Question 1

Examination Outline

Accepted Answer

• The examination is a 150-question, multiple-choice assessment.  Questions will include a variety of formats, such as scenario-based, true or false, and choose the best response.
 • The time limit is 3 hours for the examination process, broken out into the following:
    • 5 minutes to read and sign the NDA
    • 10 minutes to complete the optional tutorial
    • 160 minutes to complete the examination
    • 5 minutes to complete the post-exam survey
 • The examination is a closed-book assessment that will be monitored via an assigned proctor.

EXAM SCHEDULING
 • The examination will be taken in person at a PearsonVue testing facility. 
 • Examinations may be scheduled at a day/time that suits you via a PearsonVue location.  
 • PearsonVue offers over 5,000 test facilities worldwide and is ADA-compliant. If you have a special request for accommodations, please contact Julie Gaiaschi at julie@tprassociation.org. (julie@tprassociation.org.)

DOMAINS
The examination will cover the following domains:
 • Cybersecurity and Third Party Risk Management Basics
 • Pre-Contract Due Diligence
 • Continuous Monitoring
 • Physical Validation
 • Disengagement Due Diligence
 • Cloud Due Diligence
 • Reporting and Analytics
 • Practitioner Ethics

PASSING SCORE
 • You must receive an 80% or higher score to pass the TPCRA examination.

NEXT STEPS
 • Complete registration and payment through our Learning Management System (LMS): https://tpra.inspire360.com/ (https://tpra.inspire360.com/)
 • Once payment is completed and confirmed by TPRA, you will be enrolled in the course and later receive an email with a link to register for your exam via the PearsonVue system.  
 • Following purchase, you have one (1) year to take your examination.

Question 2

Certification Eligibility Criteria

Accepted Answer

To be eligible for the TPCRA certification, you must have at least three years of experience in a full-time risk management/analyst and/or cybersecurity related role.  Evidence of work experience must be submitted via the "TPCRA Work Experience Form" linked below.

Substitutions may be obtained for up to one year of work experience.  Substitutions may include, but are not limited to:
 • 60 to 120 completed university semester credit undergraduate hours in an information security and/or information technology-related major.
 • A master’s degree in information security or information technology from an accredited university.
 • An active information security-related certification from an accredited institution.  Examples include, but are not limited to, the CISSP, Security+, CRISK, CISA, CISM.
 • Additional substitutions for work experience will be taken into consideration during the application process and reviewed/approved by the TPRA.

In addition, you must sign and adhere to the Code of Practitioner Conduct (linked below).

Question 3

Certification Pricing

Accepted Answer

“Cybersecurity & Third Party Risk” by Gregory C. Rasner
All Training and Training & Exam Bundles include a copy of the book. Alternatively, anyone is welcome to purchase the book separately – Purchase on Amazon (https://read.amazon.com/kp/embed?asin=B09757TKCW&preview=newtab&linkCode=kpe&ref_=cm_sw_r_kb_dp_N27JYBNNJG7KAV3TVGXJ)

Question 4

Training

Accepted Answer

Training provides you with 12 hours of in-depth discussion on the examination domains, hands-on experience designing and performing cyber assessments, as well as opportunities to perform mock interviews and run through physical validation scenarios.

Training includes access to study and practice materials such as:
 • Student Training Manual
 • Training PowerPoint
 • Practice quizzes
 • Select educational videos
 • A variety of templates, including questionnaires, reports, and more

Training is taught by a knowledgeable subject matter expert who has achieved the TPCRA Certification designation.

Training is held live over Zoom during the designated days and times.

Question 5

TPCRA Training Instructor

Accepted Answer

https://static.wixstatic.com/media/83bbd4_b45a7514dbe94cc28b313d6d8e6211a9~mv2.jpg
Greg Rasner, CISSP, CIPM, ITIL, CCNA
Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker

Gregory C. Rasner has worked as a cybersecurity and IT leader in Finance, Biotech, Technology and Software fields. He holds a BA from Claremont McKenna College along with certifications: CISSP, CCNA, CIPM, ITIL. He is the author of the book “Cybersecurity and Third Party Risk: Third Party Threat Hunting” published by Wiley, written several online articles for major publications, and is a frequent speaker at forums and conferences on related topics. He has five kids and a wife who is also a cybersecurity professional. Rasner was in the USMC and was co-chair for the Truist Veterans and First-Responders Business Resources Group. Greg created the cybersecurity program at Johnston Community College, is a board member on the Technology Advisory Board, and teaches there part-time at JCC. Fun for him is camping and traveling with his family.

Question 6

Certification Renewal

Accepted Answer

In order to maintain certification status, earners must participate in 20 hours of Continuing Professional Education (CPE). On an annual basis, certified individuals will be required to renew their certification and submit evidence of their CPE credits earned. A process is coming soon for submitting CPE evidence and renewing your Certification.

Renewal Cost
TPRA Standard, Vendor, & Non-Members: $100
TPRA Premium Practitioner Members: $85

Question 7

Registration

Accepted Answer

Register for all TPRA certifications here: https://tpra.inspire360.com/ (https://tpra.inspire360.com/)

Item	TPRA Standard, Vendor, & Non-Members	TPRA Premium Practitioner Members
Examination	$500	$425
Training	$400	$340
Examination & Training Bundle	$800	$700
Examination Retake Fee	$200	$200
Certification Renewal	$100	$85

DATE	TIME	LOCATION	INSTRUCTOR	REGISTER
February 9 - 12, 2026	5 PM - 8 PM CT	Zoom	Greg Rasner \| Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker	View Training Options
May 14 - 15, 2026	9 AM - 4 PM CT	Zoom	Greg Rasner \| Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker	View Training Options

CERTIFICATIONS

ABOUT

Third Party Risk Association's

Third Party Cyber Risk Assessor (TPCRA) Certification

What is the TPCRA?

Who is the TPCRA for?

"The TPCRA Certification is foundational to achieving success as a third party risk management professional."

Domains

Building Core Competencies for Lasting Professional Excellence

Cybersecurity & Third Party Risk Management Basics

Pre-Contract Due Diligence

Continuous Monitoring

Physical Validation

Disengagement Due Diligence

Cloud Due Diligence

Reporting & Analytics

Practitioner Ethics

Pricing

Examination Overview

Examination Outline

Passing Score

Exam Scheduling

Training Schedule

Nicole Makinney
Product Owner, Third Party Risk | McKesson
TPCRA Training Attendee

CERTIFICATIONS

ABOUT

Third Party Risk Association's

Third Party Cyber Risk Assessor (TPCRA) Certification

What is the TPCRA?

Who is the TPCRA for?

"The TPCRA Certification is foundational to achieving success as a third party risk management professional."

Domains

Building Core Competencies for Lasting Professional Excellence

Cybersecurity & Third Party Risk Management Basics

Pre-Contract Due Diligence

Continuous Monitoring

Physical Validation

Disengagement Due Diligence

Cloud Due Diligence

Reporting & Analytics

Practitioner Ethics

Pricing

Examination Overview

Examination Outline

Passing Score

Exam Scheduling

Training Schedule

Nicole Makinney Product Owner, Third Party Risk | McKesson TPCRA Training Attendee

Nicole Makinney
Product Owner, Third Party Risk | McKesson
TPCRA Training Attendee