• The examination is a 150-question, multiple-choice assessment. Questions will include a variety of formats, such as scenario-based, true or false, and choose the best response.

• The time limit is 3 hours for the examination process, broken out into the following:

  • 5 minutes to read and sign the NDA

  • 10 minutes to complete the optional tutorial

  • 160 minutes to complete the examination

  • 5 minutes to complete the post-exam survey

• The examination is a closed-book assessment that will be monitored via an assigned proctor.

EXAM SCHEDULING

• The examination will be taken in person at a PearsonVue testing facility.

• Examinations may be scheduled at a day/time that suits you via a PearsonVue location.

• PearsonVue offers over 5,000 test facilities worldwide and is ADA-compliant. If you have a special request for accommodations, please contact Julie Gaiaschi at julie@tprassociation.org.

DOMAINS

The examination will cover the following domains:

• Cybersecurity and Third Party Risk Management Basics

• Pre-Contract Due Diligence

• Continuous Monitoring

• Physical Validation

• Disengagement Due Diligence

• Cloud Due Diligence

• Reporting and Analytics

• Practitioner Ethics

PASSING SCORE

• You must receive an 80% or higher score to pass the TPCRA examination.

NEXT STEPS

• Complete registration and payment through our Learning Management System (LMS): https://tpra.inspire360.com/

• Once payment is completed and confirmed by TPRA, you will be enrolled in the course and later receive an email with a link to register for your exam via the PearsonVue system.

• Following purchase, you have one (1) year to take your examination.

To be eligible for the TPCRA certification, you must have at least three years of experience in a full-time risk management/analyst and/or cybersecurity related role. Evidence of work experience must be submitted via the "TPCRA Work Experience Form" linked below.

Substitutions may be obtained for up to one year of work experience. Substitutions may include, but are not limited to:

• 60 to 120 completed university semester credit undergraduate hours in an information security and/or information technology-related major.

• A master’s degree in information security or information technology from an accredited university.

• An active information security-related certification from an accredited institution. Examples include, but are not limited to, the CISSP, Security+, CRISK, CISA, CISM.

• Additional substitutions for work experience will be taken into consideration during the application process and reviewed/approved by the TPRA.

In addition, you must sign and adhere to the Code of Practitioner Conduct (linked below).

“Cybersecurity & Third Party Risk” by Gregory C. Rasner

All Training and Training & Exam Bundles include a copy of the book. Alternatively, anyone is welcome to purchase the book separately – Purchase on Amazon

• TPCRA Certification applicants may choose to purchase the book “Cybersecurity & Third Party Risk” by author Gregory C. Rasner to prepare for the examination. This book closely aligns with the TPRCA Certification examination domains.

• You may also choose to participate in optional TPCRA training, which includes a copy of the “Cybersecurity & Third Party Risk” book.

• Training provides you with 12 hours of in-depth discussion on the examination domains, hands-on experience designing and performing cyber assessments, as well as opportunities to perform mock interviews and run through physical validation scenarios.

• Training is taught by a knowledgeable subject matter expert who has achieved the TPCRA Certification designation.

“Cybersecurity & Third Party Risk” by Gregory C. Rasner

The secret is out: If you want to obtain protected data as a hacker, you do not attack a big company or organization that likely has good security. You go after a third party that more likely does not. Companies have created the equivalent of how to deter car thieves: Ensure that your car looks difficult enough to break into so that thieves move onto the automobile with its doors unlocked and keys in the ignition. When a burglar sees a car with a car alarm, they know that they can look, and eventually find, a target that isn't so well protected. Exploiting the weakest link is not new. A bank robber could go to the bank to steal money, but a softer target would likely be the courier service as they bring the money into and out of the bank.

In this book you will find:

• An in-depth discussion on what risk is and how to assess cyber risk

• A step-by-step guide on how to create a cyber-focused third party risk management (TPRM) program without having to be a cyber or risk management expert

• Tips for create a more mature TPRM program that is more predictive and less reactive

• Details for ensuring your data is secure in a cloud environment and/or within your software supply chain.

Greg Rasner, CISSP, CIPM, ITIL, CCNA Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker

Gregory C. Rasner has worked as a cybersecurity and IT leader in Finance, Biotech, Technology and Software fields. He holds a BA from Claremont McKenna College along with certifications: CISSP, CCNA, CIPM, ITIL. He is the author of the book “Cybersecurity and Third Party Risk: Third Party Threat Hunting” published by Wiley, written several online articles for major publications, and is a frequent speaker at forums and conferences on related topics. He has five kids and a wife who is also a cybersecurity professional. Rasner was in the USMC and was co-chair for the Truist Veterans and First-Responders Business Resources Group. Greg created the cybersecurity program at Johnston Community College, is a board member on the Technology Advisory Board, and teaches there part-time at JCC. Fun for him is camping and traveling with his family.

In order to maintain certification status, earners must participate in 20 hours of Continuing Professional Education (CPE). On an annual basis, certified individuals will be required to renew their certification and submit evidence of their CPE credits earned. A process is coming soon for submitting CPE evidence and renewing your Certification.

Renewal Cost

TPRA Standard, Vendor, & Non-Members: $100

TPRA Premium Practitioner Members: $85

Register for all TPRA certifications here: https://tpra.inspire360.com/