Latest Discussions

  • Profile Picture

    RE: Out of Scope

    Every organization will have its own list of entities excluded from its definition of vendor or excluded from the vendor management process. Some on the list will be unique to the organization's ...

  • Profile Picture

    RE: Out of Scope

    Venminder has published some guidance on this topic which I've found helpful: https://www.venminder.com/blog/out-of-scope-third-parties https://www.venminder.com/library/determine-in-out-s ...

  • Profile Picture

    Out of Scope

    What types of products and services do you consider out of scope for third party risk management/vendor management?

  • Posted in: Risk Assessments

    Do any of the FI members have any experience at Risk Assessing a Skip Trace Company? PII is involved but it is such a small subset of member/customer data. How are others classifying in your ...

Trending Discussions

  • Profile Picture

    Reviewing 3rd Party Attestation reports

    This message was posted by a user wishing to remain anonymous Looking for some assistance on how to review our 3rd party's reports, SOC reports for example. Is there a checklist or similar that ...

  • Posted in: Exams or Audits

    I realize this is a VM blog but i'm hoping some of you also manage BCP for your credit union and are willing to share some info. I'm curious how you have/will approach testing of business functions ...

Most Recent Announcements

  • Seeking Your Input - Annual TPRM Survey!

    Hi Community Members, We’re looking for your valuable input! Venminder is conducting their annual survey for the State of Third-Party Risk Management 2021 whitepaper and we’re hoping you may have 5 minutes to spare to help out and take the survey. The complimentary whitepaper will be released in early January and will provide you with industry trends and data that you can use to compare your own ... More
  • Community Update - 1,000 Members

    Hi Everyone, I want to share some very exciting news with you all. We have reached 1,000 community members! This is a milestone we’re very proud of and it’s all thanks to the fantastic third-party risk conversations you all are having every day. As always, please let me know if you have any thoughts or feedback on ways that we can improve the community. In the meantime, here are some links ... More

Communities Built For You


Topic Communities

Join a community dedicated to an area of third party risk including contracts, infosec, risk assessments, policies and more.


Special Interest Communities

Network with others who are running very mature or complex programs at their organizations that require a unique way of thinking. 

Product Communities

Meet, connect and network with other users using the same third party risk tool as you - get support and share new ideas and best practices.

Learning Center


Resources Library

Download the latest guides, infographics, samples, whitepapers, checklists and more that can help guide you through best practices on third party risk.

Visit Resources

Live Webinars

Register and join live webinars to learn current trends and best practices from knowledgeable experts. Free CPE eligible webinars.

Register Now

Venminder Academy

Coming in 2020! Don't miss out - make sure to sign up to our notification list and be one of the first to know about our self-paced eLearning courses.

Get Notified

Learn more about the Third Party ThinkTank Community


The professionals who take on the job of third party risk ensure the right steps are taken to protect their organizations from vendor risks and avoid costly regulatory enforcement actions. While risk comes in many forms - a good third party risk management program can help address financial, reputation, credit, operational risk and much more during the business lifecycle. 

This dedicated and free community is open to those involved in or running third party risk management programs at their organization. Inside you have the opportunity to network, share stories, ask questions, give advice and gain access to a vast library of educational content, webinars and training opportunities. 


Latest Articles

  • When creating a vendor questionnaire or reviewing a questionnaire completed by a vendor, it’s essential to ask the right questions so you can fully understand the vendor’s cybersecurity environment. Use the following 10 questions to make sure you're providing and receiving the most important cybersecurity information from your vendors.
  • Reading up on latest vendor management news can only help your third-party risk management program We're here to make it easier than ever! Below we've listed articles that we recommend checking out.
  • In the world of vendor risk management, there are several categories of vendor risk to consider, such as strategic, compliance, cyber, financial, reputational and more. Today, we will focus on vendor operational risk and highlight some of the issues that can arise if this risk isn’t managed appropriately. First, we should define operational risk as the risks an organization faces while running its day-to-day business activities. Operational risk typically reflects the failure of processes, procedures, people and systems. Furthermore, operational risk has two dimensions, internal and external.