certification by sa

Third-Party Risk Management Certification

Doing business in an outsourced economy requires expertise to meet the necessary strategies, processes, and practices when evaluating and managing vendor risk and overseeing the security of sensitive data once it’s in the hands of third parties.


Certified Third-Party Risk Professional

The CTPRP is designed for third-party risk, procurement and compliance professionals, including business vendor managers, risk managers, vendor IT security managers, IT assessors and IS professionals.

CTPRP holders will demonstrate a thorough working knowledge of third-party risk management concepts and principles, including:

  • Managing the vendor lifecycle.
  • Vendor risk identification and rating.
  • Knowledge of the fundamentals of vendor risk assessment, monitoring and management.


Certified Third-Party Risk Assessor

The CTRPA is designed for IT/IS third-party risk professionals, including individuals performing assessments, onsite or remote, of third parties relative to the risk tolerance of the assessor organization.

CTPRA holders performing assessments will demonstrate advanced knowledge of:

  • Organizational safety and security.
  • Physical and environmental security of data environment.
  • Network security.

Related Article: CTPRP vs. CTPRA: Which Third-Party Risk Certification is Right For Me?

Certification Curriculum Guides: CTPRP or CTPRA

CTPRP Impact on Risk Management Careers

In a recent poll of CTPRP holders, we discovered the following:


CTPRP holders report training improved their ability to fulfill their job duties.


CTPRP certification helped them land a new job or earn a promotion.


CTPRP’s current annual compensation ranged from $90,000 to $120,000

Credentials Driving Credibility

“The primary benefit of the certifications is the associated body of knowledge…It has held up as the golden standard in the TPRM profession even as the profession has expanded significantly in the past few years. When we present to prospective clients or advise existing clients we can lean on our experience and both [certification] bodies of knowledge as industry best practices. That gives us a unique perspective…””

— Bill Deller, CTPRP/CTPRA, Schneider Downs IT Risk Advisory Services Manager