Third parties play a critical role in government operations, but every vendor relationship can carry information security risks. This course helps participants understand why third-party risk assessments matter, what to look for when working with vendors, and how good governance, controls and risk awareness can help protect government information.

Is this course right for you?

This course is designed for staff who liaise with, coordinate, administer, onboard, manage or procure third-party vendors of any size.

It may be right for you if you:

  • Liaise with third-party vendors
  • Coordinate or administer vendor arrangements
  • Have, or aspire to have, a role in onboarding, managing or procuring third-party vendors
  • Work with government information and need a stronger understanding of information security risk
  • Want to build basic awareness of information security when dealing with vendors
  • Need to understand how third parties can affect government information security

What you’ll explore

This session covers key considerations, risks and practical steps involved in assessing information security risk with third parties.

  • Security risk assessment considerations and baseline principles
  • Agency knowledge of third parties, including:
    • Why third-party risk assessments are important in government
    • What role third parties play in government and how this links to information security
    • When information security needs to be considered throughout the supply chain
  • Information on security risk assessments for third parties, including:
    • Types of information security risks
    • Consequences and impacts, with examples
    • Establishing good governance and information controls with vendors
    • Resources, including references, tools and agency delegates
  • Practical exercise of an information security risk assessment

Benefits to You and Your Organisation

  • Uplift staff capability
  • Increase protection of government information when dealing with third parties
  • Reduce government exposure to information security risk
  • Build awareness of controls
  • Develop a stronger risk mindset when liaising with vendors and handling government information

Should Attend

This course is suitable for all staff who liaise with, coordinate or administer third-party vendors, whether small or large.

It is also suited to staff who have, or aspire to have, a role in onboarding, managing or procuring third-party vendors, as well as staff seeking basic awareness and understanding of the importance of information security when dealing with vendors.

Group Bookings

**For groups of five or more, IPAA SA can tailor the training to suit your organisation. Group bookings may also be eligible for a preferential rate. Complete the form, and our team will be in touch to discuss options. **

Learn about our speakers

Cristina Harvey

Director
Competency First

Cristina has over 26 years delivery experience nationally and with international training in technology assurance and information security.  Cristina has multiple certifications in technology and enterprise assurance (CISA, Lead Auditor ISO27001, CIA, CRMA, ITIL 4), is a change practitioner (Prosci) and Certified as a Training and Evaluator (Kirkpatrick Bronze) for capability uplift.

She has presented at international events on information security practices and learnings. Cristina has lead state government information, records, cyber, assurance, governance and risk functions, with over 15 years’ experience in delivering within the public sector and 10 years across the private sector. 

She has undertaken information security and management, controls design, delivery and evaluation, and assurance and risk staff training across State Agencies .

Cristina is passionate about uplifting competencies across the public sector, ultimately to improve state citizens’ lives through supporting quality government outcomes.

Upcoming course availability

In person

September 2026

Monday, 07 September 2026

Register now

Format
Face-to-face

Duration
1 half-day
9:00am -12:30pm (8:45am registration)

Inclusions
Resources, morning tea and refreshments

Location
Adelaide CBD, SA 5000
(please visit registration links for further information)
View map

Costs
Personal Member $355
State Govt Employee Member $390
Corporate Member $405
Non-member $440

This course is also available in-agency. Please contact us for further information

You may also be interested in these courses at IPAA SA.

AI, Scams and Social Engineering: Practical Cyber Skills for Government

Cyber threats are becoming more sophisticated, and public servants play a vital role in protecting sensitive information.

  • 1 full-day
  • Affiliate, Emerging Leader, Executive, Graduate/Student, Manager/Next-Exec, Professional, YIPAA
Read more

Introduction to Risk Management

Departments are often under-resourced with Risk/Internal Audit teams being smaller but having a huge responsibility across changing and emerging risks. This session introduces key risk management topics and aligns the teaching with specific risk thoughts within your Department. The session is designed to complement the current risk management practices of the state government and promotes the current risk management team.

  • 1 half-day
  • Affiliate, Emerging Leader, Executive, Graduate/Student, Manager/Next-Exec, Professional, YIPAA
Read more

Risk Management for Leaders

Management is doing things right; Leadership is doing the right things – More Peter Drucker wisdom. This session dives into leadership responsibilities in the risk landscape and how effective decision-making can shape the maturity of their organisation.

  • 1 full day
  • Executive, Manager/Next-Exec
Read more

The Assurance Trifecta

Discover how governance, risk management and internal control intersect to create strong organisational assurance. This session provides practical insights to help leaders build confidence, accountability and resilience across their teams and systems.

  • 1 full day
  • Executive, Manager/Next-Exec
Read more