Shared Assessments Third-Party Risk Management Certification

The CTPRP designation is a professional credential designed to validate knowledge, experience, and proficiency in the design, structure, and implementation of a comprehensive Third-Party Risk Management (TPRM) Program.

The credential program includes the processes for third-party risk identification and structuring a risk-based vendor classification structure and risk assessment process. The program also incorporates best practices for TPRM program metrics, management reporting and evaluating the operational performance of the program. 12 Shared Assessments CPEs can be earned for completing the course.

Who is it for?

The CTPRP is designed for third-party risk, audit, and Governance, Risk, Compliance (GRC) roles that are involved in the development, implementation, and management of TPRM programs, including:

  • Business Vendor Relationship Managers
  • Governance, Risk, and Compliance Analysts or Managers
  • Third-Party Risk Analysts
  • Enterprise Risk Management Managers
  • IT Risk Analysts
  • Internal Auditors
  • IT Procurement or Sourcing Risk Managers
  • Vendor Risk Management Managers
  • Operational Risk Analysts or Managers

“I was promoted to a director, based on how I’ve applied the CTPRP training. It’s really changed the direction of my career. Inside the company, I’m a primary advocate for analyzing third parties. Outside the company, I’ve been speaking about third-party risk at information security conferences.”

—Dan Browder, Director of Information Security Risk, First National Bank of Omaha

VIEW SUCCESS STORY

CTPRP Impact on Risk Management Careers

In a recent poll of CTPRP holders, we discovered the following:

96%

CTPRP holders would recommend Shared Assessments certifications to a colleague or friend

89%

CTPRP holders report training improved their ability to fulfill their job duties

71%

CTPRP holders current annual compensation ranged from $90,000 to $120,000

Upcoming Classes

On-Demand Self Study  $995 Member | $1,295 Non-Member

Online Instructor-Led $1,195 Member | $1,495 Non-Member

In Person Instructor-Led $1,345 Member | $1,645 Non-Member

CTPRP instructor-led classes consist of two 5-hour sessions taught via web conference. The CTPRP online on-demand class takes approximately 8 -10 hours to complete. Eligible for 12 Shared Assessments Continuing Professional Education (CPE) credits.

Private, instructor-led classes and volume discounts are available. If an instructor-led class does not have a minimum number of registrants, the class may be cancelled and registrants will be contacted about moving to a future session.

Annual Maintenance Fee $100

 DATE
TIME
LOCATION
INSTRUCTOR
Self-Paced
Online
N/A
June 25-26, 2024
10:00am – 3:00pm ET
Online
Elizabeth Dunsmoor, TPRM Principal, Shared Assessments
July 23-24, 2024
10:00am – 3:00pm ET
Online
Adam Stone, Senior Consultant, Zaviant 
August 21-22, 2024
10:00am – 3:00pm ET
Online
Jen Hancock, Senior Advisor, Shared Assessments
September 24, 2024
8:00am – 6:00pm GMT+1
In-Person | London, UK
Elizabeth Dunsmoor, TPRM Principal, Shared Assessments
September 25-26, 2024
10:00am – 3:00pm ET
Online
Adam Stone, Senior Consultant, Zaviant 
October 29-30, 2024
7:00am – 12:00pm ET
Online
Elizabeth Dunsmoor, TPRM Principal, Shared Assessments

CTPRP Frequently Asked Questions

Certification Classes

What topics are covered within the CTPRP class?

The CTPRP Certification Job Practice Guide explains the topics that will be covered in the class. It identifies the domains, topics, skills, competencies, and job role accountabilities that represent the type of work performed by an individual who supports the development, implementation, maintenance, and training of a third party risk management program within their organization. The class is based on the inputs of Shared Assessments Program members, recognized best practices, and the education and tools that drive Third Party risk assurance.

What is a typical time commitment for the CTPRP Class and Exam?

The Shared Assessments CTPRP class is a live, instructor-led, two-day event (5 hours per day). A typical class timeline is as follows:

 

CTPRP CLASS

(Day 1) Time: 10:00am-3:00pm ET unless otherwise noted

(Day 2) Time: 10:00am-3:00pm ET unless otherwise noted

 

Completion of both days of this class will earn 12 CPEs. We do not issue CPEs for partial attendance. The exam cannot be taken without class attendance for both days. Class attendance is verified by teleconference records and staff instructors.

 

CTPRP ONLINE ON-DEMAND SELF-STUDY

The Online On-Demand option covers the same curriculum as the traditional class but uses an online learning platform to deliver the materials. The self-study class is available to do at your own pace. It typically takes between 8 to 10 hours. The entire class must be completed before being eligible to take the CTPRP Certification exam.

Where can I find upcoming classes?

All upcoming classes are listed in the “Upcoming Classes” section above. We also offer an Online On-Demand option which is a self-study class that can be taken anytime at your own pace. To learn more about the online on-demand class go to https://sharedassessments.org/on-demand-ctprp/.

I have a group of people who want to become certified. Does the program offer volume discounts?

Yes! Please email the Shared Assessments Education team, education@sharedassessments.org, for more information.

Does the program offer private classes for organizations?

The Shared Assessments Program can accommodate private classes for organizations willing to certify 15 or more people. Please contact our Education team at Education@sharedassessments.org for more information.

What is included in the registration cost?

The CTPRP registration cost includes either the instructor-led or self-study training class, examination, access to online reference and study materials, and a digital credential badge once the certification is successfully earned.

Note: Shared Assessments does not issue PDFs or hard copies of these documents.

Can I share my study materials?

Distribution of the materials to any party other than the person registered for the class is strictly prohibited. Sharing materials without permission by Shared Assessments may result in the removal from class registration or discontinuation of the certification designation attained.

What if I need to adjust or move my existing registration to a different date?

There is a $75 administrative fee to adjust or modify existing class registrations. Please contact the Shared Assessments Education team, education@sharedassessments.org, for assistance.

Certification Application

Does my professional experience qualify for the CTPRP certification?

Individuals interested in obtaining the Shared Assessments CTPRP certification are required to hold a minimum of five years of experience as a risk management professional. Listed below is an example of the type of experience that qualifies:

  • Third party risk management/assessment (either generally or IT-specific)
  • Audit and/or compliance
  • Experience with determining whether organizations are executing risk controls against specific standards
  • Risk control areas assessed as part of the third party assessment process or Business Continuity Planning (BCP), access control, privacy, etc.
  • Knowledge in the importance of risk controls and determining if controls are adequate
What is the certification process?

Individuals who are interested in obtaining the Shared Assessments CTPRP certification must complete the following process:

  • Attend a scheduled CTPRP class
  • Successfully pass the CTPRP examination
  • Submit the CTPRP application which includes a Proof of Experience form detailing your experience as a risk management professional
What is required for the Application?

The application form is provided to you upon passing the exam. You must fill out your relevant work experience and provide the name and contact information for a person who can verify your employment experience. This is usually a current manager. For those who are self-employed or unemployed, Shared Assessments will make a determination based on a review of the documentation provided to show the necessary experience. We may ask for additional documentation as part of the approval process. In lieu of work experience, an applicant can receive up to a year of work experience credit if they have a bachelor’s or master’s degree in information security or information technology from an accredited university. An additional year of work experience may be waived if the applicant holds an active IT or IS certification (i.e., CISA, CISSP, CIPP, CIPM).

The CTPRP certification is awarded to those who complete the three steps indicated above.  An individual who passes the exam but does not meet the prerequisite of five years of experience as a risk management professional will be awarded the Associate CTPRP designation. The Associate CTPRP can be changed to a full CTPRP designation at no additional cost if the certification is kept active and the five (5) year professional experience requirement is achieved.

For more information on the application process see our CTPRP Eligibility Requirements and Policy page.

 

How long do I have to send in my application after I take the exam?

We accept applications up to one year after passing the exam. After one year, you are required to retake the class and the exam. If you would like to retake the class and the exam, we will offer it at a 50% discount.

How long does it take for my application to be approved?

Once received, applications are typically processed within one month of receipt. You will be notified of your designation via email from one of our Education team members.

What do I receive after my application is accepted?

Once an individual’s application is approved and they have earned the CTPRP certification, a digital credential badge is awarded to showcase the accomplishment.

Certification Exam

What is the CTPRP Exam Process?

Once the class is completed, you will be sent details on how to schedule your exam with Examity, our testing vendor. The CTPRP examination is a time-based, closed book exam, completed within 3 hours. The exam is taken online from your computer and remote proctoring is required to monitor examination compliance. The CTPRP examination contains 125 questions worth up to 140 points. Examination questions include testing the domain knowledge and application of knowledge using Third Party risk situations. Multiple choice questions are presented using Third Party risk management scenarios from the Outsourcer or the Service Provider point of view. A score of 70% or higher must be achieved to pass the exam. Upon completion of the exam, a survey may be presented to provide feedback on the method of instruction, curriculum, materials, or examination content. 

Am I able to take only the exam and not the class?

To take the CTPRP examination you must attend the entire CTPRP class.

When can I take the exam?

The exam can be taken during any time zone globally. You have 15 weeks from the start date of the class to take the exam. If you do not take the exam within 15 weeks, you may not be approved for certification and may need to retake the class at your own expense.

What if I do not pass the exam the first time? Can I retake it?

Yes. If you do not pass the exam, you may take it again. There is a $150 fee to retake the exam. You may re-take the exam up to three (3) times. After the third attempt, you must re-take the class at your expense. Individuals who wish to retake the class will receive a 50% discount.

How long does it take to get exam results?

You will receive provisional results immediately after taking the exam pending review and approval by the exam proctors and Shared Assessments. Your official results and next steps will be sent to you via email within two weeks of completing the exam.

Maintaining A Certification

How do I maintain my certification?

To retain your certification, CTPRP holders must comply with the following requirements:

  • Earn the required 36 CPE credits per three-year certification term (we recommend earning 12 CPEs per year)
  • Remain current with payments for the annual maintenance and renewal fees
  • Successfully abide by the Shared Assessments Code of Ethics
What is the annual maintenance fee?

Certification holders must pay an annual maintenance fee of US $100.00 to maintain their certification. This amount is subject to change.

How do I receive CPEs from attending Shared Assessments events?

If you attend a Shared Assessments event that is issuing CPEs, you must attend the entire event. Shared Assessments does not issue CPE credit for partial attendance. If our web conferencing or manual attendance records indicate that you attended an event, you will be automatically issued a CPE within 30 days of the event. You will receive an email from our automated system with instructions to download the digital CPE certificate from your account on our Education and Events portal by logging in using the same email address you used to attend the event. Please note that sometimes the automated email can end up in your spam or junk folder.

 

Does Shared Assessments accept CPEs from other organizations to meet CPE requirements?

 Yes. CPEs issued from other organizations are accepted towards your CPE requirements. See our Qualifying Continuing Professional Education requirements for more information.

 

How do I pay my annual maintenance fee?

We are working on accepting payment through our portal, but it is not quite ready for launch. In the meantime, email us at education@sharedassessments.org and we will send you a link for payment.

How do I move from Associate to full Certification status?

If you are in good standing with an Associate certification and meet your five-year experience requirement, the process is simple. Upon request, we will send you the necessary form. Like your initial application, you’ll need to enter in your work experience since receiving your Associate Certification and have your current manager sign a verification form. For more information, please contact education@sharedassessments.org to request information on making the transition from associate to full designation.

What if I let my certification lapse and want to reinstate it?

The process for reinstating your lapsed certification will depend on how long your certification has been lapsed. If it has been under 2 years, we will reinstate your certification upon receiving all outstanding fees and/or proof of required CPEs. If it has been over 2 years, you will be required to retake the class and the exam at your own expense.

Who do I contact if I have additional questions?

If you have additional questions, please contact us by calling Shared Assessments at 505-466-6434 or emailing us at education@sharedassessments.org.