LIMITED TIME OFFER

Free Third-party
Risk workshop

   Valid until: Friday 7th August 2026.
 
Participate in a practical, personal 45-minute workshop alongside an accredited GRC consultant to review your organisation's current approach, prioritise supplier risk and receive expert recommendations aligned to emerging UK regulatory expectations. 
 
Terms and conditions apply.

Your organisation is only as strong as its weakest link

Third-party risk is becoming harder to manage and more important to control, driven by changes in how attacks occur, how ownership is defined and how supply chains are structured. This workshop is designed to help you respond to these challenges, bringing structure to third-party risk and enabling a more consistent, controlled approach across your supply chain that supports resilience, as well as compliance.

Third parties remain a common entry point for incidents

Attackers increasingly target suppliers and service providers as a scalable route into organisations, with research indicating that up to 50% of data breaches now involve a third party1.

Regulatory accountability extends across the supply chain

Impending UK regulation, such as the Cyber Security and Resilience Bill (CSRB), signals a shift toward clearer ownership of cyber risk, extending governance beyond their own perimeter.

Expanding ecosystems are increasing risk exposure

Modern supply chains have evolved into complex, multi-tiered ecosystems, making it increasingly difficult to maintain visibility and enforce consistent security standards across suppliers, platforms and outsourced services.

1 Verizon, 2026.

certs-iso42001
accred-iso27001-1
accred-iso9001-1
accred-ccoe-1
accred-microsoft-1
MISA Member badge
CE-Cert-Body
CE-Plus-Cert-Body
accred-octwf-1
CHECK Penetration Testing (Dark Logo)
62e468cf-a2e6-4271-840c-ba22fd7cd710
accreds-pciqsa-1
accred-caa-1
certs-part3_0003_PT-1
certs-part3_0001_STAR-1
certs-part3_0000_va-1
certs-part3_0002_SOC-1
certs-part3_0004_IR-1
comptia-logo
AG-Distributor
AG-mssp

Who it's for

This workshop has been designed to support upper mid-market and enterprise organisations operating at scale and across complex, distributed supplier ecosystems, including those that are:

Preparing for new regulatory requirements

If your organisation is expected to fall within the scope of upcoming regulation, like the Cyber Security and Resilience Bill, this workshop will help you understand how third-party risk should be managed and evidenced to support compliance.

Lacking visibility and consistency across suppliers

If you rely on a growing network of suppliers, but risk assessment is inconsistent or fragmented, this workshop will help you introduce greater structure and consistency when identifying and managing third-party risk.

Moving away from ad-hoc processes to a structured approach

If third-party risk is currently managed through informal processes, spreadsheets or one-off assessments, this workshop will help you move toward a more consistent and defensible approach aligned to business impact and governance requirements.

What you'll leave with

 
Through this focused 45-minute workshop, you will gain a clear view of how third-party risk is currently managed across your organisation, along with a path forward aligned to how effective third-party risk management operates in practice*.
 
You’ll leave with:
 
  • Expert recommendations on how to prioritise and manage supplier risk effectively.
  • Insight into how mature organisations structure third-party risk governance.
  • Clear next steps to strengthen governance and oversight across your supply chain.
 
Delivered by our accredited governance and risk specialists, this advisory session draws on experience across both framework design and ongoing third-party risk management, ensuring our approach is practical, relevant and grounded in real-world application.

Complete this short form to request your free workshop.

* This introductory session is designed to provide guidance and direction only. Any details implementation support, tooling or formal outputs can be scoped separately.
Keep reading for full terms and conditions.

Terms and conditions

Eligibility
1.1. This offer is available to organisations that have 500 or more employees, and/or operate within a complex or multi-supplier environment where third-party risk is a material consideration.
1.2. The workshop is limited to one session per organisation.
1.3. CSA Cyber reserves the right to decline participation where the organisation does not meet the intended profile for this offer.

Offer Content
2.1. The offer includes a single 45-minute advisory workshop session focused on reviewing and discussing the organisation's approach to third-party risk management.
2.2. The workshop will provide high-level guidance, recommendations, and signposting to relevant good practice and publicly available resources where appropriate.
2.3. The workshop does not constitute a full assessment, audit, or comprehensive third-party risk management programme. No documented output, tooling or formal methodology will be provided.

Offer Period
3.1. This promotion is valid for workshops requested between 8 July 2026 and 7 August 2026, inclusive.
3.2. Workshops are subject to availability.

Delivery
4.1. The workshop will be delivered virtually unless otherwise agreed.
4.2. Delivery is subject to consultant availability and scheduling consultants.
4.3  CSA Cyber reserves the right to reschedule sessions where required due to operational constraints.

Limitations
5.1. This offer is provided on a non-commercial, introductory basis and is not intended to replace full consultancy or managed services.
5.2. Any tools, templates or materials provided are for internal use only and do not constitute a fully bespoke or complete solution.
5.3  Participation in the workshop does not guarantee any ongoing engagement or service delivery.

Follow-on Services
6.1  CSA Cyber may recommend further services based on findings from the workshop.
6.2  Any additional services will be subject to separate scoping, agreement and commercial terms.

General Conditions
7.1. This offer is subject to availability and may be amended or withdrawn at CSA Cyber’s discretion without prior notice.
7.2. CSA Cyber disclaims liability for decisions taken based on workshop outputs without further validation or implementation support.
7.3. The workshop is intended to provide guidance only and does not guarantee compliance with regulatory or legal obligations.

 

Last updated on 15th June 2026.