Latest Discussions

  • Posted in: Risk Assessments

    We have a questionnaire that is asked of every vendor. But for low level vendors such as facility care we base it in part on building access. Do they have a badge and are they authorized to be ...

  • Posted in: Risk Assessments

    The HVAC company incident was Target in 2014: https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ Kate Wakefield CISSP, CIPT, MPA Sr. Manager Security ...

  • Posted in: Risk Assessments

    Thank you for the insight Dave!

  • Posted in: Risk Assessments

    It's a tricky path you ask about. Technically, a vendor is anyone you pay in order to receive goods and/or services. There are high profile cases where vendors that seemed to be below ...

Trending Discussions

  • Posted in: Risk Assessments

    Hello, When do you know if you should perform a risk assessment on a vendor? How do you know it qualifies/does not qualify as a "vendor"? It feels counterproductive to perform a risk assessment ...

  • Profile Picture

    Risk assessment

    Posted in: Risk Assessments

    Hi All, Happy New Year! Is there a list of services outsourced by a financial institution which is out of scope for risk assessment like telephone and utility bills,statuatory and regulatory ...

Most Recent Announcements

  • Seeking Your Input - Annual TPRM Survey!

    Hi Community Members, We’re looking for your valuable input! Venminder is conducting their annual survey for the State of Third-Party Risk Management 2021 whitepaper and we’re hoping you may have 5 minutes to spare to help out and take the survey. The complimentary whitepaper will be released in early January and will provide you with industry trends and data that you can use to compare your own ... More
  • Community Update - 1,000 Members

    Hi Everyone, I want to share some very exciting news with you all. We have reached 1,000 community members! This is a milestone we’re very proud of and it’s all thanks to the fantastic third-party risk conversations you all are having every day. As always, please let me know if you have any thoughts or feedback on ways that we can improve the community. In the meantime, here are some links ... More

Communities Built For You


Topic Communities

Join a community dedicated to an area of third party risk including contracts, infosec, risk assessments, policies and more.


Special Interest Communities

Network with others who are running very mature or complex programs at their organizations that require a unique way of thinking. 

Product Communities

Meet, connect and network with other users using the same third party risk tool as you - get support and share new ideas and best practices.

Learning Center


Resources Library

Download the latest guides, infographics, samples, whitepapers, checklists and more that can help guide you through best practices on third party risk.

Visit Resources

Live Webinars

Register and join live webinars to learn current trends and best practices from knowledgeable experts. Free CPE eligible webinars.

Register Now

Venminder Academy

Coming in 2020! Don't miss out - make sure to sign up to our notification list and be one of the first to know about our self-paced eLearning courses.

Get Notified

Learn more about the Third Party ThinkTank Community


The professionals who take on the job of third party risk ensure the right steps are taken to protect their organizations from vendor risks and avoid costly regulatory enforcement actions. While risk comes in many forms - a good third party risk management program can help address financial, reputation, credit, operational risk and much more during the business lifecycle. 

This dedicated and free community is open to those involved in or running third party risk management programs at their organization. Inside you have the opportunity to network, share stories, ask questions, give advice and gain access to a vast library of educational content, webinars and training opportunities. 


Latest Articles

  • The best strategy for preparing for an examination is vigilance. Vigilance in the third-party risk world means you’re always prepared and ready to answer any auditor's or examiner’s document request well ahead of time. By keeping everything up to date, you avoid the crush to meet your examiner’s deadlines.
  • While cybersecurity has been more critical than ever since we decided to move all our business operations online, there has perhaps been no greater reminder just how important it is to safeguard our sensitive data than the calamities we lived through in 2020. Bad actors scamming everyone they can, data thieves stealing intellectual property and identity thieves hard at work while the rest of the world has scrambled to adjust to drastically different working and living conditions.
  • As third-party risk professionals, we’re all too familiar with data breaches and bad actors. And, when a really nasty one occurs, especially one that could potentially threaten national security, we feel the effects alongside the rest and are strongly reminded why third party-risk management is so important.