About the Certified Program
The Certified Third-Party Risk Professional (CTPRP) is a globally recognized credential that validates expertise in designing, implementing, and managing a comprehensive Third-Party Risk Management (TPRM) program. It equips professionals with the knowledge and skills required to structure risk-based vendor classification models, conduct thorough risk assessments, and establish robust governance frameworks to mitigate third-party risks effectively. The program is designed to ensure that organizations can maintain compliance, enhance security, and mitigate risks associated with third-party relationships.
Learning Objectives
Upon successful completion of the CTPRP program, candidates will be able to:
Identify and Mitigate Third-Party Risks
- Assess third-party risks based on regulatory, data governance, and compliance requirements.
- Recognize outsourcing risk triggers and define mitigation strategies.
Develop and Implement a TPRM Framework
- Establish governance structures and accountability models for an effective TPRM program.
- Define contractual obligations, due diligence protocols, and risk-tier-based assessment processes.
Evaluate Third-Party Controls
- Assess Governance, Risk, and Compliance (GRC) frameworks to ensure policy and regulatory alignment.
- Implement data protection controls, cybersecurity governance, and IT operational risk management.
Manage and Optimize TPRM Operations
- Implement post-assessment risk mitigation strategies.
- Execute risk reporting, monitoring, and governance integration for continual program improvement.
Exam Information
- Format: Multiple-choice questions
- Total Questions: 100
- Duration: 3 hours
Eligibility
- No prerequisites are required
Target Audience
The CTPRP is ideal for professionals involved in third-party risk, audit, and Governance, Risk, and Compliance (GRC) roles. It is particularly suited for:
- Vendor Relationship Managers
- Governance, Risk, and Compliance (GRC) Analysts or Managers
- Third-Party Risk Analysts
- Enterprise Risk Management Professionals
- IT Risk Analysts and Auditors
- Procurement and Sourcing Risk Managers
- Operational Risk and Vendor Risk Management Professionals
Curriculum Overview
The CTPRP curriculum is structured into four core domains covering the foundational principles, risk assessment methodologies, and governance frameworks required to manage third-party risk effectively.
Third-Party Risk Management Foundation
- Understanding TPRM disciplines, outsourcing terminology, and risk mitigation strategies.
- Identifying unique data protection and governance requirements.
- Establishing enterprise-wide risk management frameworks and governance structures.
TPRM Program Design and Structure
- Developing governance and accountability models for risk classification.
- Defining and implementing due diligence requirements based on vendor risk tiers.
- Organizing third-party risk assessment methodologies and evaluation criteria.
Controls Evaluation in TPRM
- Assessing Governance, Risk, and Compliance (GRC) alignment with regulatory requirements.
- Implementing data protection, cybersecurity, and IT resilience strategies.
- Evaluating technology governance, incident response, and business continuity controls.
TPRM Program Operations and Implementation
- Managing post-assessment reporting, risk mitigation, and corrective action planning.
- Defining operational processes and data management functions for TPRM programs.
Measuring and optimizing TPRM program effectiveness for continuous improvement.
