney at Ballard Spahr, discusses general challenges organizations are facing when it comes to third-party risk and best practices to overcome those hurdles.

Podcasts

Non-Elective Vendor Oversight Responsibility

A non-elective vendor is one you don't have a direct relationship with, but your third-party does - making them a risk to you and therefore requiring some oversight. Listen to learn the associated responsibilities.

ongoing monitoring, due diligence

Infographics

Vendor List Creation, Classification & Rating

Understanding you vendor's classification is a third-party risk management best practice, but what does it mean? This infographic will walk you through the steps to classify your vendors.

vendor management, list creation, vendor rating, risk rating, classify vendors

Interviews

Interview with James Russell

Join Venminder and James Russell, CPA at Russell Bank Consulting. James discusses third-party risk management changes over the last decade, common third-party risk management issues during examination, how to handle third-party relationships that start to go downhill and more.

audit

Infographics

Quick Guide to Onboarding a New Vendor

An important step to vetting a vendor is onboarding. Learn best practices, how to streamline a vendor vetting process and more.

vendor onboarding, how to onboard a vendor, onboarding a vendor, how to onboard vendors

Podcasts

Lifecycle Approach to Third-Party Risk Management

Third-party risk management must flow in a lifecycle. We'll discuss how it's a constant evolutionary process rather than an annual static event - a core aspect that you should incorporate into your program.

eBooks

In-depth Guide to Onboarding a New Vendor

An important step to vetting a vendor is onboarding. Learn best practices, how to streamline a vendor vetting process and more.

onboarding, onboarding new vendors, onboarding vendors, vendor onboarding

Podcasts

How GDPR Impacts Third-Party Risk Management

While the General Data Protection Regulation (GDPR) has a global impact on any company which is collecting, storing, or accessing European resident data. Listen to Third-Party Thursday to learn what you need to know.

regulatory guidance, regulatory compliance

Podcasts

ERM vs. TPRM

Enterprise Risk Management (ERM) and Third-Party Risk Management (TPRM) are are often used interchangeably, but they are two different functions. ERM is more high level, while TPRM is a smaller subset. Listen to learn more.

Third-party risk management

Infographics

Vendor Management Models

The types of vendor risk management model frameworks, advantages and disadvantages of each, how to help promote consistency and clarity and how to set up.

vendor management models, differences between vendor management models

Podcasts

Third-Party Risk Management Staffing

Recommendations from a seasoned third-party risk expert for how to determine how many staff members to have on your vendor management team. Follow our three tips in this podcast.

Infographics

Does this vendor make my risk look BIG?

Learn 4 tips when determining who your high risk vendors are, what to do with those high risk vendors and key points of assessing risk.

vendor risk, vendor management, risk look big

Interviews

Interview with Elizabeth Khalil

Join us and Elizabeth Khalil, Partner of Dykema Gossett PLLC. She discusses how third-party risk has evolved, UDAAP risk, the need for vendor management from fintech companies, how defining responsibilities eliminate gaps, why efficient ongoing monitoring is key and more.

regulatory guidance, compliance, oversight management

Interviews

Interview with Suresh Ramakrishnan

Venminder sat down with Suresh Ramakrishnan, SVP of Ascendum Solutions, for an interview on third-party risk management best practices and how outsourcing (if managed correctly) can provide greater efficiencies, reduce your workload and help with cost management.

ROI

Podcasts

5 Common Pitfalls in Vendor Contracts

Save time, money and other valuable resources by learning mistakes companies make with their vendor contracts. Listen to see how you can avoid some common pitfalls during all phases of the vendor lifecycle.

Podcasts

Creating Awareness of Third-Party Risk Management

Tips for fostering a third-party risk mindset within your organization - how to create awareness, important members of your company to involve & who the third-party risk responsibility lies within every organization.

Podcasts

CIA Triad Within Vendor Management

In this podcast, you'll learn how your vendor's approach to the CIA triad of information security impacts you and your customers. Being aware will help you against third-party risk.

Podcasts

9 Key Components to a Successful Third-Party Risk Management Plan

What makes a third-party risk management plan successful? Listen to learn 9 best practices and key components of a well-managed third-party risk management plan for you to implement now.

Podcasts

Consumer Complaints and Vendor Management

Learn how a well-run complaint management system (cms) can turn an upset customer into your best customer along with five elements to include your vendor management policy on complaint management.

eBooks

How To Guide - Analyzing a SOC Report

Learn why you need your vendor's SOC audit report, if you need their SOC 1 or SOC 2, scope: Is your product/service covered in this report and more.

vendor soc report, analyze soc report, soc reporting, review vendor soc

Podcasts

Third-Party Risk Management Regulatory Compliance During Regulatory Change

Here are daily vendor management regulatory compliance efforts you can implement in order to keep up with third-party risk regulatory reform.

regulatory guidance

Podcasts

How, When and Why to Use an InfoSec Questionnaire

Learn the how, when and why of using vendor information security questionnaires for your third-party risk management and how your due diligence process can benefit from it.

information security

Podcasts

5 Key Provisions to Look for in Your Critical Vendor Contracts

When reviewing and negotiating critical vendor contracts, consider many elements. Here's 5 key provisions to give special attention.

vendor management, contract management

Podcasts

UDAAP And What It Means to Your TPRM Program

Listen to this podcast for what you need to know about UDAAP (Unfair, Deceptive or Abusive Acts or Practices), how they affect your third-party risk management program and items the CFPB is highly critical of.

vendor management, regulatory guidance, regulatory compliance

Podcasts

Due Diligence on Your Fintech Vendors

This podcast covers tips and recommendations for determining due diligence questions to ask your fintech vendors. We'll provide insight into setting the standards that should firmly be expected.

Infographics

7 Pillars of Effective Vendor Management

Download this infographic for what you need to know to protect your institution, your best insurance against unexpected problems, fundamental requirements of vendor risk management.

vendor management, vendor risk, risk management, tprm

Podcasts

How To Properly Identify Your Critical Vendors

Go through critical vendor classification and identification with us. Learn standards for identifying your vendors, how to properly identify your scope and 3 questions to ask to determine if a vendor is critical.

Podcasts

Third-Party Risk Management Year End 2017

Join us as we close out 2017 with this thank you vendor management podcast. And, see what our top 10 most popular videos and podcasts were from our Third Party Thursday series for this year.

Podcasts

Why to Stay Abreast of New Vendor Management Regulatory Guidance

The best way to prepare for new regulatory guidance, how to stay in compliance and some commentary on new regulations taking effect in 2018.

Infographics

Vendor Due Diligence Guide - What to Know

Use this handy tool to keep you and your team on track to properly measure, monitor and control risks. Learn what is due diligence, the importance of due diligence & the scope.

Podcasts

Vendor Classification

Learn about 'bucketing your vendors' - a high level vendor classification system that can help you with third-party oversight, ongoing monitoring and preventing problems down the road. We'll also tell you how to develop buckets of your own.

ongoing monitoring, due diligence

Podcasts

Mitigating Vendor Contract Risk

In order to have vendor management control, you must have a firm understanding or knowledge of third-party vendor contracts. Learn the 3 pillars in managing them and other points about mitigating contract risk.

contract management

Podcasts

Complaint Management System

What to include in your complaint policy and complaint management system to improve vendor management. A well-run system can turn upset customers.

Infographics

How Do You Classify Your Vendors?

How to classify based on product or service, how to classify based on level of risk and next steps to take after you've classified your vendors.

classifying vendor, vendor classification, what is vendor classification, how to classify a vendor

Podcasts

What Should Be In your Third-Party Risk Examination Preparation Handbook

The best strategy for preparing for an examination is to constantly be ready. Listen to learn 7 items you should have in your examination preparation playbook.

Infographics

What Is Vendor Management? AKA TPRM

How to identify all your vendors, essential steps of vendor management, prioritizing vendors according to risk level and why fourth parties are important.

what is vendor management, what is third-party risk management, vendor risk management meaning, vendor management definition

Infographics

Learning from Vendor Management Enforcement Actions

Download this infographic for 4 tips to help you avoid an enforcement action, 6 top websites for legal analysis, 2 Q's to ask when reviewing enforcement actions.

regulatory guidance, regulatory compliance, vendor management, enforcement actions

Podcasts

Third-Party Risk Management Education

Learn how to get ahead of the game education wise in third-party risk management with these 10 best practices. Staying up to date is a great idea for everyone involved in vendor management.

Podcasts

Creating a Culture of Compliance for Vendor Management

Learn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.

Infographics

Vendor Vetting: 9 Considerations for Pre Contract

Who should decide and who should approve, why you should not simply accept a boiler plate contract and taking your new vendor through a risk assessment.

pre contract considerations, vendor vetting, vetting a vendor

Podcasts

Vendor Management Board Reporting

Learn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.

Infographics

14 Third-Party Risk Management Best Practices

Download this infographic for who should decide and who should approve, why you should not simply accept a boiler plate contract and taking your new vendor through a risk assessment.

vendor management best practices, third-party risk best practices, best practices in tprm

Podcasts

UDAAP - Unfair, Deceptive or Abusive Acts or Practices

Learn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.

Podcasts

Brand Names and Vendor Due Diligence

Sometimes people feel too comfortable with a well-known vendor. We cover why even vendors with recognizable brand names require thorough due diligence. No one is immune from third-party risk.

Infographics

Don't Keep Your Board In the Dark of Third-Party Risk

Learn what info to include in board reports, the frequency and format, the appropriate materials to provide in your board reporting package with this infographic.

reporting

eBooks

2017 Third-Party Risk Regulatory Developments

Read this eBook for insights on updates effecting the FDIC, OCC & CFPB, how they effect third-party risk management and how to take action.

regulatory guidance, regulatory compliance

Podcasts

Guidance on OCC Bulletins 2017-7 and 2017-21

Learn key takeaways from two OCC Bulletins issued this year on third-party risk management - OCC Bulletins 2017-7 and 2017-21. Is your institution's vendor management program in compliance?

regulatory guidance

Infographics

Guarding Against Undue Risk from Vendors

What the three lines of defense are, how they guard against undue risk and tips for implementing this strategy at your institution.

three lines of defense, 3 lines of defense strategy

Infographics

Service Level Agreements and Your Vendors

What to include in SLAs, about reviewing SLAs and what you can do if one is broken.

service level agreements, slas, vendor service level agreements

Podcasts

The Basic Concepts of Third-Party Risk Management Framework

Listen to learn the basics of the third-party risk management framework, including how it relates to enterprise risk management (ERM).

Infographics

Vendor Contract Management Best Practices

13 best practices for managing contracts that you won't find in the FFIEC handbook, where your contracts should be stored and why SLAs in contracts are so important.

contract management, best practices vendor contract, vendor contract best practices, contract best practices

Infographics

How to Write a Third-Party Policy for Risk

Learn what your policy should consist of, best practices and tips and 3 common errors to avoid with this infographic.

third-party policy, policy creation, how to create third-party policy, write policies

Infographics

The Scope of Your Actively Managed Vendors

From a risk standpoint, there are some vendors that you should be managing more actively than others.

vendor scope, managed vendors, vendor monitoring

Podcasts

Learning From Third-Party Enforcement Actions

Let's say you find out one of your third parties is named in an enforcement action, even if it is unrelated to your institution, what do you do? Listen to learn the six necessary steps to take.

regulatory guidance, regulatory compliance

Podcasts

Defining Critical Vs. Non Critical Vendors

Do you know the difference between a critical and non critical vendor? Learn about defining them for your financial institution. We'll cover why it's important, the business impact, exit strategies and more.

risk assessment, rate risk

Podcasts

Third-Party Due Diligence

In this short vendor management video, you will learn four key points you need to know regarding third-party due diligence and what items your due diligence checklist should contain to keep your institution safe from third-party risk.

Podcasts

Understanding Vendor SOC Scope, Time and Narrative

Learn what the scope of a vendor's SOC report means and where to find it along with what typical audit periods are and a few questions to ask yourself while reviewing the narrative.

Podcasts

7 Steps of Vendor Vetting

Learn the 7 key things you should do with every new vendor. These steps are essential to the vendor vetting process and determining how much you know about the company with whom are you planning to do business.

Podcasts

Analyzing SOC Controls

In this vendor management video, you will learn where to find the controls section within a vendor SOC report along with what the control objectives and activities are and what to look out for in the findings and exceptions.

Infographics

10 Things to Do When You Receive Notice of an Exam

How you should prepare for an exam ahead of time, who's responsible and our expert tips for the examiner's arrival.

vendor exam, notice of exam, vendor management exam, prepare for exam

Podcasts

Critical Vendors: What to Review

We cover the key questions you need to ask yourself to determine if your vendors are critical. Then, we dive deeper and talk about what you should review on your critical risk vendors.

Infographics

The Role of Third & Fourth Parties

What a fourth-party is vs. a third-party, how to get information on your fourth parties and what to review on your fourth parties.

Podcasts

What is SSAE 18?

As of Monday, May 1, SSAE 18 is now in effect. Are you familiar with SSAE 18 yet? Join us now as we talk about SSAE 18 - what it is and how it affects how you do vendor management at your institution. Let's get started.

Podcasts

Vendor Management Risk Assessments

We’re going to talk through a few key things you need to know about vendor management risk assessments for your organization's third-party risk management program.

Infographics

Due Diligence Item Vendor Managers Aren't Aware of

Improve your vendor risk management program, what requesting one means, what to do if your vendor won't give those reports to you, another way of obtaining the reports.

due diligence items, vendor manager due diligence, vendor manager

Podcasts

10 Steps to Creating Your Vendor List

We’re going to talk through the 10 main steps you need to take to create your proper vendor list for your third-party risk management program at your institution. Let's get started.

Infographics

5 Biggest Mistakes In Vendor Contract Management

The consequences of making these mistakes and an opportunity to visit your contract process and ensure that you have firm standards in place.

vendor contract management, contract management mistakes, vendor contracts

Infographics

10 Common Errors to Avoid in a VM Program

10 errors we commonly see in vendor management programs - check your program now to find out if you have any gaps that need fixing.

Podcasts

3 Lines of Vendor Management Defense

You may have heard the term “three lines of defense”. But, what is a three lines of defense strategy? We'll go through those three lines of defense you have for vendor management at your financial institution.

Samples

Free Data Protection Assessment

This assessment identifies how information is being secured to see risks present by engaging in business with the vendor.

Podcasts

8 Steps to Prepare for a Third-Party Risk Management Examination or Audit

Prepping for an audit is stressful, especially if you're scrambling last minute to finish vendor management tasks. In this 90-second podcast, learn 8 steps to help you prepare in advance.

examination

Podcasts

3 Reasons to Keep Your Third-Party Risk Management Program Independent

In this 90-second podcast, we cover the three most important reasons why you need to keep third-party risk workflows separate from other business processes.

Infographics

Third-Party Risk Management Considerations on Overseas Vendors

How to work with overseas vendors and give them special attention, whether they're a third-party or fourth-party.

Podcasts

Fundamental Third-Party Risk Management Best Practices

We'll discuss fundamental best practices of third-party risk management that you need to implement such as education, tailored ongoing monitoring, outsourcing and not cutting corners.

Infographics

Vendor Complaints and Why You Should Care

Customer complaints are a fact of life in the social media world we live in today. See why you need to monitor your vendor's complaints as a critical part of third party risk management.

Infographics

7 Vendor Nightmares to Avoid

7 vendor management nightmares and ensure you take the necessary steps to avoid.

vendor management risk, vendor management nightmares, vendor management next steps

Interviews

Interview with David Stevens, CMB

Venminder was honored to be joined by David Stevens, President and CEO of the Mortgage Bankers Association (MBA). Listen to this interview for discussions on data security, cybersecurity, lessons learned from the housing crisis, the CFPB relation to regulatory compliance and much more.

regulatory guidance

Infographics

5 Key Provisions of Critical Vendor Contracts

Learn what they are, important points in each of these 5 areas, how to utilize these key provisions to help mitigate vendor contract risk.

Interviews

Interview with Shane Martin

This Venminder interview drills down into a specific vendor type - the appraisal management company (AMC) and appraisal management software. With Shane Martin, EVP of InHouseUSA, we discuss the specific areas of third-party risk to pay attention to when using an AMC as fourth-party vendor.

regtech

Podcasts

FFIEC Appendix J and E

You should be familiar with Appendix J and Appendix E of the FFIEC guidance. We will go over what each of them are, what they mean and how your teams can stay informed on new vendor management guidance and regulations.

regulatory compliance, guidance

Podcasts

7 Vendor Risk Attributes To Consider

Learn 7 key things you should do with every new vendor. These steps are essential to the vendor vetting process and determining how much you know about the company with whom are you planning to do business.

Samples

Free Regulatory Compliance and Operational Assessment

Our in-house third-party risk experts can help determine if your vendor's operational and regulatory compliance is satisfactory.

regulatory compliance

Infographics

Vendor + Product + Risk = Documentation

Items to collect on all vendors, what to collect for higher risk or more critical vendors, and suggestions when you need to fill due diligence gaps.

product documentation formula, vendor risk formula

Podcasts

10 Common Vendor Management Errors

It’s easy to get so deep in the weeds of your vendor management program that you make some pretty basic errors. Sometimes you need to take a step back and evaluate. Here are some of the ones that we see most often.

Infographics

Disaster Recovery: How and Why it Extends to Your Third Parties

4 key elements in every disaster recovery plan and why you should care about your third parties' disaster recovery preparedness.

disaster recovery, vendor disaster recovery, disaster recovery planning, vendor management, DR, TPRM

Infographics

Oversight on a Contract Mortgage Underwriter

Considerations when you outsource to a contract underwriter, 3 tips in vendor oversight, Q's to consider when assessing contract underwriter risk.

mortgage underwriter, contract mortgage underwriter, contract management

Infographics

Reputation Risk and Your Company's Third Parties

How to mitigate reputation risk, the impact a vendor can have on your reputation, which vendors pose a reputational risk and 5 tactics to manage third party reputational risk.

Podcasts

Enterprise Risk Management vs Vendor Management

We often get asked, "Is there a difference between an ERM and VM?" The answer is “YES” – they are different, but there are some areas of overlap as well. Learn about what some of the differences are.

Whitepapers

Guide on New Regulation OCC Bulletin 2017-7

Our analysis of OCC 2017-7 to learn key points to know about Bulletin 2017-7 and actions required to comply.

occ bulletin 2017-7, occ bulletins, guide to occ bulletin 2017-7

Infographics

SSAE 18 and Its Impact to Financial Institutions

What you need to know about SSAE 18, the difference between SSAE 16 and SSAE 18 and some key updates to SOC 1's.

Infographics

Business Continuity In Relationship to Your Third Parties

Do you know if they have appropriate measures in place and a plan of how to handle business impacting events with you?

Infographics

Signs You May Need to Find a New Vendor

7 signs to look for when reviewing your vendor list to see if any of them are under-performing and steps to protect you if you spot one.

eBooks

Creating an Effective Vendor Contract Management System

Contract management best practices, summarizing key guidance expectations from reglators and common issues and consequences.

vendor contracts, contract managements, vendor contract management, third-party contract, third-party contract management

Infographics

Vendor Selection: The Process of Selecting Vendors

Step by step, you will want to check every box to ensure items such as risk, expected outcomes and regulatory requirements have all been properly addressed.

Infographics

The Vendor Management Umbrella: Part 4

The Procedures must be very detailed, often right down to the prescriptive steps of what screen to look at, what field to examine, what step to take next, etc.

Podcasts

Fourth Parties

So you're asking yourself right now, "What is a fourth party? I've just gotten my head around the whole concept of having third parties. And why are they important to my financial institution's vendor management program?" Let's discuss.

Infographics

The Vendor Management Umbrella: Part 3

When you’re examined, the Program will absolutely positively be essential. Examiners will look for consistency in form and in content.

Podcasts

When a Vendor Refuses to Provide Financials

When a third-party company doesn't provide financial documents we tend to think there's nothing we can do. But actually, there is and we'll show you that alternate path in this video.

Infographics

The Vendor Management Umbrella: Part 2

Your vendor management Policy is the playbook that auditors and examiners will expect you to follow. Get the Policy right and it will provide your financial institution all the right protection in weathering the storm.

Podcasts

3 Key Points to Review In SOC Reports

Learn the 3 key points to review in service organization control reports, SOC reports for short, as you begin assessing your vendor's environment. Meet examiner requests and gain strategic business advantages.

Infographics

The Vendor Management Umbrella: Part 1

Here's your starting point of our 4-part series that covers the 3 primary components essential to building an exam proof vendor management operation at your financial institution.

Podcasts

Why Is There So Much Focus On Third-Party Risk?

You have to do a lot for your third party risk management now... but why? We'll go through a few reasons for the increased third-party risk management regulation and concern.

Podcasts

Consequences of a Vendor's Poor Financial Performance

You report the vendor's financial health to senior management and board. What happens when the financial health is poor? We will go over the domino effect, the issue in the industry and what you can do about it.

Podcasts

Vendor Business Continuity and Disaster Recovery Plans

Ensuring your critical vendors can survive in disaster helps ensure your financial institution can also survive. Learn what Business Continuity & Disaster Recovery plans are & how our team reviews them.

Infographics

Don't Be "Fooled" By Vendors Who Look Safe At First

To help you and your team avoid any misunderstandings, we've put together a list of 10 most common assumptions we've seen in the vendor management process.

Infographics

Navigating Your Vendor Management

To help you and your team, we've put together a simple infographic on 7 of the most common dangerous potholes that we have seen.

Infographics

A St. Patrick's Day Infographic - The Lucky Clovers

To join in the fun of St. Patricks Day every year, we've put together a simple infographic on the basic principles of a successful vendor management program.

Podcasts

FFIEC Cybersecurity Assessment Tool

The FFIEC released a Cybersecurity Assessment Tool. We'll go over in depth the benefits of it and why your financial institution should use it for your vendor management.

Infographics

Vendor Cybersecurity Risk - Do Due Diligence

Does your due diligence process include assessing your vendor's cybersecurity posture? Have you identified the risks and applied controls to mitigate the risk? And if something goes wrong, what happens next?

Samples

Free Point-In-Time Cybersecurity Assessment

Download our sample Point-In-Time Cybersecurity Analysis and feel free to use it as a guide for doing your own assessments or contact us if outsourcing this type of work is right for you.

information security

Podcasts

Security & Confidentiality Provisions Which Should Be Addressed

Even though each vendor agreement includes different contractual terms, 5 security and confidentiality provisions should always be addressed. Let's go through them.

cybersecurity, information security

Infographics

Vendor Love - Do I stay or do I go? - A Valentine

Love is in the air this Valentine's Day. But "love" may not be the word you would pick to describe the relationship you have with all of your vendors.

Podcasts

5 Types of Vendor SOC Reports

So, what are the types of service organization control (SOC) reports and which type of SOC report did your vendors have performed? To help keep track, we'll cover all 5 of them in this podcast.

cybersercurity, information security

Podcasts

Your Vendors and Cloud Computing

The Cloud has many benefits, but there are risks you need to consider. Protecting your organization's data is ultimately your responsibility so you should know how your vendor safeguards it.

cybersecurity, information security

Infographics

Vendor Contract Considerations - Before You Sign

We firmly believe that if you follow a few basic steps before you enter a contract, you're unlikely to ever need to pull that contract out again during the term of the relationship.

contract management, contract negotiation

Samples

Free Contract Compliance Assessment

Our comprehensive summary report detail each provision and notate those that are covered, and just as importantly, those that are missing and need to be addressed in the next revision.

contract management, contract negotiation

Podcasts

Evolution of Third-Party Risk

In this video we cover the evolution of third-party risk management and the regulatory expectations on financial institutions. This will be helpful to know as you expand your third-party risk knowledge.

regulatory compliance, guidance

Podcasts

Fit Third-Party Risk Management in ERM

Various components of vendor risk feed in to your ERM strategy and considerations. Learn steps and tips on how to properly integrate third-party risk management in your enterprise risk management program.

Podcasts

Prevention of Problems in Third-Party Risk

An ounce of prevention is worth a pound of cure! Perhaps there is no better example than in the third-party risk management. Here are 3 ways you can be proactive to prevent problems.

issue management, ongoing monitoring, oversight, due diligence

Podcasts

Importance of Complimentary User Entity Controls

Learn what Complimentary User Entity Controls are, how they're related to SOC reports, what you do with them, why they're important and more.

cybersecurity, information security

Samples

Free Business Continuity and Disaster Recovery Assessment

Download our sample vendor business continuity plan review and feel free to use it as a guide for doing your own or contact us if outsourcing this type of work is right for you.

bcp

Podcasts

How to Do a Mid-Year Third-Party Risk Management Progress Check

It is essential for the future success of your third-party risk management program to continue to make necessary updates. These 6 steps and best practices will help get you started.

due diligence, ongoing monitoring, oversight management

 

Explore More Content

Check out our latest third-party risk blog posts that you may also find helpful.

5 min read

November 2024 Vendor Management News

Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.

Recently...

7 min read

14 Ways Vendor Risk Management Software and Services Help

Partnering with third-party vendors for various products and services can present an interesting dilemma. On one hand,...

5 min read

Software Bill of Materials (SBOMs) in Your Vendor Risk Management Program

In today’s technology-driven world, many of us understand how to use complex software applications like project...

Love what you see?

Be the first to know when we add new infographics, blog posts, and more.