PRESS RELEASE: Certification Program Developed Specifically for Risk Professionals

Contact: Lisa MacKenzie, MacKenzie Marketing Group, 503-705-3508, or Kelly Stremel,

Certification Program Developed Specifically for Risk Professionals

The Certified Third Party Risk Professional (CTPRP) Designation Validates
Third Party Risk Management Expertise

Santa Fe, NM — November 12, 2014 — Recent high-profile data breaches have spotlighted third party risk, resulting in increased vendor management awareness. Doing business in an outsourced economy requires special strategies, processes, and practices when evaluating and managing vendor risk and overseeing the security of sensitive data once it’s in the hands of third parties. The Certified Third Party Risk Professional (CTPRP) designation developed by the Shared Assessments Program, the trusted source for third party risk management, is a new certification program that validates proficiencies in third party risk management concepts and principles, including managing the vendor lifecycle, vendor risk identification and rating, and the fundamentals of third party risk assessment, monitoring and management.

The top findings of the 2014 Vendor Risk Management Benchmark Study reveal that current third party risk management practices cross-industry—especially insurance and healthcare—are vulnerable and lacking in governance, policies, standards, and procedures. The CTPRP certification designates experienced risk professionals with specialized skills and training in third party risk management practices. As a result, having this certification will help organizations increase their commitment to customer privacy, compliance, governance, and risk management best practices.

“With so much at stake in the event of a data breach—lost revenue, significant brand damage, lawsuits, fines—companies need to take a closer look at their third party risk management practices,” said Tom Garrubba, MIS, CISA, CRISC, CIPT, CTPRP, senior director, the Santa Fe Group and Shared Assessments Program. “Risk management professionals seeking certification through the Certified Third Party Risk Professional program is an indicator that organizations are taking proactive responsibilities to getting their third party risk programs in shape.”

CTPRP Certification Reinforces Organizations’ Commitment to Vendor Risk Management
CTPRP certification requirements include a minimum of five years experience as a risk management professional, in a position that demonstrates proficiency in assessment, management, and remediation of third party risk issues. In addition to successfully passing the CTPRP examination, continuing education is needed to ensure CTPRP holders stay current with changes to regulations, standards, and guidelines. CTPRP holders who are not currently participating in Shared Assessments through a member organization have the opportunity to join as an individual member of the Program, and gain access to members-only educational resources and networking opportunities with third party risk management peers.

Shared Assessments will offer two CTPRP certification workshops and exams each quarter. First quarter 2015 events will be held January 22-23, 2015 in Scottsdale, AZ and February 25–26 in New York City. The next CTPRP certification workshop will be held April 30-May 1, 2015 in Baltimore; directly following the 8th Annual Shared Assessments Summit 2015. Summit attendees will earn educational credits that can be applied towards certification. To register or to learn more about the Shared Assessments Certified Third Party Risk Professional (CTPRP) program visit

About the Shared Assessments Program
The Shared Assessments Program is the trusted source for third party risk management with resources, including tools and best practices, to effectively manage the critical elements of the vendor risk management lifecycle. Members represent a collaborative, global, peer community of information security, privacy, and third party risk management leaders in industries including financial services, insurance, brokerage, healthcare, retail, and telecommunications. The Certified Third Party Risk Professional (CTPRP) certification program, membership, and use of the Shared Assessments Program Tools, ensure organizations stay current with the threat and risk environment, including regulations, industry standards, and guidelines. Shared Assessments provides organizations and their service providers the rigorous controls needed for IT, data security, privacy, and business continuity. The Shared Assessments Program is managed by The Santa Fe Group (, a strategic consulting company based in Santa Fe, New Mexico. On the web at