Vendor Risk Management Resources
Venminder’s fifth annual State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate. Check out the results to learn how organizations across a variety of industries are accomplishing this.
Top 21
for 2021
1
State of Third-Party Risk Management 2021
Download Whitepaper
Position
Description
2
What are the due diligence items you should be considering when reviewing a third party? While due diligence isn’t a check-the-box exercise, we thought it would be helpful to have a list handy to refer to when thinking through the vendor due diligence items you should be performing on your third-party vendors.
Model Vendor Due Diligence Checklist
Download Checklist
whitepaper
CHECKLIST
3
You should be asking each of your vendors for a SOC report, especially your critical and high-risk vendors. When analyzing your vendor’s SOC reports, it’s crucial you understand the different terminology. To help guide you in understanding some of the most common SOC terms, reference this simple dictionary.
The Vendor SOC Dictionary
Download eBook
4
Due diligence should be based on your vendor's risk level. Your process should also be tailored to match the product or service provided by your third-party vendor. Here is a checklist that specifies the particular types of due diligence items you need to gather for low, moderate and high-risk vendors.
Due Diligence for High, Moderate and Low-Risk Vendors Checklist
Download Checklist
5
Knowing which SOC report you need can be challenging. To help guide you and your team through the differences, we've created a simple, one-page infographic. Review this infographic to learn the definitions of each type of SOC report and how they can benefit your organization.
Understanding the Differences Between a Vendor SOC 1, 2, 3
Download Infographic
In order to have a successful third-party risk management program, it's important that you have all of the necessary documents and procedures in place. Whether you're just getting started or simply are looking to refresh your program, use this comprehensive checklist to guide you to successful vendor management.
Third-Party Risk Management Checklist
Download Checklist
Infographic
6
Vendor due diligence reviews are a fundamental component of a complete third-party risk management program. This helps tremendously to prevent risk to an organization and its customers. In this eBook, will break down how to do vendor due diligence reviews around 6 of the most common due diligence documents we see every day.
How to Do Vendor Due Diligence Reviews: The Complete Breakdown
8
Preparing for an audit can be mind-numbing and a bit scary. We've developed a checklist to help you manage and be sure you’re prepared when you hear the auditors are coming for a visit. Learn who needs to be involved in preparing for an auditor’s visit as well as the vendor management items to have available.
Third-Party Risk Management Audit Checklist
10
Understanding the risk associated with either new or existing third-party products or services often starts with a questionnaire. In itself, the questionnaire development process can be quite a large task. Learn our recommended steps for creating streamlined vendor risk questionnaires.
How to Guide: Creating a Vendor Risk Questionnaire
12
Vendor risk management requires a fully documented set of practices that usually includes a high-level policy, comprehensive program and detailed procedures. If time is invested and it’s done correctly, these documents can really help protect your organization and your customers.
Guide to Your Vendor Risk Management Policy, Program and Procedures
14
Vendor document collection is one of the primary pain points in third-party risk management. While it may be a time-consuming process, it's crucial you handle each step thoroughly. Here are 10 tips to help you collect vendor due diligence documents more efficiently.
10 Tips for Collecting Vendor Due Diligence Documents
16
One of the most challenging exercises you face in third-party risk management is how to establish standards for identifying your critical vendors. The most effective way to do so is to set up comprehensive guidelines on what type of risk you’re going to evaluate and the scope of third parties that may fall into that.
Identifying Critical Vendors:
3 Fool-Proof Questions
Financial, operational and reputation risks are all fundamental negative exposure pain points you must be aware of. The number of data breaches reported lately is a reminder that the importance of third-party oversight has never been greater. We'll walk you through steps to developing an effective vendor management program.
Building an Effective Vendor Management Program
20
A SOC report is an independent audit report which is performed by a certified public accountant (CPA). It provides insight into an organization’s internal control environment and can protect your organization by verifying the vendor has adequate controls in place, so it's important to review and understand. This interactive guide explains how.
Reviewing and Understanding a Vendor’s SOC Report
21
The contract management process is not only about trying to negotiate the best financial and legal terms for your organization, but also a key component of managing vendor relationships. Manage vendor contracts effectively by diving deeper into each component of the contract management process.
How to Master Vendor Contract Management
EBOOK
7
Read this eBook to help guide you through the SOC review process and how to mitigate risk. You'll learn how the proper review of a SOC report helps support your organization, as well as when you should obtain and review a SOC report, how to understand Complementary User Entity Controls, why reviewing the CUEC section is so critical and more.
How to Review a Vendor SOC Report
9
There are several critical elements your vendor risk management program should have that will greatly contribute to your success. To help, we've put together a quick reference guide. Whether you’re new to vendor risk management or want to take your program to the next level, our cheat sheet will help.
Vendor Risk Management Cheat Sheet
11
Vendor contract negotiation is a vital component of contract management. In fact, it’s also a critical lifecycle stage of any vendor you choose to outsource a product or service to. This infographic will walk you through what you should negotiate into a contract for third-party risk management.
Vendor Contract Negotiations: What to Negotiate for Third-Party Risk Management
17
Determining your third parties' inherent and residual risk is a key element of a proper and robust risk assessment. But, what is the difference between inherent and residual risk? Check out this infographic to learn how inherent risk is defined, why residual risk should never rise above a certain level and overall tips.
Inherent vs. Residual Vendor Risk
15
One of the most frequent questions we hear is, “is there a difference between a high-risk vendor and a critical vendor?” Well, there’s a different definition and, therefore, real differences. Learn the definitions of the two divisions of risk as well as examples and fundamental questions you should ask your vendor.
The Differences Between a High-Risk and Critical Vendor
19
Have you taken any of these 19 steps when vetting each of your third-party vendors? Regardless of risk level, as part of your vendor due diligence and vetting process, there are several items your organization should be committed to filing. Learn more about the steps you should be taking.
Vendor Vetting: 19 Things You Should Be Doing
13
18
Download eBook
Download eBook
Download eBook
Download Checklist
Download Infographic
Download eBook
Download eBook
Download eBook
Download Infographic
Download Infographic
Download Infographic
Download Infographic
Download Infographic
Download Infographic
Download eBook
EBOOK
EBOOK
EBOOK
EBOOK
EBOOK
Interactive guide
EBOOK
CHECKLIST
CHECKLIST
CHECKLIST
Infographic
Infographic
Infographic
Infographic
Infographic
Infographic
Infographic
2
What are the due diligence items you should be considering when reviewing a third party? While due diligence isn’t a check-the-box exercise, we thought it would be helpful to have a list handy to refer to when thinking through the vendor due diligence items you should be performing on your third-party vendors.
Model Vendor Due Diligence Checklist
CHECKLIST
Download Checklist
3
You should be asking each of your vendors for a SOC report, especially your critical and high-risk vendors. When analyzing your vendor’s SOC reports, it’s crucial you understand the different terminology. To help guide you in understanding some of the most common SOC terms, reference this simple dictionary.
The Vendor SOC Dictionary
EBOOK
Download eBook
4
Due diligence should be based on your vendor's risk level. Your process should also be tailored to match the product or service provided by your third-party vendor. Here is a checklist that specifies the particular types of due diligence items you need to gather for low, moderate and high-risk vendors.
Due Diligence for High, Moderate and Low-Risk Vendors Checklist
CHECKLIST
Download Checklist
5
Knowing which SOC report you need can be challenging. To help guide you and your team through the differences, we've created a simple, one-page infographic. Review this infographic to learn the definitions of each type of SOC report and how they can benefit your organization.
Understanding the Differences Between a Vendor SOC 1, 2, 3
infographic
Download Infographic
6
In order to have a successful third-party risk management program, it's important that you have all of the necessary documents and procedures in place. Whether you're just getting started or simply are looking to refresh your program, use this comprehensive checklist to guide you to successful vendor management.
Third-Party Risk Management Checklist
checklist
Download Checklist
7
The contract management process is not only about trying to negotiate the best financial and legal terms for your organization, but also a key component of managing vendor relationships. Manage vendor contracts effectively by diving deeper into each component of the contract management process.
How to Master Vendor Contract Management
ebook
Download eBook
8
Vendor due diligence reviews are a fundamental component of a complete third-party risk management program. This helps tremendously to prevent risk to an organization and its customers. In this eBook, will break down how to do vendor due diligence reviews around 6 of the most common due diligence documents we see every day.
How to Do Vendor Due Diligence Reviews: The Complete Breakdown
ebook
Download eBook
9
Read this eBook to help guide you through the SOC review process and how to mitigate risk. You'll learn how the proper review of a SOC report helps support your organization, as well as when you should obtain and review a SOC report, how to understand Complementary User Entity Controls, why reviewing the CUEC section is so critical and more.
How to Review a Vendor SOC Report
ebook
Download eBook
10
Preparing for an audit can be mind-numbing and a bit scary. We've developed a checklist to help you manage and be sure you’re prepared when you hear the auditors are coming for a visit. Learn who needs to be involved in preparing for an auditor’s visit as well as the vendor management items to have available.
Third-Party Risk Management Audit Checklist
CHECKLIST
Download Checklist
11
There are several critical elements your vendor risk management program should have that will greatly contribute to your success. To help, we've put together a quick reference guide. Whether you’re new to vendor risk management or want to take your program to the next level, our cheat sheet will help.
Vendor Risk Management Cheat Sheet
infographic
Download Infographic
12
Understanding the risk associated with either new or existing third-party products or services often starts with a questionnaire. In itself, the questionnaire development process can be quite a large task. Learn our recommended steps for creating streamlined vendor risk questionnaires.
How to Guide: Creating a Vendor Risk Questionnaire
ebook
Download eBook
13
Have you taken any of these 19 steps when vetting each of your third-party vendors? Regardless of risk level, as part of your vendor due diligence and vetting process, there are several items your organization should be committed to filing. Learn more about the steps you should be taking.
Vendor Vetting:
19 Things You Should
Be Doing
ebook
Download eBook
14
Vendor risk management requires a fully documented set of practices that usually includes a high-level policy, comprehensive program and detailed procedures. If time is invested and it’s done correctly, these documents can really help protect your organization and your customers.
Guide to Your Vendor Risk Management Policy, Program and Procedures
ebook
Download eBook
15
Determining your third parties' inherent and residual risk is a key element of a proper and robust risk assessment. But, what is the difference between inherent and residual risk? Check out this infographic to learn how inherent risk is defined, why residual risk should never rise above a certain level and overall tips.
Inherent vs. Residual Vendor Risk
infographic
Download Infographic
16
Vendor document collection is one of the primary pain points in third-party risk management. While it may be a time-consuming process, it's crucial you handle each step thoroughly. Here are 10 tips to help you collect vendor due diligence documents more efficiently.
10 Tips for Collecting Vendor Due Diligence Documents
infographic
Download Infographic
17
Vendor contract negotiation is a vital component of contract management. In fact, it’s also a critical lifecycle stage of any vendor you choose to outsource a product or service to. This infographic will walk you through what you should negotiate into a contract for third-party risk management.
Vendor Contract Negotiations: What to Negotiate for Third-Party Risk Management
infographic
Download Infographic
18
One of the most challenging exercises you face in third-party risk management is how to establish standards for identifying your critical vendors. The most effective way to do so is to set up comprehensive guidelines on what type of risk you’re going to evaluate and the scope of third parties that may fall into that.
Identifying Critical Vendors: 3 Fool-Proof Questions
infographic
Download Infographic
19
One of the most frequent questions we hear is, “is there a difference between a high-risk vendor and a critical vendor?” Well, there’s a different definition and, therefore, real differences. Learn the definitions of the two divisions of risk as well as examples and fundamental questions you should ask your vendor.
The Differences Between a High-Risk and Critical Vendor
infographic
Download Infographic
20
Financial, operational and reputation risks are all fundamental negative exposure pain points you must be aware of. The number of data breaches reported lately is a reminder that the importance of third-party oversight has never been greater. We'll walk you through steps to developing an effective vendor management program.
Building an Effective Vendor Management Program
infographic
Download Infographic
21
A SOC report is an independent audit report which is performed by a certified public accountant (CPA). It provides insight into an organization’s internal control environment and can protect your organization by verifying the vendor has adequate controls in place, so it's important to review and understand.
This interactive guide explains how.
Reviewing and Understanding a Vendor’s SOC Report
interactive guide
Download eBook
Download Now
Fill out the form below to access the 21 Helpful Vendor Risk Resources for 2021.
Download PDF Version