IT Audit Bytes - Third-Party IT Risk Management (TPRM) 0.5 CPE

Third-party (or Supply Chain) Risk Management (TPRM) is a process that organizations use to identify and reduce risks associated with their business relationships with third parties. Third parties can include vendors, suppliers, contractors, and service providers, and often, these partners are your biggest security risk. This session discusses controls specifically for these third-party relationships.

This course is a part of IT Audit Bytes series. The other Segments of this series are:

1. IT Audit Bytes - Access Control
2. IT Audit Bytes - Backup and Recovery
3. IT Audit Bytes - Change Management
4. IT Audit Bytes - Cybersecurity
5. IT Audit Bytes - Data Loss Prevention
6. IT Audit Bytes - Disaster Recovery and BCP
7. IT Audit Bytes - IT Control Frameworks/li>
8. IT Audit Bytes - Job Monitoring
9. IT Audit Bytes - Logging and SEIM
10. IT Audit Bytes - Network Security and Detection
11. IT Audit Bytes - Password Management
12. IT Audit Bytes - Physical Security
13. IT Audit Bytes - Provisioning and Deprovisioning
14. IT Audit Bytes - SDLC Controls
15. IT Audit Bytes - Security Awareness Training
16. IT Audit Bytes - Separation of Duties Controls
17. IT Audit Bytes - SOC Reports
18. IT Audit Bytes - Strategy and Governance
19. IT Audit Bytes - Third-Party IT Risk Management (TPRM)

Prerequisites

No advanced preparation or prerequisites are required for this course.

Learning Objective

• Explore and relate NIST Framework controls to real-world applications.
• Identify and list the tests auditors can perform on TPRM controls.
• Identify real-world examples of control failures.

Last updated/reviewed: March 05, 2025