Shared Assessments Third Party Risk Management Certification

The CTPRP designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk management (TPRM). CTPRP holders attain thorough knowledge of risk management concepts and principles, including:

  • Fundamentals of vendor risk assessment, monitoring and management
  • Managing the vendor lifecycle
  • Vendor risk identification and rating

Who is it for?

The CTPRP is designed for third party risk, procurement and compliance professionals, including:

  • Business Vendor Managers
  • Risk Managers (Vendor & Ops)
  • Vendor IT Security Managers
  • IT Auditors/Assessors
  • IS Auditors/Professionals
  • Facilities Management
  • Audit
  • Privacy
  • Compliance
  • Procurement
  • Business resilience
  • Legal
  • IT Vendor Management

“I was promoted to a director, based on how I’ve applied the CTPRP training. It’s really changed the direction of my career. Inside the company, I’m a primary advocate for analyzing third parties. Outside the company, I’ve been speaking about third-party risk at information security conferences.”

—Dan Browder, Director of Information Security Risk, First National Bank of Omaha

VIEW SUCCESS STORY

CTPRP Impact on Risk Management Careers

In a recent poll of CTPRP holders, we discovered the following:

80%

CTPRP holders report training improved their ability to fulfill their job duties

47%

CTPRP holders report certification helped them land a new job or earn a promotion

68%

CTPRP holders current annual compensation ranged from $90,000 to $120,000

Upcoming Classes

COST: $995 Member | $1,195 Non-Member | Annual Maintenance Fee $100
CTPRP Workshops consist of two 5-hour sessions and a 2 hour exam of 125 multiple choice questions. A minimum score of 70% is required to pass. Registration closes two days prior to start date and class size is limited. On-site classes and volume discounts available.

DATE
TIME
LOCATION
January 12-13, 2021
10:00am – 3:00pm ET
Online
February 23-24, 2021
10:00am – 3:00pm ET
Online

CTPRP Elgibility Requirements

In order to gain your CTPRP, you must have a minimum of five years experience as a risk management professional, in a position(s) that demonstrates proficiency in assessment, management and remediation of third party risk issues.

Experience Required Defined

CTPRP applicants must have a thorough working knowledge of third party risk management concepts and principles, including:

  • Managing the vendor lifecycle
  • Vendor risk identification and rating
  • Determining monitoring frequency
  • The fundamentals of vendor risk assessment, monitoring and management
  • Effective utilization of third party questionnaires (trust)
  • Conducting onsite assessments (verify)
  • Developing an effective remediation plan and remediation reporting

 

Among the areas of expertise that qualify for CTPRP experience include some or all of the following areas:

  • Third party risk management/assessment (either generally or IT specific)
  • Audit and/or compliance
  • Experience with determining whether organizations are executing risk controls against specific standards
  • The risk control areas assessed as part of the third party assessment process
  • Business continuity planning (BCP), access control, privacy, etc.
  • Knowledge in the importance of risk controls and determining if controls are adequate.
Work Experience Substitutions and Waivers

A maximum of 2 years’ work experience may be waived as follows:

  • One year waiver: The applicant holds a bachelor’s or master’s in information security or information technology from an accredited university.
  • One year waiver: The applicant holds an IT or IS certification (i.e., CISA, CISSP, CIPP, CIPM, etc.).

NOTE: The acceptance of a certification in lieu of one year’s work experience is subject to the approval of the CTPRP Certification Committee.

Less Than Five(5) Years Experience

If an exam taker successfully passes the CTPRP exam but holds less than the minimum required years of experience, they have the option of submitting the Proof of Experience form within three (3) years from the start of the certification period.  The certification period begins the subsequent quarter succeeding the exam date. No annual maintenance fee is required until the CTPRP has been awarded.

Employer Verification

A manager at the applicant’s current place of employment must sign the CTPRP Proof of Experience form and attest to holding the minimum required experience.

For those who are self-employed or unemployed, the CTPRP Certification Committee will make a determination based on a review of documentation provided to show the necessary experience. Supporting documentation should be provided with Proof of Experience form to show the length and level of experience, including, but not limited to, items such as a current resume or CV, agendas from speaking engagements, letters of recommendation from past employers or consulting clients.

For more information, please contact The Santa Fe Group at 505-466-6434 or ctprp@santa-fe-group.com..

The Santa Fe Group is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sonsors through its website: www.nasbaregistry.org

Third Party Risk Certification FAQs

What is the CTPRP Exam Process?

The CTPRP examination contains 125 questions worth up to 140 points. Examination questions include testing the domain technical knowledge and application of knowledge using third party risk situations. The CTPRP examination is a time-based, closed book exam, completed within 2 hours. The exam is taken online and remote proctoring will be required to monitor examination compliance. Upon completion of the exam a survey may be presented to provide feedback on the method of instruction, curriculum, materials, or examination content. Multiple choice questions will be presented to users using third party risk management scenarios from the outsourcer or the service provider point of view.

What is a typical time commitment for the CTPRP Workshop and Exam?

The Shared Assessments CTPRP workshop is a two-day event consisting of workshop instruction followed by the examination. A typical event timeline is as follows:

CTPRP WORKSHOP (Day 1) Time:  10:00am-3:00pm ET

CTPRP WORKSHOP (Day 2) Time: 10:00am-3:00pm ET

Completion of both days of this course will earn 8 CPEs. We do not issue CPEs for partial attendance. 

CTPRP EXAM

After successfully completing the workshop, candidates will have a month-long window to schedule their exam with Examity. We estimate that, on average, candidates will need to spend 30 hours preparing for the exam.

What topics are covered within the CTPRP course?

The CTPRP Certification Job Practice Guide identifies the domains, topics, skills, competencies, and job role accountabilities that represent the type of work performed by an individual who supports the development, implementation, maintenance, and training of a third-party risk management program within their organization. The structure of the job practice guide is based on the inputs of Shared Assessments Program members, recognized best practices, and tools that drive third party risk assurance.

Does my professional experience qualify for the CTPRP designation?

Individuals interested in obtaining the Shared Assessments CTPRP certification are required to hold a minimum of five years experience as a risk management professional. Listed below is an example of the type of experience that qualifies:

  • Third party risk management/assessment (either generally or IT specific)
  • Audit and/or compliance
  • Experience with determining whether organizations are executing risk controls against specific standards
  • The risk control areas assessed as part of the third party assessment process or Business continuity planning (BCP), access control, privacy, etc.
  • Knowledge in the importance of risk controls and determining if controls are adequate.

Individuals who do not hold the prerequisite five years work experience in the above fields will qualify for the Associate CTPRP designation.

Where can I find upcoming courses?

All upcoming courses are listed in the “Upcoming Classes” section above.

I have a group of people who want to become certified. Do you offer private trainings for organizations?

The Shared Assessments Program can accommodate private training events for organizations willing to certify 10 or more people. Please contact nicole@santa-fe-group.com for more information.

What is included within the registration cost?

The CTPRP registration cost includes the two-day instructor-led workshop, an exam window with Examity, and access to online reference and study materials. Shared Assessments does not issue PDFs or hard copies of these documents.

How do I maintain my certification?

In order to retain your certification, CTPRP holders must comply with the following requirements:

  • Successfully earn the required number of 20 CPE credits annually for a total of 60 CPE credits per three year certification period;
  • Remain current with payments for the $100 annual maintenance and renewal fee;
  • Successfully abide by the Shared Assessments Code of Ethics
Am I able to take only the exam and not the workshop?

In order to participate in the Shared Assessments CTPRP examination you must also participate in the CTPRP workshop lecture.

What is the certification process?

Individuals who are interested in obtaining the Shared Assessments CTPRP designation must complete the following process in order to be awarded the CTPRP designation:

  • Attend a scheduled CTPRP instructor-led workshop
  • Successfully pass the CTPRP examination
  • Submit the CTPRP Proof of Experience form detailing the prerequisite five years experience as a risk management professional

The CTPRP designation will be awarded to those who complete the three steps indicated above. Individuals who do not meet the prerequisite five years experience as a risk management professional will be awarded the Associate CTPRP designation.

This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance.
To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.