Third-party risk management (TPRM) is the process of analyzing and controlling risks associated with outsourcing to TP or service providers. This includes access to your organization's intellectual property, data, operations, finances, customer information or other sensitive information.

In today’s complex economy, utilization of TP providers is a norm rather than an exception. The engagement of TP providers, as well as subservice or “fourth-party” providers, presents risks that organizations should take action to manage. Risks posed by an organization’s TP providers should be considered by the organization when establishing their TPRM program. Inability to establish a solid TPRM program could leave your organization at undue risk.

Organizations are now facing risks such as the threat of high-profile business failure, illegal third-party actions being attributed to the organization, or regulatory enforcement for actions taken by third-parties. It is critical organizations have a robust, mature TPRM program that encompasses all aspects of risk and all stages of the lifecycle that a TP can transition through from initial due diligence to business continuity.

Within this course, we will discuss the concepts around establishing a solid TPRM process for any organization. Future courses will then examine the process of auditing your TP relationships.

Learning Objectives
  • Explore and examine risks of a TPRM program.
  • Discover and define a TPRM Program.
  • Identify elements of a TPRM program.
  • Recognize the steps to build a TPRM program.
  • Recognize the steps to execute a TPRA.
  • Explore and managing Third-Party Risk Program.
  • Discover the best practices for TPRM.
Last updated/reviewed: August 23, 2023
4 Reviews (18 ratings)


Member's Profile
This course explained the Third Party Risk Management program and Third Party risk assessment and their importance. It provides a good understanding on what needs to be done to effectively manage third parties and the risks associated with them.

Member's Profile
Good webinar on how to establish TPRM. Material is well structured and easy to follow.

Anonymous Author
Comprehensive list of best practices and controls regarding third-party risk.

Anonymous Author
Good overview, good presentation, good documentation, thanks

Course Complexity: Foundational

No advanced preparation or prerequisites are required for this course.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  Introduction to Establishing a Third-Party Risk Management Program4:02
  Risk of Third-Party Programs5:19
  What is TRPM?8:42
  Elements of a Third-Party Risk Management Program10:52
  Elements of a Third-Party Risk Management Program Cont'd11:06
  Steps to Build a TRPM Program5:53
  Steps to Build a TRPA11:16
  Managing Third-Party Risk Program8:00
  Managing Third-Party Risk Program Cont'd12:25
  Best Practice for TP Management13:48
  Additional Approaches5:31
  Establishing a Third-Party Risk Management Program1:37:56
  Slides: Establishing a Third-Party Risk Management ProgramPDF
  Establishing a Third-Party Risk Management Program Glossary/ IndexPDF