CTPRP Job Guide

Program Description

The CTPRP designation is a professional credential designed to validate knowledge, experience, and proficiency in the design, structure, and implementation of a comprehensive Third-Party Risk Management (TPRM) Program. The credential program includes the processes for third-party risk identification and structuring a risk-based vendor classification structure and risk assessment process. The credential program incorporates best practices for TPRM program metrics, management reporting and evaluating the operational performance of the program. (12 Shared Assessments CPEs can be earned for completing the course).

About The CTPRP Credential

To achieve the CTPRP credential, candidates must provide both evidence of their years of experience and successfully pass a rigorous proctored exam. To earn a CTPRP credential, we recommend at least 30 hours of preparation prior to taking the examination. The class materials and examination are career resources designed for those professionals who plan to certify, as well as for those who simply need to deepen their knowledge in Third Party risk management. The CTPRP training material and examination are organized by grouping the required body of knowledge topics into specific job practice focus areas.

The CTPRP examination contains questions testing the domain technical knowledge and application of on-the-job knowledge based on the CTPRP Curriculum Outline.

Examination Protocols & Question Formats

The CTPRP examination contains 125 questions worth up to 140 points.Examination questions include testing the domain technical knowledge and application of knowledge using Third Party risk situations. The CTPRP examination is a time-based (3 hours), closed book exam.

The exam is taken online from your computer and remote proctoring is required to monitor examination compliance. Multiple choice questions are presented to users using third party risk management scenarios from the Outsourcer or theService Provider point of view. A score of 70% or higher is required to pass the exam. Upon completion of the exam, a survey may be presented to provide feedback on the method of instruction, curriculum, materials, or examination content.

Knowledge Level: Intermediate


  • Candidates should have either direct or indirect responsibilities for third-party risk management functions.
  • Candidates may have detailed knowledge or experience in certain technical topics but not broad experience in all topics related to TPRM.
  • Candidates tend to use the certification to broaden their skills and knowledge to facilitate job advancement in third party risk roles or responsibilities.
  • Candidates tend to be in mid-level within the organization based on years of experience.
  • Candidates may have operational and/or supervisory responsibilities.

Learning Objectives

  • Demonstrate a thorough understanding of outsourcing business models, regulatory drivers, data governance factors, and risk management concepts involved in the oversight of third-party relationships.
  • Establish the set of program goals and objectives required to design and structure an effective TPRM program based upon mitigating different types of third-party risk.
  • Illustrate knowledge of the control objectives used when evaluating a third-party in order to define TPRM program due diligence requirements for conducting risk-based assessments.
  • Implement the set of program activities required to implement and maintain an effective TPRM program including corrective action plans, program information, monitoring solutions, and delivering meaningful management reports.

CTPRP Body of Knowledge

I. Third Party Risk Management Foundation

A. Understanding TPRM Disciplines
B. Information Classification and Data Governance
C. TPRM and Enterprise Risk Management

II. TPRM Program Design & Structure

A. TPRM Program Governance
B. Developing TPRM Program Requirements
C. Third Party Risk Assessment Process

    III. Controls Evaluation in TPRM

    A. Governance, Risk, and Compliance (GRC)
    B. Information Protection
    C. IT Operations & Business Resilience
    D. Cybersecurity Incident Response & Threat Management

    IV. TPRM Program Operations and Implementation

    A. TPRM Program Execution
    B. Post-Assessment Reporting and Remediation
    C. Managing TPRM Program Information and Activities
    D. Optimizing TPRM Program Operational Performance

            CTPRP Exam Profile

            CTPRP Profile

            CTPRP Third Party Risk Role Accountabilities

            • Participates in the classification and risk tiering of third parties, including defining the frequency of risk assessments
            • Coordinates the identification, ranking and tracking of third party risks for the organization
            • Defines the due diligence standards based on risk rating or classification to be applied in third party assessments Manages communication plans and escalation plans regarding third party risk governance activities
            • Actively drives coordination and implementation for the overall third party risk management program function within the organization
            • Monitors changes in the regulatory landscape to identify relevant compliance requirements
            • Facilitates the escalation process for management risk acceptance or remediation approvals
            • Partners with lines of business to manage third party risk as defined in contracts and third party policies and procedures
            • Collaborates with internal functions to deploy standard contract provisions for security and privacy requirements Monitors remediation actions and mitigation plans for identified third party risks
            • Defines and tracks third party risk assessment metrics
            • Communicates third party risk requirements to internal stakeholders
            • Negotiates with third parties and business partners to address compliance with risk management policies Coordinates gathering and analysis of risk assessment data for management
            • Maintains third party governance policies, procedures and practices
            • Provides dashboard reporting on third party risk management program activities, results, and outcomes Identifies and implements monitoring functions for critical vendors
            • Supports the vendor due diligence process by ensuring data protection requirements are maintained in contractual relationships



            CTPRP Profile

            Additional Information

            No advance preparation is required
            Delivery method: Group Internet Based
            CPEs Earned for Completion: 12
            Field of Study: Specialized Knowledge


            CTPRP Page→


            Are you interested in being a speaker at one of our events?

            Sign up for our Newsletter

            Learn about upcoming events, special offers from our partners and more.