Shared Assessments Third Party Risk Management Certification

The CTPRP designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk management (TPRM). CTPRP holders attain thorough knowledge of risk management concepts and principles, including:

  • Fundamentals of vendor risk assessment, monitoring and management
  • Managing the vendor lifecycle
  • Vendor risk identification and rating

Who is it for?

The CTPRP is designed for third party risk, procurement and compliance professionals, including:

  • Business Vendor Managers
  • Risk Managers (Vendor & Ops)
  • Vendor IT Security Managers
  • IT Auditors/Assessors
  • IS Auditors/Professionals
  • Facilities Management
  • Audit
  • Privacy
  • Compliance
  • Procurement
  • Business resilience
  • Legal
  • IT Vendor Management

“I was promoted to a director, based on how I’ve applied the CTPRP training. It’s really changed the direction of my career. Inside the company, I’m a primary advocate for analyzing third parties. Outside the company, I’ve been speaking about third-party risk at information security conferences.”

—Dan Browder, Director of Information Security Risk, First National Bank of Omaha


CTPRP Impact on Risk Management Careers

In a recent poll of CTPRP holders, we discovered the following:


CTPRP holders report training improved their ability to fulfill their job duties


CTPRP holders report certification helped them land a new job or earn a promotion


CTPRP holders current annual compensation ranged from $90,000 to $120,000

Upcoming Classes

COST: $1,095 Member | $1,295 Non-Member | Annual Maintenance Fee $100
CTPRP Instructor-led classes consist of two 5-hours sessions taught via web conference. Online On-demand class takes approximately 8 -10 hours to complete. Private, instructor-led classes and volume discounts are available. If an instructor-led class does not have a minimum number of registrants, the class may be cancelled and registrants will be contacted about moving to a future session.

June 21-22, 2021
10:00am – 3:00pm ET

CTPRP Elgibility Requirements

In order to gain your CTPRP, you must have a minimum of five years experience as a risk management professional, in a position(s) that demonstrates proficiency in assessment, management and remediation of third party risk issues.

Experience Required Defined

CTPRP applicants must have a thorough working knowledge of third party risk management concepts and principles, including:

  • Managing the vendor lifecycle
  • Vendor risk identification and rating
  • Determining monitoring frequency
  • The fundamentals of vendor risk assessment, monitoring and management
  • Effective utilization of third party questionnaires (trust)
  • Conducting onsite assessments (verify)
  • Developing an effective remediation plan and remediation reporting

Among the areas of expertise that qualify for CTPRP experience include some or all of the following areas:

  • Third party risk management/assessment (either generally or IT specific)
  • Audit and/or compliance
  • Experience with determining whether organizations are executing risk controls against specific standards
  • The risk control areas assessed as part of the third party assessment process
  • Business continuity planning (BCP), access control, privacy, etc.
  • Knowledge in the importance of risk controls and determining if controls are adequate.
Work Experience Substitutions and Waivers

A maximum of 2 years’ work experience may be waived as follows:

  • One year waiver: The applicant holds a bachelor’s or master’s in information security or information technology from an accredited university.
  • One year waiver: The applicant holds an IT or IS certification (i.e., CISA, CISSP, CIPP, CIPM, etc.).

NOTE: The acceptance of a certification in lieu of one year’s work experience is subject to the approval of the CTPRP Certification Committee.

Less Than Five (5) Years Experience

If an exam taker successfully passes the CTPRP exam but holds less than the minimum required years of experience, they have the option of submitting the Proof of Experience form within three (3) years from the start of the certification period.  The certification period begins the subsequent quarter succeeding the exam date. No annual maintenance fee is required until the CTPRP has been awarded.

Employer Verification

A manager at the applicant’s current place of employment must sign the CTPRP Proof of Experience form and attest to holding the minimum required experience.

For those who are self-employed or unemployed, the CTPRP Certification Committee will make a determination based on a review of documentation provided to show the necessary experience. Supporting documentation should be provided with Proof of Experience form to show the length and level of experience, including, but not limited to, items such as a current resume or CV, agendas from speaking engagements, letters of recommendation from past employers or consulting clients.

For more information, please contact The Santa Fe Group at 505-466-6434 or

The Santa Fe Group is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sonsors through its website:

Third Party Risk Certification FAQs

What is the CTPRP Exam Process?

The CTPRP examination contains 125 questions worth up to 140 points. Examination questions include testing the domain technical knowledge and application of knowledge using third party risk situations. The CTPRP examination is a time-based, closed book exam, completed within 3 hours. The exam is taken online and remote proctoring will be required to monitor examination compliance. Upon completion of the exam a survey may be presented to provide feedback on the method of instruction, curriculum, materials, or examination content. Multiple choice questions will be presented to users using third party risk management scenarios from the outsourcer or the service provider point of view.

If you need special accommodations to take the exam, please contact us at

What is a typical time commitment for the CTPRP Class or Self-Study and Exam?

The Shared Assessments CTPRP instructor-led class is a two-day event (5 hours per day). A typical event timeline is as follows:

CTPRP CLASS (Day 1) Time:  10:00am-3:00pm ET unless otherwise noted

CTPRP CLASS (Day 2) Time: 10:00am-3:00pm ET unless otherwise noted

Completion of both days of this class will earn 8 CPEs. We do not issue CPEs for partial attendance. 


The Online On-Demand option covers the same curriculum as the traditional class but uses an online learning platform to deliver the materials. The self-study class is available to do at your own pace. It typically takes between 8 to 10 hours. The entire class must be completed before being eligible to take the CTPRP Certification exam.

IMPORTANT: A MESSAGE ABOUT CPEs: Approval to issue CPEs for online on-demand self-study is currently pending with the NASBA. Until approval is received, we are unable to issue CPEs to anyone who takes the online on-demand class. If receiving CPE credit is important to you, please consider taking the instructor-led class. We are authorized to issue CPEs for attending all instructor-led classes.


After successfully completing an instructor-led class, candidates will have a month-long window to schedule their exam with our testing proctor company, Examity. After the class is complete, they will receive an email with instructions for scheduling the exam. After successfully completing the self-study, a candidate can schedule their exam online anytime within 15 weeks of completing the class. Passing the exam requires a score of 70% or higher.

What topics are covered within the CTPRP class?

The CTPRP Certification Job Practice Guide identifies the domains, topics, skills, competencies, and job role accountabilities that represent the type of work performed by an individual who supports the development, implementation, maintenance, and training of a third-party risk management program within their organization. The structure of the job practice guide is based on the inputs of Shared Assessments Program members, recognized best practices, and tools that drive third party risk assurance.

Does my professional experience qualify for the CTPRP designation?

Individuals interested in obtaining the Shared Assessments CTPRP certification are required to hold a minimum of five years experience as a risk management professional. Listed below is an example of the type of experience that qualifies:

  • Third party risk management/assessment (either generally or IT specific)
  • Audit and/or compliance
  • Experience with determining whether organizations are executing risk controls against specific standards
  • The risk control areas assessed as part of the third party assessment process or Business Continuity Planning (BCP), access control, privacy, etc.
  • Knowledge in the importance of risk controls and determining if controls are adequate.

Individuals who do not hold the prerequisite five years work experience in the above fields will qualify for the Associate CTPRP designation.

Where can I find upcoming classes?

All upcoming classes are listed in the “Upcoming Classes” section above. We also offer an Online On-Demand option which is a self-study class that can be taken at your own pace. To learn more about the online ondemand class go to

I have a group of people who want to become certified. Do you offer private trainings for organizations?

The Shared Assessments Program can accommodate private training events for organizations willing to certify 10 or more people. Please contact Nicole Musolf at for more information.

What is included within the registration cost?

The CTPRP registration cost includes the two-day instructor-led class or the complete Online On-Demand class, the exam, and unlimited access to online reference and study materials. Shared Assessments does not issue PDFs or hard copies of these documents.

How do I maintain my certification?

In order to retain your certification, CTPRP holders must comply with the following requirements:

  • Successfully earn the required 60 CPE credits per three year certification period;
  • Remain current with payments for the $100 annual maintenance and renewal fee;
  • Successfully abide by the Shared Assessments Code of Ethics
Am I able to take only the exam and not the class?

In order to participate in the Shared Assessments CTPRP examination you must also complete the CTPRP class (either instructor-led or online on-demand).

What is the certification process?

Individuals who are interested in obtaining the Shared Assessments CTPRP designation must complete the following process in order to be awarded the CTPRP designation:

  • Complete a scheduled CTPRP instructor-led class or complete the CTPRP online ondemand self-study class
  • Successfully pass the CTPRP examination (a score of 70% or higher)
  • Submit the CTPRP Proof of Experience form detailing the prerequisite five years’ experience as a risk management professional


The CTPRP designation will be awarded to those who complete the three steps indicated above. Individuals who do not meet the prerequisite years’ experience as a risk management professional will be awarded the Associate CTPRP designation.

This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance.
To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.