Applying the FAIR™ Model to Third-Party Risk Management
FAIR TPRM Specialization Training Course - May 2025
May 19 - 23, 2025

This five-day virtual course is designed for professionals who support or manage Third-Party Risk Management (TPRM) programs and want to shift from a traditional compliance-based approach to a risk-based strategy using the FAIR™ (Factor Analysis of Information Risk) methodology.

Through instructor-led training, real-world examples, and hands-on scenario practice, students will learn how to quantify third-party cyber risk using FAIR’s principles of probable loss frequency and magnitude. The course focuses on embedding FAIR into the TPRM lifecycle—from vendor intake to assessment and risk treatment—helping organizations make more informed, value-driven decisions about their vendors.

  • Dates: May 19–23, 2025
  • Time: 11:00 AM – 1:00 PM EDT (Daily, Virtual via FAIR Academy)
  • Tuition: $495
  • Certificate: FAIR TPRM Specialization Certificate (upon successful completion of final assessment)

Who Should Attend:

  • TPRM professionals and analysts
  • Cybersecurity and GRC teams
  • Procurement and Vendor Risk stakeholders
  • Risk managers and risk consultants
  • Anyone seeking to enhance third-party risk analysis with FAIR

Learning Objectives:

By the end of this course, participants will be able to:

  • Explain the difference between compliance-based and risk-based TPRM approaches
  • Model vendor risk scenarios using FAIR
  • Apply quantitative analysis to assess third-party cyber risk
  • Communicate vendor risk exposure to business stakeholders in financial terms
  • Use FAIR to prioritize third-party assessments and risk mitigation efforts

Certification:

Participants who complete all five sessions and pass the online assessment will receive a FAIR TPRM Specialization Certificate, demonstrating their ability to apply FAIR in third-party risk management contexts.

Agenda (ET*)
Monday, May 19
11:00 AM
11:00 AM
11:00 AM - 1:00 PM
11:00 AM - 1:00 PM
- Understanding the TPRM landscape - Key challenges in today’s third-party risk programs - Introduction to FAIR and quantitative risk analysis - Why FAIR is essential for third-party risk - Walkthrough of the FAIR-TAM (Third-Party Assessment Model)
Tuesday, May 20
11:00 AM - 1:00 PM
11:00 AM - 1:00 PM
- Elements of a FAIR scenario in the TPRM context - Identifying assets, threat communities, and impact - Defining scenarios for cloud providers, processors, and service partners - Aligning TPRM processes with scenario-based analysis
Wednesday, May 21
11:00 AM - 1:00 PM
11:00 AM - 1:00 PM
- Estimating probable frequency for third-party events - Modeling loss magnitude: data sensitivity, liability, downtime, etc. - Using calibrated estimation techniques - Scenario practice: What is the risk of a key vendor outage?
Thursday, May 22
11:00 AM - 1:00 PM
11:00 AM - 1:00 PM
- Where FAIR fits across the TPRM lifecycle: intake, assessment, review - Prioritizing vendors based on inherent and residual risk - Risk treatment options and cost-benefit thinking - Sample risk register entries with FAIR outputs
Friday, May 23
11:00 AM - 1:00 PM
11:00 AM - 1:00 PM
- Communicating third-party risk in financial terms - Example dashboards & reporting strategies - Live group scenario: presenting a third-party risk case to executives - Final FAIR TPRM Assessment (online quiz) - Wrap-up & next steps for certification
1:00 PM
1:00 PM
Speakers

Bernadette Dunn

As the Head of Education at the FAIR Institute, Bernadette has had the privilege of coaching hundreds of executives and equipping them with the tools to excel in cybersecurity and risk management.

No records found.

A class minimum of eight (8) participants is required for all training courses. In the event that there are not at least eight (8) participants registered by the cut-off date, the training class will be cancelled and all fees paid will be held for a future date. All class registration will be cut-off one (1) week prior to the proposed training date.