Governance, Risk & Compliance
Third-Party AI and Algorithm Risk Management
This in-depth course develops directly applicable capability in Third-Party AI and Algorithm Risk Management. It connects Third-Party AI Inventory and Tiering, Due Diligence and Evidence, and Contract and Control Requirements to the decisions, controls, and activities participants need to perform in their workplace.
Overview
Practical learning for workplace transfer.
This in-depth course develops directly applicable capability in Third-Party AI and Algorithm Risk Management. It connects Third-Party AI Inventory and Tiering, Due Diligence and Evidence, and Contract and Control Requirements to the decisions, controls, and activities participants need to perform in their workplace. The five-module curriculum progresses toward Vendor AI Risk Review, using evidence, scenarios, and work products appropriate to the subject.
Objectives
- Analyze third-party ai inventory and tiering, including embedded, standalone, api, model, agent, and subcontracted ai.
- Configure or structure due diligence and evidence, including intended use, training data, evaluation, security, privacy, resilience, and governance.
- Evaluate contract and control requirements, including use restrictions, data rights, model change, audit, incident, and exit terms.
- Manage monitoring and exit, including track versions, performance, drift, incidents, complaints, and provider changes.
- Apply vendor ai risk review, including tier a proposed ai service.
Target audience
- Professionals responsible for this subject area
- Managers, supervisors, and team leaders
- Analysts, specialists, engineers, or coordinators working with the relevant processes
- Project, implementation, assurance, or improvement team members
- Professionals preparing for broader responsibilities in this field
Program outline
A clear structure for the learning journey.
Program outline
Outline points are grouped in one designed block instead of being treated as separate module cards.
Module 1: Third-Party AI Inventory and Tiering
Embedded, standalone, API, model, agent, and subcontracted AI
Classify by data, autonomy, criticality, and affected parties
Identify fourth-party and model-provider dependencies
Module 2: Due Diligence and Evidence
Intended use, training data, evaluation, security, privacy, resilience, and governance
Test reports, model cards, certifications, incidents, and limitations
Validate claims rather than relying on questionnaires alone
Module 3: Contract and Control Requirements
Use restrictions, data rights, model change, audit, incident, and exit terms
Performance, bias, explainability, human oversight, and record access
Subprocessor and cross-border controls
Module 4: Monitoring and Exit
Track versions, performance, drift, incidents, complaints, and provider changes
Reassessment triggers and corrective action
Data return, model replacement, continuity, and lock-in reduction
Module 5: Vendor AI Risk Review
Tier a proposed AI service
Evaluate evidence and contract gaps
Set approval conditions and monitoring requirements
Materials provided
- ○ Course-specific presentation slides
- ○ Guided exercises, scenarios, or configured-environment activities appropriate to the subject
- ○ Course-specific worksheets, checklists, or calculation templates
- ○ Applied workplace case materials
- ○ 4D Certificate of Completion issued by 4D Training & Consultancy
- ○ Post-course support for implementation questions
Training Options
Programs can be delivered in-house, online, or in a blended format depending on your team's schedule, location, and learning objectives. When an external certificate or exam is included, certification rules and fees remain under the relevant awarding body's policies, while 4D provides the training and preparation support.
Why choose 4D
4D Training & Consultancy adapts the program to the client’s operating environment. Delivery combines structured explanation with subject-specific analysis, exercises, and implementation decisions so participants can transfer the learning to real responsibilities without implying vendor authorization.
Related courses
Enterprise Risk Management Based on ISO 31000
This practical course develops directly applicable capability in Enterprise Risk Management Based on ISO 31000. Participants work in depth on ISO 31000 Principles and Framework, and Risk Context and Criteria, and Risk Identification, then convert the methods into tools and actions suited to their workplace.
View courseCompliance Management Systems Based on ISO 37301
This practical course develops directly applicable capability in Compliance Management Systems Based on ISO 37301. Participants work in depth on Compliance Management Context, and Compliance Obligations, and Compliance Risk Assessment, then convert the methods into tools and actions suited to their workplace.
View courseAnti-Bribery Management Systems Based on ISO 37001
This practical course develops directly applicable capability in Anti-Bribery Management Systems Based on ISO 37001. Participants work in depth on Bribery Risk and ISO 37001, and Bribery Risk Assessment, and Financial and Nonfinancial Controls, then convert the methods into tools and actions suited to their workplace.
View course