ED-EL-05 – Building a Data-Driven Third-Party Risk Management (TPRM) Program with FAIR™ – e-Learning

Duration: Approximately 10 hours of e-Learning content (unlimited access for 3 months)
Training format: Asynchronous (e-Learning)
CPE credits: 10

Pricing

  • €695 excl. VAT per person – ED-EL-05.1
  • €2,780 excl. VAT / 5 participants – ED-EL-05.2
  • €4,170 excl. VAT / 10 participants – ED-EL-05.3
Description:

This advanced e-Learning program provides a practical, scenario-based approach to managing cyber and operational risks related to third parties using the FAIR™ Standard.

The course covers the full lifecycle of a TPRM program: third-party mapping, due diligence, contracting, onboarding, continuous monitoring, and periodic review. At each stage, participants learn how to identify key exposures, build risk scenarios, and quantify them in financial terms using data-driven methods.

Modules are supported by concrete examples drawn from a variety of supplier contexts (IT service providers, managed service providers, critical SaaS vendors, outsourcing partners, etc.) and demonstrate how to prioritize efforts with partners to effectively reduce risk exposure.

By the end of the program, participants will be able to apply FAIR™ to build or strengthen a measurable and defensible TPRM program, capable of supporting discussions with business units, procurement, legal teams, and executive leadership.

Description:
Pricing

€695 excl. VAT per person – ED-EL-05.1
€2,780 excl. VAT / 5 participants – ED-EL-05.2
€4,170 excl. VAT / 10 participants – ED-EL-05.3

Duration

Approximately 10 hours of e-Learning content (unlimited access for 3 months)

Training format

Asynchronous (e-Learning)

CPE credits

10

Learning Objectives:

By the end of the course, participants will be able to:

  • Understand the specific cyber and operational risk challenges introduced by third-party relationships
  • Identify assets, threats, and loss events involved in third-party risk scenarios
  • Build FAIR™ scenarios tailored to different types of suppliers and supply chains
  • Quantify third-party risks using calibrated estimation ranges and Monte Carlo simulations
  • Integrate quantitative results into due diligence, contracting, onboarding, and ongoing third-party monitoring
  • Communicate vendor risk exposure in financial terms to support decision-making and remediation prioritization
Target Audience:

Who Should Attend

CISOs / Heads of Information Security, cybersecurity or risk analysts, TPRM practitioners, GRC consultants, procurement teams, vendor managers, and technical auditors involved in assessing and monitoring third parties.

Prerequisites

None required. However, a basic understanding of risk quantification with FAIR™ may be beneficial.

Course Content:

Introduction to Data-Driven TPRM

  • Challenges and limitations of traditional TPRM approaches (checklists, generic scoring methods)
  • Principles of a FAIR™-based TPRM program grounded in financial risk quantification

Mapping and Segmenting Third Parties

  • Typology of third parties and critical dependencies (cloud, SaaS, managed services, business service providers, etc.)
  • Segmentation based on risk exposure rather than purely contractual or financial criteria

Building Third-Party Risk Scenarios with FAIR™

  • Identifying assets exposed through third parties and associated threats
  • Developing FAIR™ scenarios for various use cases (data breaches, service outages, fraud, etc.)
  • Collecting and estimating data required for quantification

Quantifying Risk and Prioritizing Actions

  • Using estimation ranges and Monte Carlo simulations to measure third-party risk exposure
  • Comparing scenarios and remediation options (contractual clauses, mandated technical controls, business continuity plans, etc.)

Integrating FAIR™ into the TPRM Lifecycle

  • Initial due diligence: using quantification to inform acceptance or conditional approval decisions
  • Contracting and onboarding: linking security requirements and contractual obligations to measured risk levels
  • Continuous monitoring: leveraging quantitative results in periodic vendor reviews and portfolio management
Instructional Team:
  • Course designed by C-Risk experts in TPRM and FAIR™
  • Case studies inspired by real-world consulting engagements involving data-driven TPRM program development
Monitoring of implementation and evaluation of results:
  • Quizzes and practical exercises throughout each module to reinforce key concepts
  • Final capstone exercise: building a mini FAIR™-based TPRM program applied to a fictional third-party portfolio
Technical and educational resources:
  • Video modules, detailed case studies, and demonstrations of FAIR™ analyses applied to third parties
  • Scenario templates and tools for identifying, analyzing, and assessing third-party risks
  • 3-month access to the eLearning platform to review content and materials
Need to know more?
Contact us
Contact us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
C-risk

Advance Your Career with Cyber Risk Management Training

E-learning platform and instructor-led courses in quantification, cyber risk frameworks, and data-driven decision-making.
C-Risk Education equips you with the skills to analyze and manage cyber risk effectively. Our training covers multiple methodologies and frameworks: cyber risk quantification, EBIOS RM, third-party risk management, and advanced threat and control assessment techniques. 
Learn practical, immediately applicable skills across the full spectrum of modern cyber risk management.

Introduction to Data-Driven Cyber Risk Management with the FAIR™ Standard

Learn data-driven cyber risk management with FAIR standard. 3-hour instructor-led course on quantifying cyber risk in financial terms. No prerequisites.

Half-day (3 hours)
Learn more
Introduction to Data-Driven Cyber Risk Management with the FAIR™ Standard - e-Learning

Learn FAIR™ cyber risk quantification at your own pace. 3-hour e-learning covering risk management fundamentals and financial risk analysis.

3 hours of e-Learning content (unlimited access for 3 months)
Learn more
Data-Driven Cyber Risk Management with the FAIR™ Standard for Practitioners

Master FAIR™ methodology in 12 hours. Learn quantitative cyber risk analysis, overcome qualitative limits, and make data-driven security decisions.

12 hours
Learn more
Data-Driven Cyber Risk Management with the FAIR™ Standard for Practitioners - e-Learning

Master FAIR™ cyber risk quantification with 12 hours of e-learning. Model risk scenarios, estimate loss factors, prepare for Open FAIR™ 2 certification.

Approximately 12 hours of e-Learning content (unlimited access for 3 months)
Learn more
Maximize your chances of success with Data-Driven Cyber and Technology Risk Governance - Module for executives

Executive training in cyber risk quantification using FAIR™. Learn data-driven governance for strategic cybersecurity decisions. 3-hour course, 3 CPE credits.

1 hour
Learn more
Turning Controls into Measurable Risk Reduction with FAIR-CAM

Learn to quantify security control effectiveness using FAIR-CAM™. Model risk reduction, analyze attack chains, and integrate controls into FAIR™ analyses.

4 hours
Learn more
Turning Controls into Measurable Risk Reduction with FAIR-CAM – e-Learning

Master FAIR-CAM™ to quantify security control effectiveness. 10-hour e-learning for FAIR practitioners. €695 per person. 10 CPE credits included.

Approximately 10 hours of e-learning content (unlimited access for 3 months)
Learn more
Building a Data-Driven Third-Party Risk Management (TPRM) Program with FAIR™ – e-Learning

Learn to quantify third-party cyber risks using FAIR™. 10-hour e-learning course covering TPRM lifecycle, risk scenarios, and financial quantification.

Approximately 10 hours of e-Learning content (unlimited access for 3 months)
Learn more