Latest Discussions

  • The CAIQ (Consensus Assessments Initiative Questionnaire) was built for just this purpose. It was built by the Cloud Security Alliance . Many cloud service providers already have this completed ...

  • This will depend on the type of vendor and the services you're consuming from them, so this answer will be somewhat general. I'll assume in the context of this question that by "on-premise" you're ...

  • Profile Picture

    RE: OFAC

    OFAC checks are a best practice today. Our regulatory environment has evolved over the last few years to the point where BSA/AML regulations as well as FinCEN regulations require OFAC background ...

  • Does anyone have a Board level Vendor Management Policy (either yours or a generic version) that you'd be willing to share? I'm looking for ideas to improve ours.

Trending Discussions

  • In instances where the vendor will not release financial statements but will discuss their financial status, what questions are asked?

    2 people like this.
  • This message was posted by a user wishing to remain anonymous Is the list you send for only your critical vendors? Third Party Service Providers? How do you know they have been audited by ...

Most Recent Announcements

  • Welcome to the Community!

    Hi Everyone!   Thanks for joining the Third Party ThinkTank Community! It’s really great to have you on board.   I’m Brittany Padgett, the Community Manager, and it’s my job to help assist you as we all work together to build this community. The main way we can do that is by encouraging each other to get involved and share ideas and opinions. If at any time you have feedback or suggestions, ...

Communities Built For You


Topic Communities

Join a community dedicated to an area of third party risk including contracts, infosec, risk assessments, policies and more.


Special Interest Communities

Network with others who are running very mature or complex programs at their organizations that require a unique way of thinking. 

Product Communities

Meet, connect and network with other users using the same third party risk tool as you - get support and share new ideas and best practices.

Learning Center


Resources Library

Download the latest guides, infographics, samples, whitepapers, checklists and more that can help guide you through best practices on third party risk.

Visit Resources

Live Webinars

Register and join live webinars to learn current trends and best practices from knowledgeable experts. Free CPE eligible webinars.

Register Now

Venminder Academy

Coming early 2020! Don't miss out - make sure to sign up to our notification list and be one of the first to know about our self-paced eLearning courses.

Get Notified

Learn more about the Third Party ThinkTank Community


The professionals who take on the job of third party risk ensure the right steps are taken to protect their organizations from vendor risks and avoid costly regulatory enforcement actions. While risk comes in many forms - a good third party risk management program can help address financial, reputation, credit, operational risk and much more during the business lifecycle. 

This dedicated and free community is open to those involved in or running third party risk management programs at their organization. Inside you have the opportunity to network, share stories, ask questions, give advice and gain access to a vast library of educational content, webinars and training opportunities. 


Latest Articles

  • Make sure you don't miss any important vendor management news! To make it easier for you, we've put together this list of key third party risk management articles and news. Read below!
  • With all the rapid changes, and regulations becoming more stringent at the prudential regulators, there’s an expectation that your third party risk management program is evolving too. When you sit back and look at the third party risk big picture, there’s a lot to manage, right? It would be helpful if someone could give you a checklist and say, “Okay. Here is your list of due diligence requirements for every single vendor you do business with. Just always request these documents and you’re golden.” I fully understand how much easier that would make it. However, unfortunately, it can’t be that way because not all vendors are the same. They’re not all created equal.
  • Negotiation is vital. Do not accept the first contract that you see as changes to accommodate special requests by both parties are common and often necessary. It can be challenging, but break it down, take your time and eventually you will have an acceptable contract between your organization and the third party.