CTPRP vs. CTPRA: Which Third Party Risk Certification is Right For Me?

CTPRP vs. CTPRA: Which Third Party Risk Certification is Right For Me?

Feb 25, 2020 | Certification, Certified Third Party Risk Professional (CTPRP), Education and Training, Risk Professionals


With technological advancements such as automation and data analytics and the expanding need to counter fraudulent activities across verticals, career opportunities in Third Party Risk Management mirror the industry’s rapid growth.  Certifications in the third party risk space have become the norm  – for both the individual and the organization. For certification holders, certificates evidence achievement of a standardized level of competency.  For companies, certificates  ensure a level of competency for particular positions or functions.

Shared Assessments’ Certified Third Party Risk Professional (CTPRP) and the Certified Third Party Risk Assessor (CTPRA) certifications are recognized as gold standards.  Doing business in an outsourced economy requires expertise to meet the necessary strategies, processes, and practices when evaluating and managing vendor risk and overseeing the security of sensitive data once in the hands of third parties. The Shared Assessments Program proudly offers two certifications for third party risk professionals and IT risk assessors.  Wondering which certification will establish competence and nourish your career?  Let’s look at both.

The CTPRP is comprised of three distinct sections: risk foundations (understanding risk to your organization), program management (how to set up and manage your program), risk controls (the IT risk controls you should concentrate on during an assessment) and the risk assessment process (best practices in performing an assessment). Attendees represent security, compliance, procurement, business resilience, legal, audit, IT vendor management and even facilities management backgrounds.

Anyone involved with the third party risk management lifecycle within their company or anyone seeking insight into best practices for establishing and managing a program will benefit from the knowledge gained by attending a CTPRP workshop.  The workshop takes great care in covering both the perspectives of the outsourcer and the vendor. The CTPRP certification is both industry and organizationally agnostic; professionals with many diverse backgrounds have found significant value in attending the workshop and in achieving the certification.

The Shared Assessments Certified Third Party Risk Assessor (CTPRA) certification validates knowledge within specific IT risk control domains that individuals need in order to perform a thorough evaluation of a third party during an assessment. Though the CTPRA is a newer certification, the concentration focuses on audit, security and privacy best practices and principles and geared towards actual assessors or auditors, providing them a better foundation in developing a solid playbook to performing virtual or onsite assessments. The primary guidance tool for this is the Shared Assessments’ Standardized Control Assessment (SCA).

In order to achieve either of these certifications, a professional must first take the workshop and next pass an online exam within two weeks after the workshop’s conclusion. (You must take the workshop; you cannot just take the test.) Upon completion of the exam, individuals are required to hold a minimum of five years’ experience as a risk management professional and are required to complete the Proof of Experience form along with an employer attestation. These forms are reviewed by the CTPRP/A Certification Committee to opine on the candidate’s credentials and experience. In the event the individual passes the exam but does not have the requisite experience, the term “Associate” is assigned until the minimum standards are met.

So…which certification is right for you? This really depends on your present responsibilities or even your future aspirations. Are you tasked with setting up a new program? Perhaps vetting your business unit’s vendors? Maybe you have been assigned to assist in data security requirements for a vendor contract. Perhaps you are simply in a business unit seeking  to gain additional understanding as to your role is in the third party risk management chain.

In the words of Sean O’Brien, Managing Director of DVV Solutions,  CTPRP and CTPRA holder, ” We saw value in aligning with an industry standards-setter that offers a formal training and accreditation program. As a trusted advisor who regularly presents, the CTPRP enhances my credibility with my audiences as well as my peers. When the CTPRA became available, I jumped on that as well. As a leader, my certifications let me practice what I preach. When I’m talking to our assessors and new recruits about earning their CTPRA, it helps for them to know that the CEO has been through the program.”

Whether you choose the Shared Assessments’ CTPRP or CTPRA, these certifications will ensure that you are doing the most to nourish your own career and to establish best-practices in your TPRM program.

Sabine Zimmer

Sabine is Senior Manager of Marketing Communications for Shared Assessments. Sabine finds creative joy in describing Third Party Risk Management visually and verbally. When she's not at work posting on this blog, she is out in the mountains of New Mexico with her children.

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics