Third Party Risk Management Curriculum

About Course

Third-Party Risk Management (TPRM) is the process of identifying, assessing, monitoring, and mitigating risks associated with external vendors, suppliers, and partners that provide products or services to an organization. It ensures that third parties comply with regulatory, security, and operational standards to prevent data breaches, financial loss, and reputational harm. TPRM involves evaluating vendor performance, conducting due diligence, managing contracts, and continuously monitoring risk exposure throughout the vendor lifecycle. Effective TPRM strengthens organizational resilience, enhances compliance with frameworks like ISO 27001 and GDPR, and ensures business continuity by maintaining trust and transparency across the extended enterprise ecosystem.

Course Content

One On One Training

Module 1. Defining Third Party Risk Management

Module 2. Drivers of Third-Party Risk Management

Module 3. What Are We Managing? Third Party Risks

Module 4. A TPRM Framework and Process

Module 5. Onboarding and Tiering

Module 6. Ongoing Monitoring and Risk Management

Module 7. Offboarding

Module 8. Reporting for TPRM

Module 9. Practical Steps to Implement Your TPRM Program

Module 10. Integrating TPRM and ERM

Module 11. Overcoming Challenges in Your TPRM Program

Module 12. Who Manages TPRM?

Module 13. When is TPRM Carried Out?

About Course

What Will You Learn?

Course Content

One On One Training

Module 1. Defining Third Party Risk Management

Who are third parties?

What is third party risk?

What is third party risk management?

Objectives of third-party risk management

Module 2. Drivers of Third-Party Risk Management

The extended enterprise and external drivers

Regulations driving TPRM

Standards and frameworks

Module 3. What Are We Managing? Third Party Risks

Identifying objectives impacted by third parties

Third parties as risk events

Third parties as causes of risks

Developing a taxonomy of third-party risks

Using risk bow tie analysis to understand and map risks

A closer look at compliance, cyber, concentration and contagion risk

Module 4. A TPRM Framework and Process

The risk and reward pyramid

How third parties influence the operating model

Overview of TPRM lifecycle – Onboarding, Ongoing Monitoring and Offboarding

Module 5. Onboarding and Tiering

Third party selection criteria and process

Initial screening and tiering

Initial Due Diligence

Decision and approval process

Onboarding including contractual arrangements

Module 6. Ongoing Monitoring and Risk Management

Key steps in onboarding monitoring

Due diligence updates

Ongoing compliance

Ongoing SLA / contract monitoring

Ongoing management including third party training

Risk metrics and monitoring, external and internal data, and alerts

Escalation and treatment

Module 7. Offboarding

Key steps in offboarding

Consequences of poor offboarding

Ensuring effective closeout of terminated engagements

Module 8. Reporting for TPRM

The purpose of reporting

Main types of reports

Considering multiple audiences for reporting

Levels of reporting, aggregation and filtering

Reporting on risk versus reporting on TPRM process performance

Module 9. Practical Steps to Implement Your TPRM Program

Defining the scope of your TPRM program

Developing a roadmap

Developing a TPRM policy

Creating a third-party inventory

Systems and workflows

Communication

Module 10. Integrating TPRM and ERM

Applying the ISO 31000 risk management process to TPRM

Where TPRM fits in an ERM framework

Module 11. Overcoming Challenges in Your TPRM Program

Overcoming lack of buy-in

Overcoming limited resources

Overcoming third party noncompliance

Overcoming inconsistent tiering or risk assessments

Module 12. Who Manages TPRM?

Three Lines Model

Roles across TPRM

Ensuring clear ownership, responsibilities and accountabilities for the complete process

Module 13. When is TPRM Carried Out?

The TPRM lifecycle

Taking a dynamic risk-based approach

Using systems and workflows to improve cadence