Third-Party Risk Made Simple – Managing Vendor, Partner, and Outsourcing Risk Across the Enterprise (C36-F-P)

This course teaches you how to assess, monitor, and mitigate third-party risk across vendors, partners, and service providers. You’ll gain: Third-Party Risk Foundations Understand the types of third-party relationships and associated risks Learn how third-party risk differs from enterprise and operational risk Explore regulatory expectations and industry frameworks Risk Assessment & Due Diligence Conduct pre-contract risk assessments and vendor due diligence Evaluate financial, operational, cyber, privacy, and ESG risks Use questionnaires, scoring models, and external data sources Contracting & Controls Draft contracts with risk-based clauses and SLAs Define roles, responsibilities, and escalation paths Include audit rights, termination triggers, and compliance obligations Monitoring & Lifecycle Management Track vendor performance, incidents, and compliance over time Use risk tiering, dashboards, and automated alerts Manage onboarding, renewal, and offboarding processes Tools & Integration Use platforms like OneTrust, Aravo, Prevalent, and ServiceNow VRM Integrate with GRC, procurement, and security systems Automate assessments, workflows, and reporting Strategic Alignment Align third-party risk with ISO 27001, DORA, NIS2, GDPR, and ESG programs Communicate risk posture to regulators, partners, and customers Support resilience, trust, and strategic agility