Master Third-Party Risk Management
Go beyond checkbox compliance. This advanced TPRM training teaches you to build, run, and mature a cybersecurity third-party risk management programme — with real-world use cases, templates, and hands-on workshops that give you a competitive edge in the industry.
Request a TPRM Training Callback
Speak with our team about the advanced TPRM programme — schedule, format, and corporate group options.
CISSP Batch 56 Starting 28 June 2026
What's Included in Your Programme
24 hours of intensive training over 2 weekends (Sat & Sun, 6 hours each day) — theory, workshops, and templates bundled together.
24 Hours of Intensive Training Over 2 Weekends
Designed for working professionals — no weekday time off required. Four focused Saturday and Sunday sessions, 6 hours each, spread across two consecutive weekends.
Foundation & Lifecycle Deep Dive
Saturday — Day 1 (6 hours)
Introduction to TPRM, industry statistics & case studies, TPRM lifecycle overview, pre-onboarding & inherent risk assessment, tier assignment, and due diligence methodology (inside-out & outside-in).
Sunday — Day 2 (6 hours)
Security due diligence across 15+ domains, evidence validation, residual risk calculation, contract review & negotiation, security & privacy exhibits, and continuous monitoring with KPIs & KRIs.
12 hours total
Programme, Operations & Workshop
Saturday — Day 3 (6 hours)
TPRM programme strategy & building blocks, budgeting, governance, TPRM operations, SOPs, metrics & reporting, dashboards for CISO & board, SOC 2 interpretation, and termination & offboarding.
Sunday — Day 4 (6 hours)
Hands-on workshop — end-to-end TPRM assessment using industry use cases, risk statement drafting, controls recommendation, assessment report generation, contract negotiation practice, and Q&A.
12 hours total
24 hrs
Total Training
4 Days
Sat & Sun Only
6 hrs/day
Per Session
0
Weekdays Required
Why Third-Party Risk Management Is No Longer Optional
Over 50% of organisations perform no structured TPRM. Major breaches at Microsoft, Okta, and SolarWinds happened despite ISO 27001 and SOC 2 compliance — proving that compliance alone does not equal security.
50%+ Have No TPRM
Surveys consistently show that more than half of organisations lack any formal third-party risk management process, leaving critical vendor relationships unmonitored and unassessed.
Compliance Does Not Equal Security
Being ISO 27001 or SOC 2 compliant did not prevent breaches at some of the world's largest technology companies. A proactive security posture requires going beyond audit checkboxes.
Expanding Attack Surface
Cloud adoption, emerging technologies, and growing supply chains have multiplied third-party entry points. Every vendor connection is a potential vulnerability if left unassessed.
Regulatory Pressure
Laws, industry standards, and regulatory bodies increasingly mandate formal TPRM programmes. Non-compliance carries financial penalties, reputational damage, and legal liability.
Financial & Operational Risk
Third-party failures create operational disruption, strategic exposure, concentration risk, financial loss, and reputational damage that can take years to recover from.
From Checkbox to Risk-Based
This course helps you move from ad hoc vendor reviews to a mature, risk-based TPRM approach where third parties become strategic partners who jointly reduce organisational risk.
The question isn't whether your organisation needs TPRM — it's whether you're the one who knows how to build it.
The TPRM Lifecycle — End to End
An industry-aligned framework that governs how you assess, onboard, monitor, and offboard every third party in your organisation's ecosystem.
Pre-Onboarding
Identify inherent risk before the relationship begins. Assign risk tiers (Tier 1, 2, 3), determine the appropriate assessment methodology, and conduct the initial pre-onboarding assessment to decide whether to proceed with the vendor engagement.
Due Diligence
Conduct thorough security assessments using both inside-out (security questionnaires, evidence validation) and outside-in (security ratings) methodologies. Validate control effectiveness, identify gaps, and deduce residual risk for informed decision-making.
Contract Review
Review and negotiate security, privacy, and data governance exhibits in contracts. Validate key security clauses, assess liability and sub-contractor provisions, and apply best practices for contract negotiation that protect your organisation.
Continuous Monitoring
Monitor the ongoing security posture of third parties through security ratings, KPIs, and KRIs. Integrate continuous monitoring across the lifecycle, programme, and operations with structured reporting to leadership and stakeholders.
Termination & Offboarding
Manage vendor exit with the same rigour as onboarding. Conduct offboarding due diligence using checklists, generate assessment reports, review security clauses for compliance, and ensure complete data return or destruction.
5 phases. 15+ security domains. The complete TPRM lifecycle — not just theory, but tools, templates, and decision frameworks for each.
Advanced Training Modules
Each module builds on the last — from foundational TPRM concepts to operational execution, metrics, and hands-on workshops.
Introduction to TPRM
Why TPRM matters now, industry statistics on third-party risk, types of risks (operational, strategic, financial, reputational), prominent breach case studies, and regulatory mandates driving TPRM adoption.
TPRM Lifecycle & Process
Deep dive into all five phases — pre-onboarding, due diligence, contract review, continuous monitoring, and termination. Methodology, tools, templates, and decision frameworks for each.
Security Due Diligence
Inside-out risk assessment across 15+ security domains: access control, asset management, application security, incident management, cryptography, BCP, endpoint security, physical security, and more.
Contract Management
Contract lifecycle, types of agreements, security and privacy exhibit samples, validation of key clauses, sub-contractor provisions, liability terms, and tool-based clause validation.
TPRM Metrics & Reporting
Design KPIs and KRIs across lifecycle, programme, and operations. Build dashboards for operational teams, CISOs, board members, and audit committees with visual best practices.
TPRM Programme & Strategy
Programme building blocks, framework design, budgeting, steering committee formation, governance, stakeholder management, and moving from ad hoc to a mature programme.
TPRM Operations
Roles and responsibilities, SOPs, change management, centralised inventory, incident and issues management, SOC 2 report interpretation, tool features, and staffing requirements.
Professionals Who Should Take This Course
This training is built for anyone involved in managing, assessing, or overseeing third-party relationships and their associated risks.
Cybersecurity Professionals
Security engineers, analysts, and architects who need to understand vendor risk assessment and security due diligence as part of their broader security responsibilities.
IS Auditors & Compliance Officers
Professionals responsible for auditing vendor controls, validating SOC 2 reports, and ensuring regulatory compliance across the third-party ecosystem.
Risk Management Professionals
Risk analysts and managers looking to expand into third-party risk — a rapidly growing niche skill that combines technical security knowledge with governance expertise.
Procurement & Supply Chain
Procurement specialists and supply chain managers who evaluate vendors and need to understand the security and risk dimensions of vendor selection and management.
Legal & Privacy Teams
Legal counsel and privacy officers who draft, review, and negotiate security and privacy exhibits in vendor contracts, and need to understand the risk context behind clauses.
Business Unit Leaders
Heads of business units and corporate functions who sponsor vendor relationships and need to understand their role in the TPRM process and governance framework.
How This Course Benefits Your Career
Walk away with practical skills you can apply immediately — in your current role, in interviews, or when building a new TPRM programme from scratch.
Apply Standard Processes
Use proven concepts, techniques, and best practices directly in your day-to-day TPRM operations and assessments.
Derive Key Metrics
Build KPIs and KRIs that are relevant and meaningful to senior management, the board, and audit committees.
Liaise Across Teams
Develop the interpersonal skills to coordinate smoothly with procurement, legal, IT, and business units throughout the TPRM process.
Draft Reports & Recommendations
Generate assessment reports, draft risk statements, recommend controls, and present findings to leadership with confidence.
Prepare for TPRM Interviews
Gain demonstrable, hands-on experience with real-world scenarios that set you apart from other candidates in the job market.
Run a Mature Programme
Move your organisation's TPRM from ad hoc to optimised and automated — a mature programme that treats third parties as strategic security partners.
Practical skills. Industry templates. Real-world confidence. This is the training that turns TPRM knowledge into career momentum.
Still Deciding? Request a Callback
Talk to our team about the programme format, corporate group options, and how TPRM training fits your career goals.
The TPRM Training Toolkit
Stop piecing together resources from different places. This all-in-one toolkit brings expert instruction, real-world practice, and professional templates under a single roof.
Advanced TPRM Training & Workshop
Frequently Asked Questions
Answers to the most common questions about this advanced TPRM training programme.
Questions answered. The next cohort is enrolling now.
Still have questions? Reach out — we're happy to help. Otherwise, secure your spot before the next weekend session fills up.
Build Your TPRM Expertise Today
Join security professionals who are moving beyond checkbox compliance to build mature, risk-based TPRM programmes. Enrol now and gain a competitive edge in one of cybersecurity's fastest-growing disciplines.