6 interactive modules · 25 min · knowledge checks + final assessment
Preview the course →Free interactive preview — no purchase requiredAbout this product
Tier 2 training for procurement, finance, IT, security partners, and business leaders who evaluate vendors. Six modules: why vendor security is now critical (Change Healthcare, MOVEit, Snowflake customer breaches); how to tier vendors so you scrutinize the right ones; the 12 questions that actually matter (vs. 250-question questionnaire theater); reading SOC 2 Type II reports, ISO 27001 certifications, and pen test summaries (what to look for, what's a red flag); contract terms that matter when something goes wrong (security minimums, notification timelines, audit rights, sub-processor management, data portability); and ongoing monitoring after onboarding. Tokenized for {{company}}, {{team}}, {{reportingEmail}}.
What's included
- 6 modules (~25 min total) as HTML5
- 10-question final assessment with score interpretation
- 4-tier vendor risk framework
- 12-question vendor review template (the questions that matter)
- SOC 2 / ISO 27001 / pen test reading guide
- Contract minimums checklist
- Customizable for your procurement process
- SCORM export — coming soon
Who it's for
- Procurement teams approving SaaS contracts
- Finance leaders signing vendor agreements
- IT and security partners reviewing tool requests
- Business leaders evaluating new vendors
- Sales engineers responding to vendor questionnaires (the other side of the table)
Available formats
Responsive, self-contained course — works on any device. Includes knowledge checks and a scored final assessment.
SCORM 1.2 & 2004 package for your LMS (Workday, Cornerstone, Docebo, Litmos, and more) — tracks completion and assessment scores.
Licensing
Single-organization license. Unlimited employees within one company. Edit copy and add your brand.
Related products
Compliance Crosswalks — Map Awareness Training to Your Framework
Defensible mappings of every ForgeAwareness product to NIST CSF 2.0, ISO 27001:2022, CIS Controls v8.1, SOC 2, PCI DSS 4.0.1, and HIPAA — plus 8 audit-evidence templates auditors actually accept.
Cloud Security for Non-Engineers
A 25-minute course for finance, ops, marketing, HR, sales — anyone with admin access to AWS, Azure, GCP, or major SaaS consoles without being an engineer. Four habits that block 95% of attacks.
Data Classification & Handling
A 25-minute course on a four-tier classification system (Public / Internal / Confidential / Restricted), how to recognize what level you're holding, and where each level is allowed to go.