Third Party Risk Management (TPRM) Complete Course

Name: Third Party Risk Management (TPRM) Complete Course
Rating: 4.5 (759 reviews)

Vendor Risk Management | TPRM Lifecycle | GRC | IT Audit

Bestseller

Created byAlexander Shafe

Last updated 3/2026

English

What you'll learn

Third Party Risk Management
Third Party Risk Management Lifecycle
Planning and preparation
Selection and Due Diligence
Contract Negotiation and Onboarding
Incident Management and Response
Termination and Offboarding
Continuous Monitoring

Course content

9 sections • 67 lectures • 3h 26m total length

Introduction1:39
Understanding Third Party Risk Management (TPRM)3:02
Types of Third Party Relationships2:24
Explore types of third party relationships across vendors, contractors, managed service providers, outsourcing partners, affiliates, distributors, financial service providers, and compliance partners.
Benefits of Third Party Relationships2:47
Challenges With Managing Third Party Relationships4:39
Third Party Risks1:27
Recognize data and intellectual property shared with a third party creates access, transfer, and storage risks. Third party risk affects operations, reputation, and finances, depending on relationship type and controls.
Inherent Risks2:05
Residual Risks1:31
Udemy Review System1:25
Types of Third Party Risks5:17
Roadmap to Becoming an IT Auditor, GRC Analyst or TPRM Professional5:09

TPRM Program1:07
Governance & Third Party Risk Management2:04
TPRM Risk Management Framework (RMF)2:17
Explore a flexible third party risk management framework that establishes clear accountabilities, policies, and processes to identify, manage, mitigate, monitor, and report vendor risk using NIST CSF and ISO 27001.
NIST Cybersecurity Framework (CSF) 2.02:46
Explore the NIST CSF 2.0 framework with governance, identify, protect, detect, respond, and recover functions, highlighting its adaptation for third party risk management and data protection.
NIST Special Publication 800-531:47
ISO27001 Framework3:08
COSO Framework2:41
SIG Questionnaire2:56
Risk Appetite4:55
TPRM Teams - Roles & Responsibilities I6:41
TPRM Teams - Roles & Reponsibilities II7:44
Regulatory Compliance2:24

Third Party Risk Management Lifecycle1:08
Planning & Scoping3:36
Plan and scope establish a structured third party risk management approach, assigning a relationship owner, defining exit strategies, service levels, vendor criticality, and risk assessment criteria across stakeholders.
Identifying Potential Vendors2:00
Request for Proposal (RFP)1:53
Request for Information (RFI)1:02
Use a rfi to gather information on potential suppliers and solutions, explore the market, and assess vendor qualifications and competencies in the early procurement stage.

Selection & Due Diligence0:41
Assess potential third-party vendors through selection and due diligence to identify and mitigate risks in security, compliance, financial stability, and operational resilience after vendor identification and screening before contract negotiations.
Criticality & Inherent Risk1:50
Assess third party risk by identifying critical vendors and evaluating inherent risk, guiding due diligence decisions and managing regulatory exposure and switching costs.
Due Diligence Activities0:44
Third Party Profile4:17
Develop a comprehensive third party profile to assess risk attributes, relationship ownership, and regulatory compliance, updated throughout the vendor lifecycle with financial health, data sensitivity, incidents, and SLAs.
Inherent Risk Questionnaire4:32
Risk Assessment & Due Diligence4:08
Risk Assessment1:25
Assess third party relationships through comprehensive risk assessments that evaluate governance, controls, and risk management across information security, operational risk, human resources privacy, compliance, financial health, and fourth party risk.

Information Security Risk Assessment3:52
Operational Risk Assessment2:39
Assess third party operational risk by evaluating criticality, potential impacts on operations, finances, data security, reputation, and compliance, and determining recovery objectives and recovery point objectives, due diligence, and monitoring.
Human Resources Risk Assessment3:04
Privacy & Data Protection Risk Assessment3:12
Compliance Risk Assessment3:16
Financial Risk Assessment2:40
Vendor Risk Management Framework1:26
Fourth Party Assessment3:19
Map fourth party subcontractors and service providers, enforce contractual risk management, secure audit rights and incident notifications, and verify business continuity, resilience, and SOC-compliant controls, while planning for alternative suppliers.
Risk Identification3:22
Identify specific risks after completing a risk assessment by reviewing results, controls, testing, due diligence, and benchmarks; collaborate with the third party to develop remediation plans and prioritize high-risk issues.
Risk Treatment / Response7:13
Risk Assessment Report7:15
Explore a comprehensive third party risk management risk assessment report, detailing executive summary, vendor overview, risk identification, scoring, and mitigation actions to enhance data protection and regulatory compliance.
Service Organization Controls (SOC)1:31
SOC Categories and Types3:32
Understanding SOC Reports4:06
Reviewing SOC Reports4:44

Contract Management2:19
Key Stakeholders in Contract Management2:56
Explore how key stakeholders—from legal, procurement, and business units to risk, vendor management, IT, information security, finance, and senior management—collaborate to draft, negotiate, and manage contracts.
Negotiating Contract Terms2:46
Contract Review and Approvals1:25
Ongoing Contract Management2:00
Key Components of Service Level Agreements (SLAs)2:57
Key Steps When an SLA is Breach2:42
Assess impact and risks when an SLA breach occurs. Notify the vendor with data and root cause, and implement remedies, penalties, a remediation plan, and enhanced monitoring.

Monitoring and Performance Tracking 15:30
Continuously monitor vendor risk, performance, cybersecurity posture, and data protection to detect changes, enforce controls, and ensure regulatory compliance and service levels.
Monitoring and Performance Tracking 23:51
Monitor key risk indicators for vendors using continuous, real-time scoring and dashboards, with automated incident reporting and change management to mitigate third-party risk.
Incidence Response Management 14:24
Incidence Response Management 23:59

Requirements

Laptop, Desktop required to view and participate in lessons
Enthusiastic about learning about learning how to perform a Risk Assessment

Description

In today's interconnected world, third-party relationships are essential for business success. However, these relationships can also expose organizations to significant risks—cyber threats, data breaches, regulatory non-compliance, financial loss, operational disruptions and reputational damage.

Introducing the comprehensive "Third Party Risk Management" course!
Gain the expertise needed to effectively manage and mitigate the risks associated with third-party vendors and partners.

What Will You Learn?

Understanding Third Party Risk: Define and assess the different types of third-party risks, from financial to cybersecurity.
The TPRM Lifecycle: Learn about the complete lifecycle of third-party risk management, including due diligence, contracting, performance tracking, risk monitoring, and offboarding.
Vendor Due Diligence: Understand how to effectively perform due diligence when onboarding new third-party vendors.
Incident Management & Response: Gain skills in developing incident response plans for third-party breaches and understand how to recover quickly.
Regulatory Compliance: Master the key regulatory requirements related to third-party risks, including GDPR, CCPA, SOC 2, PCI DSS, and Sarbanes Oxley (SOX).
TPRM Governance: Understand governance frameworks that align with the organization’s risk appetite and tolerance.
Risk Assessment Techniques: Learn how to evaluate third-party risks using industry-leading frameworks like NIST, ISO 27001, COSO ERM, and Shared Assessments SIG.

Who Should Enroll:

Students, IT Professionals, Starting or Changing career into IT
Anyone interested in pursuing a career in Third Party Risk Management
IT professionals
Risk Analyst
IT Security Analyst
IT Compliance Analyst
Cyber Security Professionals
IT Auditors
IT Control Testers
Information Security Professionals

Don't Miss Out - Enroll Today! Invest in your future and take your career to new heights with the Third-Party Risk Management Complete Course. Join thousands of satisfied students who have transformed their careers with our industry-leading training.

Who this course is for:

Students, Professionals, Starting or Changing career into IT
Risk Analyst, Cyber Security Analyst, Information Security Analyst, IT Auditor, IT professionals

Third Party Risk Management (TPRM) Complete Course

What you'll learn

Explore related topics

Course content

Introduction11 lectures • 31min

Third Party Risk Management Program12 lectures • 41min

Planning & Scoping5 lectures • 10min

Selection & Due Diligence - Part 17 lectures • 18min

Selection & Due Diligence - Part 215 lectures • 55min

Contract Management7 lectures • 17min

Monitoring & Performance Management4 lectures • 18min

Termination & Offboarding4 lectures • 13min

Continuous Improvement2 lectures • 4min

Requirements

Description

Who this course is for: