Menu
Advanced Corporate TrainingHands-On Workshop

Master Third-Party Risk Management

Go beyond checkbox compliance. This advanced TPRM training teaches you to build, run, and mature a cybersecurity third-party risk management programme — with real-world use cases, templates, and hands-on workshops that give you a competitive edge in the industry.

24Hrs Training
2Weekends
15+Security Domains
LiveWorkshop Included

Request a TPRM Training Callback

Speak with our team about the advanced TPRM programme — schedule, format, and corporate group options.

We respect your privacy. No spam, ever.

Next Batch

CISSP Batch 56 Starting 28 June 2026

Course Schedule

24 Hours of Intensive Training Over 2 Weekends

Designed for working professionals — no weekday time off required. Four focused Saturday and Sunday sessions, 6 hours each, spread across two consecutive weekends.

Weekend 1

Foundation & Lifecycle Deep Dive

Saturday — Day 1 (6 hours)

Introduction to TPRM, industry statistics & case studies, TPRM lifecycle overview, pre-onboarding & inherent risk assessment, tier assignment, and due diligence methodology (inside-out & outside-in).

Sunday — Day 2 (6 hours)

Security due diligence across 15+ domains, evidence validation, residual risk calculation, contract review & negotiation, security & privacy exhibits, and continuous monitoring with KPIs & KRIs.

12 hours total

Weekend 2

Programme, Operations & Workshop

Saturday — Day 3 (6 hours)

TPRM programme strategy & building blocks, budgeting, governance, TPRM operations, SOPs, metrics & reporting, dashboards for CISO & board, SOC 2 interpretation, and termination & offboarding.

Sunday — Day 4 (6 hours)

Hands-on workshop — end-to-end TPRM assessment using industry use cases, risk statement drafting, controls recommendation, assessment report generation, contract negotiation practice, and Q&A.

12 hours total

24 hrs

Total Training

4 Days

Sat & Sun Only

6 hrs/day

Per Session

0

Weekdays Required

The Problem

Why Third-Party Risk Management Is No Longer Optional

Over 50% of organisations perform no structured TPRM. Major breaches at Microsoft, Okta, and SolarWinds happened despite ISO 27001 and SOC 2 compliance — proving that compliance alone does not equal security.

50%+ Have No TPRM

Surveys consistently show that more than half of organisations lack any formal third-party risk management process, leaving critical vendor relationships unmonitored and unassessed.

Compliance Does Not Equal Security

Being ISO 27001 or SOC 2 compliant did not prevent breaches at some of the world's largest technology companies. A proactive security posture requires going beyond audit checkboxes.

Expanding Attack Surface

Cloud adoption, emerging technologies, and growing supply chains have multiplied third-party entry points. Every vendor connection is a potential vulnerability if left unassessed.

Regulatory Pressure

Laws, industry standards, and regulatory bodies increasingly mandate formal TPRM programmes. Non-compliance carries financial penalties, reputational damage, and legal liability.

Financial & Operational Risk

Third-party failures create operational disruption, strategic exposure, concentration risk, financial loss, and reputational damage that can take years to recover from.

From Checkbox to Risk-Based

This course helps you move from ad hoc vendor reviews to a mature, risk-based TPRM approach where third parties become strategic partners who jointly reduce organisational risk.

Five-Phase Framework

The TPRM Lifecycle — End to End

An industry-aligned framework that governs how you assess, onboard, monitor, and offboard every third party in your organisation's ecosystem.

01

Pre-Onboarding

Identify inherent risk before the relationship begins. Assign risk tiers (Tier 1, 2, 3), determine the appropriate assessment methodology, and conduct the initial pre-onboarding assessment to decide whether to proceed with the vendor engagement.

Inherent RiskTier AssignmentAssessment MethodologyPre-Onboarding Assessment
02

Due Diligence

Conduct thorough security assessments using both inside-out (security questionnaires, evidence validation) and outside-in (security ratings) methodologies. Validate control effectiveness, identify gaps, and deduce residual risk for informed decision-making.

Inside-Out AssessmentOutside-In RatingsControl ValidationResidual Risk15+ Security Domains
03

Contract Review

Review and negotiate security, privacy, and data governance exhibits in contracts. Validate key security clauses, assess liability and sub-contractor provisions, and apply best practices for contract negotiation that protect your organisation.

Security ExhibitsPrivacy ClausesData GovernanceLiability TermsNegotiation Practices
04

Continuous Monitoring

Monitor the ongoing security posture of third parties through security ratings, KPIs, and KRIs. Integrate continuous monitoring across the lifecycle, programme, and operations with structured reporting to leadership and stakeholders.

Security RatingsKPIs & KRIsPosture MonitoringReporting
05

Termination & Offboarding

Manage vendor exit with the same rigour as onboarding. Conduct offboarding due diligence using checklists, generate assessment reports, review security clauses for compliance, and ensure complete data return or destruction.

Offboarding ChecklistAssessment ReportClause ReviewRegulatory Compliance
What You Will Master

Advanced Training Modules

Each module builds on the last — from foundational TPRM concepts to operational execution, metrics, and hands-on workshops.

Introduction to TPRM

Why TPRM matters now, industry statistics on third-party risk, types of risks (operational, strategic, financial, reputational), prominent breach case studies, and regulatory mandates driving TPRM adoption.

TPRM Lifecycle & Process

Deep dive into all five phases — pre-onboarding, due diligence, contract review, continuous monitoring, and termination. Methodology, tools, templates, and decision frameworks for each.

Security Due Diligence

Inside-out risk assessment across 15+ security domains: access control, asset management, application security, incident management, cryptography, BCP, endpoint security, physical security, and more.

Contract Management

Contract lifecycle, types of agreements, security and privacy exhibit samples, validation of key clauses, sub-contractor provisions, liability terms, and tool-based clause validation.

TPRM Metrics & Reporting

Design KPIs and KRIs across lifecycle, programme, and operations. Build dashboards for operational teams, CISOs, board members, and audit committees with visual best practices.

TPRM Programme & Strategy

Programme building blocks, framework design, budgeting, steering committee formation, governance, stakeholder management, and moving from ad hoc to a mature programme.

TPRM Operations

Roles and responsibilities, SOPs, change management, centralised inventory, incident and issues management, SOC 2 report interpretation, tool features, and staffing requirements.

Who It Is For

Professionals Who Should Take This Course

This training is built for anyone involved in managing, assessing, or overseeing third-party relationships and their associated risks.

Cybersecurity Professionals

Security engineers, analysts, and architects who need to understand vendor risk assessment and security due diligence as part of their broader security responsibilities.

IS Auditors & Compliance Officers

Professionals responsible for auditing vendor controls, validating SOC 2 reports, and ensuring regulatory compliance across the third-party ecosystem.

Risk Management Professionals

Risk analysts and managers looking to expand into third-party risk — a rapidly growing niche skill that combines technical security knowledge with governance expertise.

Procurement & Supply Chain

Procurement specialists and supply chain managers who evaluate vendors and need to understand the security and risk dimensions of vendor selection and management.

Legal & Privacy Teams

Legal counsel and privacy officers who draft, review, and negotiate security and privacy exhibits in vendor contracts, and need to understand the risk context behind clauses.

Business Unit Leaders

Heads of business units and corporate functions who sponsor vendor relationships and need to understand their role in the TPRM process and governance framework.

Outcomes

How This Course Benefits Your Career

Walk away with practical skills you can apply immediately — in your current role, in interviews, or when building a new TPRM programme from scratch.

Apply Standard Processes

Use proven concepts, techniques, and best practices directly in your day-to-day TPRM operations and assessments.

Derive Key Metrics

Build KPIs and KRIs that are relevant and meaningful to senior management, the board, and audit committees.

Liaise Across Teams

Develop the interpersonal skills to coordinate smoothly with procurement, legal, IT, and business units throughout the TPRM process.

Draft Reports & Recommendations

Generate assessment reports, draft risk statements, recommend controls, and present findings to leadership with confidence.

Prepare for TPRM Interviews

Gain demonstrable, hands-on experience with real-world scenarios that set you apart from other candidates in the job market.

Run a Mature Programme

Move your organisation's TPRM from ad hoc to optimised and automated — a mature programme that treats third parties as strategic security partners.

Still Deciding? Request a Callback

Talk to our team about the programme format, corporate group options, and how TPRM training fits your career goals.

We respect your privacy. No spam, ever.

Your Complete Package

The TPRM Training Toolkit

Stop piecing together resources from different places. This all-in-one toolkit brings expert instruction, real-world practice, and professional templates under a single roof.

Common Questions

Frequently Asked Questions

Answers to the most common questions about this advanced TPRM training programme.

TPRM is the process of identifying, assessing, and mitigating risks from external vendors, suppliers, and service providers across the full lifecycle — from pre-onboarding and due diligence to continuous monitoring and offboarding.
This is an advanced training that goes far beyond vendor management basics. It covers the complete TPRM lifecycle, security due diligence across 15+ domains, contract negotiation, KPI/KRI design, programme strategy, TPRM operations, SOC 2 interpretation, and a full hands-on workshop with real-world use cases.
Yes. The final day is a dedicated hands-on workshop where you perform end-to-end TPRM assessments using industry use cases, draft risk statements, recommend controls, generate assessment reports, and practise contract negotiation.
The due diligence module covers 15+ security domains including access control, asset management, application security, incident management, cryptography, business continuity, endpoint security, physical security, network security, and more.
While some familiarity with cybersecurity or risk management is helpful, the course is designed to be accessible to professionals from different backgrounds — including audit, compliance, procurement, legal, and IT — who want to build or deepen their TPRM expertise.
Compliance means meeting the requirements of a framework or regulation (like ISO 27001 or SOC 2). Security means having effective controls that actually reduce risk. This course teaches you why compliance alone is not enough and how to assess real security posture beyond certifications.
Absolutely. The hands-on exercises, real-world scenarios, and end-to-end assessment experience give you demonstrable skills that set you apart from other candidates. You will be able to discuss TPRM processes, metrics, and operations with confidence.
Advanced Corporate Training

Build Your TPRM Expertise Today

Join security professionals who are moving beyond checkbox compliance to build mature, risk-based TPRM programmes. Enrol now and gain a competitive edge in one of cybersecurity's fastest-growing disciplines.