Third Party Risk Management
Information Security Audit
Risk Management Professionals who aspire to learn and gain exposure to TPRM
Professional Services (consulting)
Business Sponsors/Partners
Security Compliance
Supply Chain Professionals
Procurement Professionals
Security/Risk Analysts
Legal
TPRM Advanced Training Topics
Introduction to TPRM
- Why is it the need of the hour
- TPRM risks that organizations are exposed to
- Regulations and standards enforcing TPRM
Security Ratings
-
Overview of Methodology
-
Risk factors and scoring
-
Benefits
TPRM Life Cycle and Process
-
Overview of the TPRM process, Roles and Responsibilities
-
Inherent Risk, Control Effectiveness & Residual Risk
Security Due Diligence (Deep Dive)
- Information Security Domains
- Security and Privacy Regulations
- Security Standards
- Assessment Reports
- Templates
Contract Management
- Overview & Life Cycle
- Types of contracts & examples
- Security Exhibit & Importance
- Applicability of Security Exhibit
- Sample of Security Exhibit
- Use Cases & approach to deviations
TPRM Operations
- Teams supporting end-to-end Onboarding
- Standard Operating Procedures (SOPs), Policies, Templates
- Change Management Process
- TPRM Metrics
- TPRM Program Reporting (Operational, Senior Management, Board)
- Top Challenges (People, Process and Technology) & Solutions
- Best Practices
TPRM Audit
- Pre-requisites for Internal & External Audit
- Documentation
- Inventory Management (Third Party, risks and reports)
- Risk Acceptance & Exceptions
- Findings Management
Third Party Incident Management
- Triage & Respond
- Stakeholder Communication
- Evidence gathering & Impact analysis
- Reporting & Assessment
TPRM Program
- Objectives
- Essential building blocks of the TPRM Program
- Pre-requisites to build the TPRM program (policy, budget, approval, tools, human resources, process, teams)
Environmental, Social and Governance (ESG)
- Overview and Relevance to TPRM
- Key topics to include in Security Due Diligence
Issues Management
-
Overview & Life Cycle
-
Challenges & Solutions
-
Best Practices
-
Templates
Skill Competency in Human Resources
- Technical Skills
- Relevant Certifications
- Soft Skills
- Stakeholder Management
Workshop
TPRM Industry Specific use cases & challenges
Apply the topics and concepts learned
Practice use cases which would be close to a real-case scenario
Conduct Due Diligence with templates
Security recommendations based on the engagement and challenges
Document issues using templates
Prepare Sample reports with templates
Draft observations, risk statements, impact and mitigation
Recommend compensatory security controls to reduce risk to acceptable levels
Contract negotiation & deviations
How will the ‘Advanced’ course benefit you?
- To apply the concepts, techniques, standard processes, and best practices in your operations
- Derive key metrics that are relevant to the senior management and board
- Liaise with other teams to ensure a smooth transition of key steps in the TPRM process
- Recommend viable solutions to the most common problems
- Build relationships with businesses and across teams in spreading awareness
- Provide valuable suggestions and inputs to the leadership
- Develop reports (& trends) that give insights to the top management
Learning material that each participant will get:
- Access to online course content in LMS during the training and for one week after the training
- Quick reference guide on all topics covered (to retain)
About the Trainer
Sohil K. Naikwadi
COO, Defentrix Solutions Pvt. Ltd.
Sohil K. Naikwadi is an Information Security Professional with a Master’s Degree (MSc in Network Security) from the UK and over 16 years of proven experience playing various security and TPRM roles.
Sohil K. Naikwadi
COO, Defentrix Solutions Pvt. Ltd.
Sohil K. Naikwadi is an Information Security Professional with a Master’s Degree (MSc in Network Security) from the UK and over 16 years of proven experience playing various security and TPRM roles.
- TPRM consultant (Management) to drive Third Party security operations, perform due diligence, Senior management and board reporting, practice automation, train the team on technology, process, due diligence, contract management, internal audit, face external audit
- Security consultant delivering professional services across industries and geographies including but not limited to Implementation of standards, policies, procedures, facing external audits
- Information Security officer implementing and managing ISMS as per ISO 27001, ISO 27002 and NIST standards
- Internal auditor to prepare organizations to improve the effectiveness of security controls and face external audits (ISO 27001)
- Security compliance specialist to ensure clients maintain a good security posture
Sohil has extensive security experience working with several Fortune 500 companies across various domains like Information Technology, Retail and Banking.
Sohil has also demonstrated excellence in delivering security projects in the areas of Education, Defence and Government. As a passionate security person, Sohil has delivered multiple training sessions on Information Security awareness, Third Party Risk Management, HP Openview and Novell ZEN Works suite of products.
Certifications to Credit:
- ISO 27001 Lead Auditor
- Certified in Risk and Information Security Controls (CRISC)
- Cisco CCNA R&S, CCNA Security, CCNP
- AZ-900
- Leadership Essentials from the National University of Singapore (NUS)
Frequently Asked Questions
Who should enrol for this course?
Industry professionals in the following fields would benefit from this Course
- Information Security Audit
- Risk Management Professionals who aspire to learn and gain exposure to TPRM
- Professional Services (consulting)
- Business Sponsors/Partners
- Security Compliance
- Supply Chain Professionals
- Procurement Professionals
- Security/Risk Analysts
- Legal
How would this course benefit you?
- Develop and expand TPRM as a niche skill in the industry
- Practical exposure would help understand the dynamics of operations
- Helps understand the gaps (if any) in the current process followed
- Participate in crucial discussions with the business and security leadership
- Helps to cross-train team members
- Build a Knowledge base for the team
- Better manage the risks identified
What are the pre-requisites before you enrol for the course?
- Good understanding of basic concepts of risk management lifecycle
- Good exposure to information security domains
- Exposure to regulations and security standards
- Exposure to the concepts of security audits
- Moderately fluent in spoken and written communication (English)
- Exposure to basic legal terms and definitions such as liability and indemnity
What kind of support can I expect after the training?
- Post-training, participants will have access to the LMS for one week to review the course content and make notes.
- 1:1 session for an hour for any TPRM-related topic of discussion in the week after the training.
How does a company engage with Defentrix to avail the training?
- Please write to training@defentrix.com or Call us on +91 80 43712813.
How do I pay for the training?
Payment can be made in the following ways
1.Bank Transfer (NEFT/RTGS)
Account No : 922020032633914
Account Name : DEFENTRIX SOLUTIONS PRIVATE LIMITED
IFSC Code : UTIB0000363
Branch : R T NAGAR BRANCH, BANGALORE – 560032
2.Credit and Debit Card
3.UPI
4.Invoice (for companies)
Do I need to make the payment in full?
Yes, at least 3 working days before the course commences. For <3 days, please reach out to us at training@defentrix.com
Is Live Virtual training available for enrolment?
What if the training is cancelled/rescheduled due to unforeseen circumstances?
Be rest assured, in such circumstances, we will ensure training is rescheduled by keeping the convenience of participants. Despite this, if you want to opt-out, we will refund the amount paid.
Hone your TPRM skills with Defentrix’s classroom training
Contact us today for our flagship Foundation and Advanced TPRM training
Latest Resources
2024 Leadership Vision for Third Party Risk Management (TPRM)
CISOs have a diverse array of rapidly evolving priorities, threats, demands, regulatory pressures, and technology changes to address. Leaders need a structured approach to today's security and risk landscape covering third-party risk. This blog sheds light on...
TPRM Awareness, upskill and cross skill
The security world is very diversified, with the majority of the organizations practicing defensive security while a few have adopted offensive security as well. Security professionals need to keep abreast with developments in Third Party Risk Management space and...
DPDP Act 2023 (India) and Third Party Risk Management (TPRM)
The impact of globalization, social networking, outsourcing, adoption of cloud and technologies, cross border data flows are some of the prominent reasons why data collection and sharing is ubiquitous in this digital age. Many countries have realized the importance of...