top of page
  • TPCRA Domains
    Elevate your expertise with the TPRA's Third Party Cyber Risk Assessor (TPCRA) Certification! Master the domains of: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics Practitioner Ethics. Gain comprehensive knowledge and practical skills to assess, manage, and mitigate cyber risks in third-party relationships. Be recognized as a trusted TPCRA-certified professional, equipped to make informed decisions and drive excellence in TPRM. Don't wait – apply now and become a leader in the ever-evolving landscape of third-party cyber risk!
  • Certification Eligibility Criteria
    To be eligible for the TPCRA certification, you must have at least three years of experience in a full-time risk management/analyst and/or cybersecurity related role. Evidence of work experience must be submitted via the "TPCRA Work Experience Form" linked below. Substitutions may be obtained for up to one year of work experience. Substitutions may include, but are not limited to: 60 to 120 completed university semester credit undergraduate hours in an information security and/or information technology-related major. A master’s degree in information security or information technology from an accredited university. An active information security-related certification from an accredited institution. Examples include, but are not limited to, the CISSP, Security+, CRISK, CISA, CISM. Additional substitutions for work experience will be taken into consideration during the application process and reviewed/approved by the TPRA. In addition, you must sign and adhere to the Code of Practitioner Conduct (linked below).
  • Deferred Achievement Option
    Should you wish to sit for the examination prior to meeting the minimum work experience requirement, you may do so if you will meet the requirement within the next 24 months. If you pass the examination, you will then receive your certification status once you meet and evidence the minimum work experience requirement, pending all other validation requirements have been achieved.
  • Certification Pricing
    “Cybersecurity & Third Party Risk” by Gregory C. Rasner All Training and Training & Exam Bundles include a copy of the book. Alternatively, anyone is welcome to purchase the book separately – Purchase on Amazon
  • Preparation & Training
    TPCRA Certification applicants may choose to purchase the book “Cybersecurity & Third Party Risk” by author Gregory C. Rasner to prepare for the examination. This book closely aligns with the TPRCA Certification examination domains. You may also choose to participate in optional TPCRA training, which includes a copy of the “Cybersecurity & Third Party Risk” book. Training provides you with 12 hours of in-depth discussion on the examination domains, hands on experience designing and performing cyber assessments, as well as opportunities to perform mock interviews and run through physical validation scenarios. Training is taught by a knowledgeable subject matter expert who has achieved the TPCRA Certification designation.
  • Certification Training Schedule
    2/26/2024 - 2/29/2024 @ 5 PM - 8 PM CT each day 5/20/2024 - 5/21/2024 @ 9 AM - 4 PM CT each day 8/26/2024 - 8/29/2024 @ 5 PM - 8 PM CT each day 11/6/2024 - 11/7/2024 @ 9 AM - 4 PM each day
  • “Cybersecurity & Third Party Risk” – Book
    “Cybersecurity & Third Party Risk” by Gregory C. Rasner (OPTIONAL: Book is included in the cost of Training, or can be purchased separately) The secret is out: If you want to obtain protected data as a hacker, you do not attack a big company or organization that likely has good security. You go after a third party that more likely does not. Companies have created the equivalent of how to deter car thieves: Ensure that your car looks difficult enough to break into so that thieves move onto the automobile with its doors unlocked and keys in the ignition. When a burglar sees a car with a car alarm, they know that they can look, and eventually find, a target that isn't so well protected. Exploiting the weakest link is not new. A bank robber could go to the bank to steal money, but a softer target would likely be the courier service as they bring the money into and out of the bank. In this book you will find: An in-depth discussion on what risk is and how to assess cyber risk A step-by-step guide on how to create a cyber-focused third party risk management (TPRM) program without having to be a cyber or risk management expert Tips for create a more mature TPRM program that is more predictive and less reactive Details for ensuring your data is secure in a cloud environment and/or within your software supply chain.
  • TPCRA Training Instructor
    Greg Rasner, CISSP, CIPM, ITIL, CCNA Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker Gregory C. Rasner has worked as a cybersecurity and IT leader in Finance, Biotech, Technology and Software fields. He holds a BA from Claremont McKenna College along with certifications: CISSP, CCNA, CIPM, ITIL. He is the author of the book “Cybersecurity and Third Party Risk: Third Party Threat Hunting” published by Wiley, written several online articles for major publications, and is a frequent speaker at forums and conferences on related topics. He has five kids and a wife who is also a cybersecurity professional. Rasner was in the USMC and was co-chair for the Truist Veterans and First-Responders Business Resources Group. Greg created the cybersecurity program at Johnston Community College, is a board member on the Technology Advisory Board, and teaches there part-time at JCC. Fun for him is camping and traveling with his family.
  • Examination Outline
    The examination is a 150-question, multiple choice assessment. Questions will include a variety of formats, such as scenario-based, true or false, and choose the best response. Time limit is 3 hours. The examination will be taken in-person at a PearsonVue tesing facility. PearsonVue offers over 5,000 test facilities worldwide and is ADA compliant. If you have a special request for an accomidation needed, please contact Julie Gaiaschi at julie@tprassociation.org. The examination is a closed book assessment that will be monitored via an assigned proctor. The examination will cover the following domains: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics Practitioner Ethics You must receive an 80% or higher score to pass the TPCRA examination. Examinations may be scheduled at a day/time that suits you via a PearsonVue location. Once the exam and/or training and exam bundle is purchased and approved by TPRA, you will receive an email with a link to register for your exam via the PearsonVue system.
  • Certification Renewal
    In order to maintain certification status, earners must participate in 40 hours of Continuing Professional Education (CPE). On an annual basis, certified individuals will be required to renew their certification and submit evidence of their CPE credits earned. A process is coming soon for submitting CPE evidence and renewing your Certification. Renewal Cost TPRA Standard, Vendor, & Non-Members: $100 TPRA Premium Practitioner Members: $85
  • Registration
    To register for the certification, please follow the below steps: Review the Code of Practitioner Conduct agreement. (You will be able to provide a signature noting your agreement to the Code of Conduct within the TPCRA Application form Complete and submit the TPCRA application using the links below. Please allow up to two weeks for your application to be reviewed. Submit your certification processing fee. Receive an email noting your application has been received, as well as next steps. Evidence your related full-time work experience and/or approved substitution alternative. Upload here. (The "TPCRA Work Experience Form", as well as the link to upload your form will also be noted within your application confirmation email.) You will receive email confirmation once your application is approved or if additional information is required. You do not need to have an "Approved" application before you sit for your exam. You do need to have an "Approved" application, as well as a passing grade on the examination, to receive the TPCRA designation. You will receive an email with links to register for your training and/or examination dates.
TPRMP Logo, green circle with white text, basic person outline holding badge in center

Third Party Risk Association's
Third Party Risk Management Practitioner (TPRMP) Certification

The TPCRA Certification is a specialized qualification designation which will:

  • Confirm your understanding & skill in the assessment of third party cyber security controls and processes.

  • Validate your competency in the creation, execution, & management of third party cyber risk assessments.

  • Authenticate & add credibility to your expertise as a third party cyber risk assessor.

  • Evidence your proficiency with various cyber security & information technology assessment terms & techniques.

The TPCRA Certification is foundational to achieving success as a third party risk management practitioner. 

 

Who the TPRMP is For

The TPCRA is the standard of achievement for those who assess, monitor, and review third party cyber security and information technology controls, as well as identify and mitigate risk related to said controls. Such roles may include, but not be limited to:

  • Third Party Risk Management Practitioners

  • Procurement Specialist

  • Vendor Managers

  • Auditors

  • Information Security Professionals

  • Privacy or Compliance Specialists

  • Legal Professionals

Click on the sections below to learn more!

"I thought the training was fantastic. I've been a TPRM practitioner for nearly 7 years now and still walked away with new knowledge and insight. I am so proud of the TPRA and honored to be a part of the board!"

Nicole Makinney
Product Owner, Third Party Risk | McKesson
TPCRA Training Attendee

bottom of page