Third-Party & Vendor Risk: Build Your NIST CSF 2.0 Standard — Module 3 of 4
Your vendors are your biggest unmanaged risk — and auditors know it.
Third-party and vendor risk is one of the top findings in SOC 2 audits, NIST CSF assessments, and ISO 27001 certifications. Most organizations have a vendor list and a questionnaire. That is not a vendor risk program.
In this two-hour workshop, you will build one.
What you'll build: — A vendor risk tiering model (critical, high, medium, low) based on actual risk — A risk-based assessment process that scales without overwhelming your team — A vendor onboarding checklist and ongoing monitoring process — An evidence package your auditor will accept across NIST, ISO 27001, and SOC 2 — A third-party incident response protocol
What we cover: — How to classify vendors by actual risk — not just contract size — What assessments to run and how often — How to handle vendors who won't complete questionnaires — The exact controls auditors look for in third-party risk programs — How this maps across all three frameworks using Build Once, Map to All
You leave with: A working vendor risk program — tiering model, assessment templates, and monitoring process — ready to present to your team or auditor the same day.
Ticket options: Standard ($79) — workshop + vendor tiering model + assessment template + monitoring guide + mapping reference + 7-day recording access Premium ($179) — Standard + priority Q&A + your vendor risk program reviewed by Meenu with written feedback + 30-day recording access VIP ($379) — Premium + private strategy session with Meenu + 30-day implementation roadmap tailored to your organization
Who this is for: CISOs, GRC managers, and security professionals who need a defensible vendor risk program. Also ideal for AI startups whose enterprise clients are asking about supply chain security.
Module 3 of 4. Purchase the full GRC Builder Series bundle for $249 and attend all four sessions.
Hosted by Meenu Chadha — founder of Cyber Advisory and fractional vCISO.