DAY ONE
Tuesday | June 24, 2025
SESSION 1
12:00pm – 12:50pm CT
Navigating Third-Party Risk: Cybersecurity & Data Privacy Frameworks
Third-party relationships can introduce significant cybersecurity and data privacy risks. This session will explore key frameworks, including the NIST Cybersecurity Framework, to help organizations effectively assess vendor security, protect sensitive data, and mitigate potential threats.
By Michael Carpenter at Ncontracts
DAY TWO
DAY THREE
SESSION 2
2:00 - 2:50pm ET
10-MINUTE BREAK
1:50pm-2:00pm ET
The Future of Third-Party Risk: Regulations, Emerging Trends, & Best Practices
The third-party risk landscape is constantly evolving, with new regulations, emerging threats, and shifting industry expectations shaping how organizations manage vendor relationships. This session will explore the latest regulatory updates, key trends impacting third-party risk management, and best practices for staying ahead of the curve. Learn how to adapt your TPRM strategy to navigate regulatory changes, mitigate evolving risks, and enhance vendor oversight for long-term resilience.
By Rafael DeLeon at Ncontracts
1:00pm – 1:50pm CT
Q&A
2:50pm – 3:00pm ET
Agenda
1:50pm – 2:00pm CT
12:50pm-1:00pm CT
12:50pm-1:00pm CT
1:50pm – 2:00pm CT
Agenda
Tuesday | June 24, 2025
What You'll Learn:
A deep dive into common third-party risk management frameworks, including NIST
How to apply these frameworks to increase resilience and strengthen vendor oversight
Strategies for leveraging cross-disciplinary best practices across departments
Real-world case studies on applying security controls in vendor management
Practical steps for improving cybersecurity and data privacy in third-party relationships
Who Should Attend:
Ideal for IT leaders, Chief Information Security Officers (CISOs), vendor managers, operations and business continuity professionals, risk officers and procurement and sourcing teams.
The Future of Third-Party Risk: Regulations, Emerging Trends, & Best Practices
The third-party risk landscape is constantly evolving, with new regulations, emerging threats, and shifting industry expectations shaping how organizations manage vendor relationships. This session will explore the latest regulatory updates, key trends impacting third-party risk management, and best practices for staying ahead of the curve. Learn how to adapt your TPRM strategy to navigate regulatory changes, mitigate evolving risks, and enhance vendor oversight for long-term resilience.
Ideal for compliance officers, risk managers, vendor management professionals, IT and security leaders, procurement teams, and anyone responsible for managing third-party risk.
Insights into the latest third-party risk regulations and their impact on vendor management
An overview of emerging trends shaping the future of TPRM
Best practices for improving vendor oversight and mitigating evolving risks
Strategies for adapting your TPRM program to regulatory shifts
Lessons learned from real-world case studies
By Rafael DeLeon at Ncontracts
What You'll Learn:
Who Should Attend:
Register today and save your spot!
Insights into the latest third-party risk regulations and their impact on vendor management
An overview of emerging trends shaping the future of TPRM
Best practices for improving vendor oversight and mitigating evolving risks
Strategies for adapting your TPRM program to regulatory shifts
Lessons learned from real-world case studies
What You'll Learn:
Ideal for IT leaders, Chief Information Security Officers (CISOs), vendor managers, operations and business continuity professionals, risk officers and procurement and sourcing teams.
Who Should Attend:
DAY ONE
Wednesday | June 25, 2025
SESSION 3
12:00pm – 12:50pm CT
How to Read a SOC Report: Key Insights for Vendor Risk Management
SOC reports are a critical tool for assessing the security, availability, and integrity of a vendor’s systems—but only if you know how to interpret them effectively. This session will break down the different types of SOC reports, key sections to focus on, and how to translate findings into actionable vendor risk decisions. Whether you’re reviewing SOC 1, SOC 2, or SOC 3 reports, you’ll learn how to spot red flags, evaluate controls, and ask the right questions to protect your organization.
By Cathy Ryan at Ncontracts
DAY TWO
DAY THREE
SESSION 4
2:00 - 2:50pm ET
10-MINUTE BREAK
1:50pm-2:00pm ET
Managing Third-Party AI Risk: Ensuring Security, Compliance, & Trust
As vendors increasingly integrate artificial intelligence into their products and services, the risks associated with AI—bias, security vulnerabilities, regulatory uncertainty, and lack of transparency—become critical concerns for organizations. This session will explore how to assess and manage third-party AI risk, ensuring your vendors’ AI models align with security, privacy, and ethical standards. Learn how to ask the right questions, evaluate AI-related risks, and implement best practices for responsible AI oversight.
By Rafael DeLeon at Ncontracts
1:00pm – 1:50pm CT
Q&A
2:50pm – 3:00pm ET
Agenda
Beyond Third-Party Risk: Managing Fourth-Party & Nth-Party Risk
Your vendors rely on their own vendors—and that extended network can introduce risks you may not even see coming. Understanding fourth-party and nth-party risk is critical to strengthening your organization’s resilience and protecting sensitive data. This session will explore how to identify, assess, and mitigate risks beyond your direct vendors, ensuring you have visibility into the entire supply chain.
By Chinyere Watson at Ncontracts
Register today and save your spot!
1:50pm – 2:00pm CT
12:50pm-1:00pm CT
12:50pm-1:00pm CT
1:50pm – 2:00pm CT
Agenda
Wednesday | June 25, 2025
What You'll Learn:
The differences between SOC reports
Key sections of a SOC report, what you can review and when to call in a SME to help interpret critical findings
How to use the SOC to assess vendor controls and identify potential risks
Red flags to watch for and follow-up questions to ask vendors
How SOC reports fit into a broader third-party risk management strategy
Who Should Attend:
Ideal for vendor risk managers, IT and security professionals, compliance officers, auditors, and anyone responsible for assessing third-party security and compliance.
Managing Third-Party AI Risk: Ensuring Security, Compliance, & Trust
As vendors increasingly integrate artificial intelligence into their products and services, the risks associated with AI—bias, security vulnerabilities, regulatory uncertainty, and lack of transparency—become critical concerns for organizations. This session will explore how to assess and manage third-party AI risk, ensuring your vendors’ AI models align with security, privacy, and ethical standards. Learn how to ask the right questions, evaluate AI-related risks, and implement best practices for responsible AI oversight.
Ideal for vendor risk managers, IT and security professionals, compliance officers, procurement teams, and anyone responsible for evaluating AI-driven third-party relationships.
The key risks associated with third-party AI, including bias, security, and compliance challenges
How to assess AI-driven vendors and their models for transparency and reliability
Best practices for mitigating AI risks in vendor contracts and ongoing oversight
Regulatory considerations and emerging frameworks for AI governance
Real-world examples of AI risk impacting organizations and how to respond
By Rafael DeLeon at Ncontracts
What You'll Learn:
Who Should Attend:
Beyond Third-Party Risk: Managing Fourth-Party & Nth-Party Risk
Your vendors rely on their own vendors—and that extended network can introduce risks you may not even see coming. Understanding fourth-party and nth-party risk is critical to strengthening your organization’s resilience and protecting sensitive data. This session will explore how to identify, assess, and mitigate risks beyond your direct vendors, ensuring you have visibility into the entire supply chain.
By Chinyere Watson at Ncontracts
This session is ideal for vendor risk managers, IT and security professionals, procurement teams, compliance officers, and anyone responsible for third-party risk management.
The differences between third-party, fourth-party, and nth-party risk
How to gain visibility into your vendors’ vendors
Key strategies for assessing and mitigating extended supply chain risks
Best practices for integrating fourth-party risk into your TPRM framework
Real-world examples of how hidden risks can impact organizations
What You'll Learn:
Who Should Attend:
Ideal for vendor risk managers, IT and security professionals, compliance officers, auditors, and anyone responsible for assessing third-party security and compliance.
The differences between SOC reports
Key sections of a SOC report, what you can review and when to call in a SME to help interpret critical findings
How to use the SOC to assess vendor controls and identify potential risks
Red flags to watch for and follow-up questions to ask vendors
How SOC reports fit into a broader third-party risk management strategy
What You'll Learn:
Who Should Attend:
This session is ideal for vendor risk managers, IT and security professionals, procurement teams, compliance officers, and anyone responsible for third-party risk management.
The differences between third-party, fourth-party, and nth-party risk
How to gain visibility into your vendors’ vendors
Key strategies for assessing and mitigating extended supply chain risks
Best practices for integrating fourth-party risk into your TPRM framework
Real-world examples of how hidden risks can impact organizations
What You'll Learn:
Who Should Attend:
This session is ideal for vendor risk managers, IT and security professionals, procurement teams, compliance officers, and anyone responsible for third-party risk management.
The key risks associated with third-party AI, including bias, security, and compliance challenges
How to assess AI-driven vendors and their models for transparency and reliability
Best practices for mitigating AI risks in vendor contracts and ongoing oversight
Regulatory considerations and emerging frameworks for AI governance
Real-world examples of AI risk impacting organizations and how to respond
What You'll Learn:
Who Should Attend:
DAY ONE
Thursday | June 26, 2025
SESSION 5
12:00pm – 12:50pm CT
Measuring and Reporting Vendor Risk Program Success: Key Metrics & Best Practices
How do you know if your vendor risk management (VRM) program is effective? Measuring success goes beyond checking boxes — it requires tracking meaningful metrics, demonstrating risk reduction, and effectively communicating value to stakeholders. This session will cover key performance indicators (KPIs), reporting strategies, and best practices for assessing and improving your VRM program. Learn how to turn vendor risk data into actionable insights that drive better decision-making and long-term resilience.
By Denise Guira at Ncontracts
DAY TWO
DAY THREE
SESSION 6
2:00 - 2:50pm ET
10-MINUTE BREAK
1:50pm-2:00pm ET
Connecting Vendor Risk to Your Organization’s Bigger Goals
Managing vendor risk is critical — but it’s only one piece of the puzzle. Without integrating third-party risk management (TPRM) into enterprise risk management (ERM), organizations risk missing key threats, duplicating efforts, and making uninformed decisions. This session will break down what ERM is, why it matters for vendor risk professionals, and how aligning TPRM with a broader risk strategy can improve visibility, efficiency, and risk mitigation across the organization.
By Joe Terry at Ncontracts
1:00pm – 1:50pm CT
Q&A
2:50pm – 3:00pm ET
Agenda
Register today and save your spot!
1:50pm – 2:00pm CT
12:50pm-1:00pm CT
12:50pm-1:00pm CT
1:50pm – 2:00pm CT
Agenda
Thursday | June 26, 2025
What You'll Learn:
The key metrics and KPIs for evaluating vendor risk management success
How to communicate vendor risk performance to executives and board members
Best practices for tracking risk reduction and continuous program improvement
Who Should Attend:
Ideal for vendor risk managers, compliance and risk officers, IT and security leaders, procurement professionals, and anyone responsible for measuring and reporting on third-party risk.
Connecting Vendor Risk to Your Organization’s Bigger Goals
Managing vendor risk is critical — but it’s only one piece of the puzzle. Without integrating third-party risk management (TPRM) into enterprise risk management (ERM), organizations risk missing key threats, duplicating efforts, and making uninformed decisions. This session will break down what ERM is, why it matters for vendor risk professionals, and how aligning TPRM with a broader risk strategy can improve visibility, efficiency, and risk mitigation across the organization.
Ideal for vendor risk managers, procurement professionals, compliance officers, IT and security leaders, and anyone looking to elevate their vendor risk program by connecting it to broader organizational risk management.
What enterprise risk management (ERM) is and why it matters for vendor risk
How aligning TPRM with ERM improves decision-making and risk visibility
Practical strategies for integrating vendor risk assessments into a holistic risk framework
Connecting vendor risk to enterprise-wide goals
By Joe Terry at Ncontracts
What You'll Learn:
Who Should Attend:
Ideal for vendor risk managers, compliance and risk officers, IT and security leaders, procurement professionals, and anyone responsible for measuring and reporting on third-party risk.
The key metrics and KPIs for evaluating vendor risk management success
How to communicate vendor risk performance to executives and board members
Best practices for tracking risk reduction and continuous program improvement
What You'll Learn:
Who Should Attend:
Ideal for vendor risk managers, compliance and risk officers, IT and security leaders, procurement professionals, and anyone responsible for measuring and reporting on third-party risk.
What enterprise risk management (ERM) is and why it matters for vendor risk
How aligning TPRM with ERM improves decision-making and risk visibility
Practical strategies for integrating vendor risk assessments into a holistic risk framework
Connecting vendor risk to enterprise-wide goals
What You'll Learn:
Who Should Attend: