Introduction

Modern organisations increasingly rely on a broad network of suppliers, outsourcing partners, technology providers, contractors, and strategic alliances to support critical business operations. While these relationships create opportunities for efficiency, innovation, and growth, they also introduce significant operational, cyber, financial, regulatory, and reputational risks that can directly affect organisational performance and stakeholder confidence. As regulatory scrutiny increases and supply chains become more interconnected, effective third-party risk management has become a strategic business imperative.

This Third-Party Risk Management (TPRM) training course provides a practical, internationally aligned approach to establishing, strengthening and optimising a Third-Party Risk Management framework — from governance, onboarding and due diligence through cyber, financial, ESG and geopolitical risk assessment, to continuous monitoring, assurance and board-level reporting. Grounded in recognised standards including ISO 31000, ISO/IEC 27036 and NIST SP 800-161, it translates principle into practice through tools participants can apply directly within their own organisations.

Key Focus for areas of this Third-Party Risk Management (TPRM) training course includes:

Key Learning Outcomes

At the end of this Third-Party Risk Management (TPRM) training course, participants will be able to:

Training Methodology

This training course follows an interactive, applied learning approach. Participants engage in expert-led discussion, facilitated analysis of recent high-profile third-party breaches and supply chain disruptions, and template-driven workshops. Throughout the week, delegates build the core artefacts of a working TPRM programme — risk-tiering models, due-diligence questionnaires, monitoring scorecards and board dashboards — in a form they can adapt directly to their own organisational context.

Third-Party Risk Management (TPRM)

Who Should Attend?

This Third-Party Risk Management (TPRM) training course is ideal for professionals responsible for managing risk across the extended enterprise, including:

  • Risk, Compliance and Governance Managers
  • Procurement, Sourcing and Vendor Management Professionals
  • Information Security and Third-Party Cyber Risk Specialists
  • Internal Audit and Assurance Professionals
  • Operational Resilience and Business Continuity Leaders
  • Legal, Contract and ESG / Sustainability Professionals
  • Executives and Board Members responsible for third-party oversight

Course Outline

Day 1

Establishing Third-Party Governance & the TPRM Framework

  • The evolving third-party risk landscape — outsourcing, cloud, SaaS and the extended enterprise
  • Integrating TPRM within Enterprise Risk Management (ERM) and the three lines of defence
  • Defining governance structures, accountability and clear ownership across functions
  • Setting risk appetite and tolerance for third-party and supplier relationships
  • Board and executive responsibilities for oversight of the extended enterprise
  • Mapping the regulatory landscape — DORA, interagency guidance and sector expectations
Day 2

Risk-Based Due Diligence, Onboarding & Supplier Governance

  • Vendor onboarding, qualification and pre-contract screening processes
  • Designing proportionate, risk-based due diligence frameworks and methodologies
  • Supplier tiering and classification models — focusing effort where risk is greatest
  • Operational risk assessment methodologies across the vendor lifecycle
  • Financial, credit and viability risk evaluation of suppliers
  • Embedding risk requirements into contracts, SLAs and right-to-audit clauses
Day 3

Cyber, Technology & Digital Supply Chain Resilience

  • Third-party cyber risk management frameworks (ISO/IEC 27036, NIST SP 800-161)
  • Cybersecurity due diligence and assessment methodologies, including standardised questionnaires
  • Cloud and SaaS provider risk assessment and shared-responsibility models
  • Managing digital / ICT concentration risk and fourth-party (subcontractor) exposure
  • Artificial Intelligence vendor risk — transparency, data governance and model assurance
  • Coordinated incident response, breach notification and joint resilience testing
Day 4

Supply Chain Resilience, ESG & Geopolitical Risk

  • Supply chain risk mapping and single-point-of-failure / dependency analysis
  • Building resilient, diversified sourcing and contingency strategies
  • ESG risk assessment frameworks for the supplier base
  • Human rights, modern slavery and responsible-sourcing due diligence
  • Geopolitical, sanctions and country-risk assessment methodologies
  • Scenario planning and stress testing for supply chain disruption
Day 5

Continuous Monitoring, Assurance, Reporting & Future-Proofing

  • Designing continuous monitoring frameworks and key risk indicators (KRIs)
  • Vendor performance management and SLA / obligation tracking systems
  • Third-party audit programmes and independent assurance approaches
  • Executive and board dashboards — translating third-party risk into decisions
  • Managing vendor exit, offboarding and contingency / step-in arrangements
  • Building a strategic roadmap for continuous TPRM maturity improvement

International Standards & Professional Alignment

Our training courses are aligned with internationally recognised professional standards and frameworks across leadership, strategy, finance, governance, risk, compliance, and audit. By integrating globally trusted models, we ensure learners develop practical, relevant, and industry-recognised capabilities.

Our trainings draw on leading international standards and professional frameworks, including ISO, ISACA, COSO, OECD, IIA, FATF, Basel, IFRS/ISSB, GRI, NIST, CPD, ILM and the OECD AI Principles. This alignment ensures consistency with global best practices across financial management, risk oversight, digital governance, sustainability, and strategic decision-making..

Designed in alignment with globally recognised professional bodies, our courses support continuous professional development, strengthen organisational capability, and provide clear pathways toward professional certifications valued worldwide.

Ready to Take the Next Step?

Reserve your slot today and start your learning journey with us.

Got a Question?

Reach out to us anytime — we're here to help and guide you.

Related Courses

Leading with GRC
calendar 03 - 07 Aug 2026 , London

Leading with GRC

Align governance, risk, and compliance to strengthen strategy, performance, and resilience

View Details
Governance Investigation
calendar 06 - 10 Jul 2026 , London

Governance Investigation

Practical Skills for Ethical and Compliant Investigations

View Details
Enterprise Governance & Compliance
calendar 27 - 31 Jul 2026 , Dubai

Enterprise Governance & Compliance

Regulatory Oversight, Risk Integration, and Ethical Leadership

View Details
Project Governance and Stage Gate Management
calendar 21 - 25 Sep 2026 , London

Project Governance and Stage Gate Management

Governance Excellence for Successful Project Delivery

View Details
Discover More

Related Categories

Find Your Perfect Course in Related Categories

Corporate Governance
Enterprise Risk Management (ERM)

Related Industry

Find Your Perfect Course in Related Industry

Transportation, Logistics & Supply Chain

Find the Right Professional Training Course

Use our course finder to explore training by capability area, role focus, location, or delivery format.

Search Courses