Third-Party Risk Management Best Practices
Published by Pearson
Create resilient TPRM systems to protect your organization from external threats
- Gain a thorough understanding of potential vulnerabilities and risks associated with third-party vendors.
- Learn practical steps to develop and implement a robust third-party risk management (TPRM) system.
- Explore strategies for continuous monitoring, effective incident response, and regular audits to maintain a robust risk management system.
In today’s interconnected business environment, third party risk management (TPRM) is crucial. Organizations are encouraged to be proactive in their approach to risk management. The lack of proper risk management can lead to severe consequences, including regulatory and financial losses, reputational damage, and operational issues.
This course is designed to equip professionals with the knowledge and tools to create a resilient third-party risk management system that protects their organization from external threats. As businesses increasingly rely on third parties, the need to manage associated risks such as data breaches, regulatory non-compliance, and operational disruptions becomes critical.
Participants will learn the importance of third-party risk management (TPRM), the framework for developing TPRM systems and implementing TPRM practices. By mastering TPRM, participants can safeguard their organization, maintain customer trust, and gain a strategic advantage in their industry. By attending this course, participants can implement best practices and actionable insights to protect their organization from risks posed by third-party relationships.
What you’ll learn and how you can apply it
- Identify and assess the risks associated with third-party vendors.
- Analyze real-world examples to effectively apply best practices in organizational risk management.
- Develop expertise in conducting due diligence and implementing risk management strategies to protect your organization.
- Acquire the skills to continuously monitor and manage third-party relationships.
- Gain knowledge to strengthen your organization's TPRM framework, ensuring protection against external threats and enhancing overall operational resilience.
This live event is for you because...
- Information Security Managers
- Risk Managers
- Procurement Specialists
- Compliance Officers
- IT Security Managers
Prerequisites
- Basic understanding of risk management concepts
- Knowledge of regulatory requirements
- Foundational understanding of cybersecurity concepts, such as data protection, threat vectors, and incident response.
Course Set-up
- Bring your comments and questions. Attendees will have an opportunity to share their experiences with risk management in the chat and ask questions in real-time.
Recommended Preparation
- Read: Cybersecurity and Third-Party Risk by Gregory C. Rasner
- Read: Building a Cyber Risk Management Program by Brian Allen, Brandon Bapst and Terry Allan Hicks
- Read: Developing Cybersecurity Programs and Policies in an AI-Driven World, 4th Edition by Omar Santos
Recommended Follow-up
- Read: Cybersecurity Risk Management by Cynthia Brumfield and Brian Haugli
- Read: The Essentials of Risk Management, Third Edition, by Michel Crouhy, Dan Galai and Robert Mark
- Read: Mastering Risk Management by Tony Blunden and John Thirlwell
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Segment 1: Introduction to Third-Party Risk Management (20 minutes)
- Understanding Third-Party Risk
- Definition and importance of third-party risk management (TPRM)
- Key Risks Associated with Third Parties
- Overview of common risks: cybersecurity, compliance, operational, financial, and reputational
- The Growing Importance of TPRM
- Trends in third-party risks and why robust management is critical
Segment 2: Framework for Developing a TPRM System (30 minutes)
- Establishing a TPRM Framework
- Key components of a TPRM framework: policies, procedures, and governance
- Risk Assessment and Due Diligence
- Conducting risk assessments on third parties
- Performing due diligence before onboarding new vendors
- Contractual Considerations
- Incorporating risk management clauses in contracts
- Setting expectations for compliance and security requirements
Q&A (10 minutes)
Break (5 minutes)
Segment 3: Implementing TPRM Practices (40 minutes)
- Continuous Monitoring and Reporting
- Tools and techniques for ongoing monitoring of third-party risks
- Setting up reporting mechanisms and dashboards
- Incident Response and Management
- Developing an incident response plan for third-party breaches or failures
- Auditing and Reviewing Third Parties
- Regular audits and reviews to ensure third-party compliance and performance
- Tools and Technologies for TPRM
- Overview of software solutions and tools that can streamline TPRM processes
Segment 4: Best Practices and Case Studies (40 minutes)
- Case Study: Successful TPRM Implementation
- Real-world example of a robust TPRM system in action
- Lessons Learned
- Common pitfalls and how to avoid them
- Key success factors in developing an effective TPRM system
- Interactive Discussion
- Participants discuss their experiences and challenges with third-party risk
Break (5 minutes)
Segment 5: Action Planning and Q&A (20 minutes)
- Developing a TPRM Action Plan
- Steps to implement or enhance a TPRM system within your organization
Course wrap-up and next steps (10 minutes)
- Q&A session to address participant questions and specific concerns
- Final thoughts and next steps for maintaining a robust TPRM system
Your Instructor
Dr. Iretioluwa Akerele
Dr. Iretioluwa Akerele is a multi-award-winning cybersecurity professional. She has over 10 years of experience as a cybersecurity consultant, academic researcher, and industry practitioner. She is a career coach who has supported over 1,000 cybersecurity beginners to achieve their goals. Her zeal for professional growth made her co-found CyBlack, a cybersecurity community committed to the career advancement of diversity in cybersecurity through mentorship and guidance.
Iretioluwa serves on the advisory board of Cybersafe Foundation, an organization focused on protecting the most vulnerable individuals and businesses from cyber-attacks. She also founded Cybarik Limited to provide top-tier cybersecurity consulting and training services.