{"product_id":"third-party-due-diligence-course","title":"Third-Party \u0026 Vendor Due Diligence","description":"\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThird-party relationships can improve capability, reduce costs, and provide access to specialist services, but they can also expose an organisation to cybersecurity incidents, regulatory breaches, service disruption, fraud, financial instability, unethical conduct, and reputational damage. This \u003c\/span\u003e\u003cspan\u003ethird-party due diligence course\u003c\/span\u003e\u003cspan\u003e helps professionals investigate vendors, classify supplier risks, evaluate controls, and make better-informed decisions before and throughout a commercial relationship.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThe online training explains how to recognise operational, financial, cybersecurity, data protection, environmental, social, governance, and reputational risks connected to suppliers and service providers. Learners explore vendor selection, risk assessments, segmentation, contractual controls, regulatory accountability, cloud security, incident response, ongoing monitoring, and evidence-based reporting through a five-module curriculum focused on Spain and the European Union.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/h2\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eWhat Is Third-Party Due Diligence Training?\u003c\/strong\u003e\u003c\/h2\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThird-party due diligence training explains how organisations assess external suppliers, vendors, contractors, consultants, cloud providers, distributors, and business partners before approving or continuing a relationship. It helps learners determine who the third party is, what services it provides, which risks it introduces, whether its controls are reliable, and how the relationship should be monitored.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThe process is more than a one-time supplier questionnaire. Effective vendor due diligence combines initial screening, risk classification, evidence review, contractual safeguards, performance monitoring, incident management, reassessment, and controlled termination. Where personal data is processed, the GDPR requires controllers to select processors that provide sufficient guarantees and to establish appropriate contractual and security arrangements. (\u003c\/span\u003e\u003ca href=\"https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj\/eng?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"\u003e\u003cspan\u003eEUR-Lex\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e)\u003c\/span\u003e\u003c\/p\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/h2\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eWho Should Take a Vendor Due Diligence Course?\u003c\/strong\u003e\u003c\/h2\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThis course is suitable for:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eCompliance officers\u003c\/span\u003e\u003cspan\u003e responsible for investigating third parties and documenting regulatory decisions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eProcurement and sourcing professionals\u003c\/span\u003e\u003cspan\u003e who select, assess, approve, and monitor suppliers.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eThird-party risk analysts\u003c\/span\u003e\u003cspan\u003e responsible for vendor segmentation, risk reviews, and remediation tracking.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eInformation security and cybersecurity teams\u003c\/span\u003e\u003cspan\u003e evaluating cloud providers, software suppliers, and outsourced services.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eData protection professionals\u003c\/span\u003e\u003cspan\u003e reviewing processors, subprocessors, data transfers, and security assurances.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eInternal auditors and assurance professionals\u003c\/span\u003e\u003cspan\u003e testing whether supplier controls operate effectively.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eLegal and contract management teams\u003c\/span\u003e\u003cspan\u003e supporting risk clauses, accountability, audit rights, and termination provisions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eOperational risk and business continuity teams\u003c\/span\u003e\u003cspan\u003e managing dependency, concentration, resilience, and service-disruption risks.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eManagers and business owners\u003c\/span\u003e\u003cspan\u003e accountable for services delivered through external organisations.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eInternational professionals\u003c\/span\u003e\u003cspan\u003e who work with Spanish or EU-connected vendors and need practical regulatory awareness.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/h2\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eWhat Does Third-Party Due Diligence Training Cover?\u003c\/strong\u003e\u003c\/h2\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eThe course covers the complete vendor risk lifecycle, beginning with the reasons third parties create business risk and progressing through Spanish and European regulatory expectations, risk identification, supplier segmentation, professional investigations, contracting, governance, monitoring, cybersecurity, cloud risk, and programme development.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eLearners examine how to collect relevant evidence, distinguish critical suppliers from lower-risk providers, assess operational and financial stability, evaluate cybersecurity safeguards, identify ESG and reputational concerns, communicate findings, and convert assessment results into proportionate business decisions. The detailed course curriculum appears below.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eProfessionals with responsibility for human-rights and environmental supplier oversight may also consider the complementary\u003c\/span\u003e\u003ca href=\"https:\/\/spanishcomplianceinstitute.com\/es-spanish\/products\/csddd-due-diligence-supply-chain-compliance\" target=\"_blank\" rel=\"noopener\"\u003e\u003cspan\u003e \u003c\/span\u003e\u003cspan\u003eCSDDD Due Diligence and Supply Chain Compliance course\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch2\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/h2\u003e\n\u003ch2\u003e\u003cstrong\u003eCurriculum Summary\u003c\/strong\u003e\u003c\/h2\u003e\n\u003cdiv dir=\"ltr\" align=\"left\"\u003e\n\u003ctable\u003e\n\u003ccolgroup\u003e\n\u003ccol width=\"370\"\u003e\n\u003ccol width=\"231\"\u003e\n\u003c\/colgroup\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eModule\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eKey Topics\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eModule 1: Why Third Parties Become Your Biggest Business Risk\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eHidden risks within vendor relationships\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eOrganisational accountability for outsourced activities\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eIdentification of critical suppliers\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eRisk-first culture and governance\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eModule 2: Navigating Spanish and European Regulations Without Costly Compliance Mistakes\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eSpanish third-party risk requirements\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eGDPR, AML, public procurement, and sector rules\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eContractual and ethical accountability\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eContinuous regulatory monitoring\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eModule 3: Spotting High-Risk Third Parties Before They Put Your Organisation at Risk\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eOperational, financial, cyber, ESG, and reputational risks\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eThird-party risk assessment methods\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eVendor segmentation and criticality\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eRisk-informed business decisions\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eModule 4: Building a Third-Party Due Diligence Programme That Actually Works\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eSupplier selection and onboarding\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eProfessional due diligence investigations\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eContracts, governance, and risk controls\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003ePerformance monitoring and escalation\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eModule 5: Protecting Your Organisation Against Third-Party Cybersecurity and Supply Chain Risks\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eThird-party cyber threats\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eSupplier security assessments\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eCloud, incident, and digital supply-chain risk\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eFuture-ready risk management programmes\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/h2\u003e\n\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eWhy Is Continuous Vendor Due Diligence Important for Compliance and Resilience?\u003c\/strong\u003e\u003c\/h2\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eA supplier that appeared acceptable during onboarding may later change ownership, outsource important services, experience financial difficulties, suffer a data breach, lose key personnel, enter a higher-risk market, or fail to maintain agreed controls. Point-in-time checks cannot reliably identify every change that develops during the relationship.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003ePoor third-party oversight can contribute to:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eData protection breaches and insecure processing arrangements.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eOperational outages and failure of critical outsourced services.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eFraud, bribery, money laundering, or conflicts-of-interest exposure.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eWeak audit trails and unsupported supplier approval decisions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eContract disputes, unexpected costs, and ineffective service-level controls.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eCyberattacks involving cloud providers, software suppliers, or subcontractors.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\n\u003cp dir=\"ltr\" role=\"presentation\"\u003e\u003cspan\u003eReputational damage caused by unethical or irresponsible supplier conduct.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSpanish Law 10\/2010 establishes due diligence obligations for organisations within its AML scope, while Spain’s Public Sector Contracts Law 9\/2017 promotes transparency, integrity, fair treatment, and effective use of public funds. These requirements do not apply identically to every organisation, but they demonstrate why supplier decisions must be documented and proportionate to risk. (\u003c\/span\u003e\u003ca href=\"https:\/\/www.boe.es\/buscar\/act.php?id=BOE-A-2010-6737\u0026amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"\u003e\u003cspan\u003eBOE\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e)\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eCybersecurity expectations increasingly extend into supplier relationships. NIS2 includes supply-chain security within its cybersecurity risk-management measures, while DORA establishes ICT third-party risk obligations for financial entities within its scope. (\u003c\/span\u003e\u003ca href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX%3A02022L2555-20221227\u0026amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"\u003e\u003cspan\u003eEUR-Lex\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e)\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eCompleting this online vendor due diligence training supports stronger professional judgement, more consistent investigations, better documentation, and improved communication between procurement, compliance, legal, cybersecurity, risk, and operational teams. It can help individuals and employers develop a more structured approach to supplier assurance without presenting due diligence as a simple checklist exercise.\u003c\/span\u003e\u003c\/p\u003e","brand":"Spanish Compliance Institute","offers":[{"title":"Default Title","offer_id":53610729144667,"sku":null,"price":34.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0963\/1118\/1659\/files\/Third-Party_Vendor_Due_Diligence_1.webp?v=1784270719","url":"https:\/\/spanishcomplianceinstitute.com\/products\/third-party-due-diligence-course","provider":"Spanish Compliance Institute","version":"1.0","type":"link"}