The examination is a 150-question, multiple-choice assessment. Questions will include a variety of formats, such as scenario-based, true or false, and choose the best response. The time limit is 3 hours. The examination will be taken in person at a PearsonVue testing facility. PearsonVue offers over 5,000 test facilities worldwide and is ADA-compliant. If you have a special request for accommodations, please contact Julie Gaiaschi at julie@tprassociation.org. The examination is a closed-book assessment that will be monitored via an assigned proctor. The examination will cover the following domains: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics Practitioner Ethics You must receive an 80% or higher score to pass the TPCRA examination. Examinations may be scheduled at a day/time that suits you via a PearsonVue location. Once the exam and/or training and exam bundle is purchased and approved by TPRA, you will receive an email with a link to register for your exam via the PearsonVue system. Following purchase, you have one (1) year to take your examination.

To be eligible for the TPCRA certification, you must have at least three years of experience in a full-time risk management/analyst and/or cybersecurity related role. Evidence of work experience must be submitted via the "TPCRA Work Experience Form" linked below. Substitutions may be obtained for up to one year of work experience. Substitutions may include, but are not limited to: 60 to 120 completed university semester credit undergraduate hours in an information security and/or information technology-related major. A master’s degree in information security or information technology from an accredited university. An active information security-related certification from an accredited institution. Examples include, but are not limited to, the CISSP, Security+, CRISK, CISA, CISM. Additional substitutions for work experience will be taken into consideration during the application process and reviewed/approved by the TPRA. In addition, you must sign and adhere to the Code of Practitioner Conduct (linked below).

Should you wish to sit for the examination prior to meeting the minimum work experience requirement, you may do so if you will meet the requirement within the next 24 months. If you pass the examination, you will then receive your certification status once you meet and evidence the minimum work experience requirement, pending all other validation requirements have been achieved.

“Cybersecurity & Third Party Risk” by Gregory C. Rasner All Training and Training & Exam Bundles include a copy of the book. Alternatively, anyone is welcome to purchase the book separately – Purchase on Amazon

TPCRA Certification applicants may choose to purchase the book “Cybersecurity & Third Party Risk” by author Gregory C. Rasner to prepare for the examination. This book closely aligns with the TPRCA Certification examination domains. You may also choose to participate in optional TPCRA training, which includes a copy of the “Cybersecurity & Third Party Risk” book. Training provides you with 12 hours of in-depth discussion on the examination domains, hands on experience designing and performing cyber assessments, as well as opportunities to perform mock interviews and run through physical validation scenarios. Training is taught by a knowledgeable subject matter expert who has achieved the TPCRA Certification designation.

2/26/2024 - 2/29/2024 @ 5 PM - 8 PM CT each day 5/20/2024 - 5/21/2024 @ 9 AM - 4 PM CT each day 8/19/2024 - 8/22/2024 @ 5 PM - 8 PM CT each day 11/6/2024 - 11/7/2024 @ 9 AM - 4 PM each day

“Cybersecurity & Third Party Risk” by Gregory C. Rasner (OPTIONAL: Book is included in the cost of Training, or can be purchased separately) The secret is out: If you want to obtain protected data as a hacker, you do not attack a big company or organization that likely has good security. You go after a third party that more likely does not. Companies have created the equivalent of how to deter car thieves: Ensure that your car looks difficult enough to break into so that thieves move onto the automobile with its doors unlocked and keys in the ignition. When a burglar sees a car with a car alarm, they know that they can look, and eventually find, a target that isn't so well protected. Exploiting the weakest link is not new. A bank robber could go to the bank to steal money, but a softer target would likely be the courier service as they bring the money into and out of the bank. In this book you will find: An in-depth discussion on what risk is and how to assess cyber risk A step-by-step guide on how to create a cyber-focused third party risk management (TPRM) program without having to be a cyber or risk management expert Tips for create a more mature TPRM program that is more predictive and less reactive Details for ensuring your data is secure in a cloud environment and/or within your software supply chain.

Greg Rasner, CISSP, CIPM, ITIL, CCNA Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker Gregory C. Rasner has worked as a cybersecurity and IT leader in Finance, Biotech, Technology and Software fields. He holds a BA from Claremont McKenna College along with certifications: CISSP, CCNA, CIPM, ITIL. He is the author of the book “Cybersecurity and Third Party Risk: Third Party Threat Hunting” published by Wiley, written several online articles for major publications, and is a frequent speaker at forums and conferences on related topics. He has five kids and a wife who is also a cybersecurity professional. Rasner was in the USMC and was co-chair for the Truist Veterans and First-Responders Business Resources Group. Greg created the cybersecurity program at Johnston Community College, is a board member on the Technology Advisory Board, and teaches there part-time at JCC. Fun for him is camping and traveling with his family.

In order to maintain certification status, earners must participate in 20 hours of Continuing Professional Education (CPE). On an annual basis, certified individuals will be required to renew their certification and submit evidence of their CPE credits earned. A process is coming soon for submitting CPE evidence and renewing your Certification. Renewal Cost TPRA Standard, Vendor, & Non-Members: $100 TPRA Premium Practitioner Members: $85

To register for the certification, please follow the below steps: Review the Code of Practitioner Conduct agreement. (You will be able to provide a signature noting your agreement to the Code of Conduct within the TPCRA Application form Complete and submit the TPCRA application using the links below. Please allow up to two weeks for your application to be reviewed. Submit your certification processing fee. Receive an email noting your application has been received, as well as next steps. Evidence your related full-time work experience and/or approved substitution alternative. Upload here. (The "TPCRA Work Experience Form", as well as the link to upload your form will also be noted within your application confirmation email.) You will receive email confirmation once your application is approved or if additional information is required. You do not need to have an "Approved" application before you sit for your exam. You do need to have an "Approved" application, as well as a passing grade on the examination, to receive the TPCRA designation. You will receive an email with links to register for your training and/or examination dates.

The TPCRA Certification is a specialized qualification designation to confirm your understanding and skill in the assessment of third party cyber security controls and processes, as well as validate your competency in the creation, execution, and management of third party cyber risk assessments. The TPCRA Certification will authenticate and add credibility to your expertise as a third party cyber risk assessor. It is foundational to achieving success as a third party risk management practitioner. This certification will evidence your proficiency with various cyber security and information technology assessment terms and techniques.

The TPCRA is the standard of achievement for those who assess, monitor, and review third party cyber security and information technology controls, as well as identify and mitigate risk related to said controls. Such roles may include, but not be limited to: Third Party Risk Management Practitioners Procurement Specialist Vendor Managers Auditors Information Security Professionals Privacy or Compliance Specialists Legal Professionals

TPCRA pricing varies depending on your Third Party Risk Association membership status. See below for details: Examination - $500 for TPRA Members & Non-Members. $425 for TPRA Premium Practitioner Members. Training - $400 for TPRA Members & Non-members. $340 for TPRA Premium Practitioner Members. (Includes the book “Cybersecurity & Third Party Risk” by Gregory C. Rasner) Examination + Training Bundle - $800 for TPRA Members & Non-Members. $700 for TPRA Premium Practitioner Members. (Includes the book “Cybersecurity & Third Party Risk” by Gregory C. Rasner) Examination Retake Fee - $200 for TPRA Members & Non-Members. Must wait a minimum of 60 days from the completion of the last TPCRA exam to retake. Optional Book - You may choose to purchase separately the book “Cybersecurity & Third Party Risk” by author Gregory C. Rasner - Purchase on Amazon

Review the Code of Practitioner Conduct agreement. (You will be able to provide a signature noting your agreement to the Code of Conduct within the TPCRA Application form.) Complete and submit the TPCRA application. Please allow up to two weeks for your application to be reviewed. Submit your certification processing fee. Following purchase of examination or bundle, you have one (1) year to take your examination. Receive an email noting your application has been received, as well as next steps. Complete the "TPCRA Work Experience Form" to evidence your related full-time work experience and/or approved substitution alternative. Upload here. You will receive email confirmation once your application is approved or if additional information is required, as well as links to register for your training and/or examination dates. You do not need to have an "Approved" application before you sit for your exam. You do need to have an "Approved" application, as well as a passing grade on the examination, to receive the TPCRA designation. Register for your training and/or examination. Attend training (if applicable). Successfully complete and pass the TPCRA examination with a score of 80% or above. Receive TPCRA certification designation, including a digital credential badge via Credly and paper certificate via mail to showcase your accomplishment.

Please allow up to two weeks for application approval. Upon approval, you will receive a confirmation email with information on next steps.

Individuals interested in obtaining the TPCRA certification must have at least three years of experience in a full-time risk management/analyst and/or cybersecurity related role. Substitutions may be obtained for up to one year of work experience. Substitutions may include, but are not limited to: 60 to 120 completed university semester credit undergraduate hours in an information security and/or information technology-related major. A master’s degree in information security or information technology from an accredited university. An active information security-related certification from an accredited institution. Examples include, but are not limited to, the CISSP, Security+, CRISK, CISA, CISM. Additional substitutions for work experience will be taken into consideration during the application process and reviewed/approved by the TPRA.

Evidence your work experience by completing the "TPCRA Work Experience Form" and submitting here.

Should you wish to sit for the examination prior to meeting the minimum work experience requirement, you may do so if you will meet the requirement within the next 24 months. If you pass the examination, you will then receive your certification status once you meet and evidence the minimum work experience requirement, pending all other validation requirements have been achieved.

Following completion and approval of your application and work experience, you will be sent details on how to schedule your exam with our testing vendor, PearsonVue. The TPCRA Examination is a 200 question, multiple choice assessment with a time limit of 4 hours, to be taken in-person at one of PearsonVue's 5,000 worldwide test facilities at a time and place of your choosing. Questions will include a variety of formats, such as scenario-based, true or false, and choose the best response. The examination will cover the following domains: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics You must receive an 80% or higher score to pass the TPCRA examination.

Master the domains of: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics Practitioner Ethics. Gain comprehensive knowledge and practical skills to assess, manage, and mitigate cyber risks in third-party relationships. Be recognized as a trusted TPCRA-certified professional, equipped to make informed decisions and drive excellence in TPRM. Don't wait – apply now and become a leader in the ever-evolving landscape of third-party cyber risk!

Examinations must be completed within 12 months of receiving your examination registration link.

After submitting your application through the TPRA site, you will receive an email with a link to schedule your examination. You must create a Pearson VUE web account on the Pearson VUE site. When creating your web account, use the same First and Last names and 20-character candidate (PTI ID) number as noted in your authorization-to-test email. For issues with your Pearson VUE username or password, the quickest way to reach a customer service agent is via LET’s CHAT. If your exam registration First or Last name does not match your photo ID, please email pearson@proftesting.com for assistance. After successfully scheduling, Pearson VUE will send a confirmation email listing your examination date and time, the test center address, along with important policies for your review and information. Confirmation emails are sent for every schedule, reschedule and cancellation of examination appointments. If you do not receive a confirmation email, Sign In with your Pearson VUE web account and verify the status of your examination appointment, as you may not have completed all of the necessary steps.

You may cancel or reschedule online up to 24 hours before your appointment at no cost. Pearson VUE will send you a confirmation email when you schedule, reschedule, or cancel an appointment. If rescheduling, be sure that you complete all of the steps until the “Your appointment is rescheduled!” screen is displayed. If you do not receive a confirmation email, please sign in with your Pearson VUE web account https://www.pearsonvue.com/tpra and recheck the status of your appointment as you may not have completed all of the necessary steps. If you fail to cancel 24 hours prior to your appointment, or if you miss your appointment, arrive late or fail to provide adequate identification, you will forfeit your exam fee and will not be able to schedule a new appointment without paying the TPRA exam retest fee. Please contact TPRA at info@tprassociation.org for next steps.

You must receive an 80% or higher score to pass the TPCRA examination.

Individuals are able to retake the TPCRA examination after waiting a minimum of 60 days following their last exam. Retake fee is $200.

Upon completing the examination with a score of 80% or higher, you will be notified that you have earned the TPCRA certification, and receive a digital credential badge via Credly and a paper certificate via mail to showcase your accomplishment.

TPCRA Certification applicants may choose to purchase the book “Cybersecurity & Third Party Risk” by author Gregory C. Rasner to prepare for the examination. This book closely aligns with the TPRCA Certification examination domains. You may also choose to participate in optional TPCRA training. Training provides you with 12 hours of in-depth discussion on the examination domains, hands on experience designing and performing cyber assessments, as well as opportunities to perform mock interviews and run through physical validation scenarios. Also included in the cost of training is a copy of the “Cybersecurity & Third Party Risk” book, training manual, training session recordings, and more. Training is taught by a knowledgeable subject matter expert who has achieved the TPCRA Certification designation.

Training is not required to take the TPCRA examination.

Training covers all topics which will be tested in the exam, including: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics

The purchase of TPCRA training includes: 16 hours of specialized training by a subject matter expert A copy of the book "Cybersecurity & Third Party Risk” by Gregory C. Rasner which can be used to prepare for the Examination A TPCRA Student Training Manual which includes all the information covered in Training sessions, workshops, hands-on scenarios, and more Access to pre-recorded TPCRA Training session playback All of these materials are also included in the TPCRA Training & Examination Bundle.

TPRA's Certification Program can accommodate private training sessions for organizations looking to get their whole teams certified. Contact Julie Gaiaschi at julie@tprassociation.org for more information.

Following payment of your certification processing fee and application approval, you will receive communication on how to register for TPCRA Training.

All TPCRA training materials are strictly confidential. Sharing the materials with any party other than the individual registered for training in prohibited. Sharing materials without the express permission of the Third Party Risk Association may result in your removal from training registration or discontinuation of the certification designation attained.

To retain your certification, TPCRA Certification holders must comply with the following requirements: Pay annual fee - $100 for TPRA Standard Practitioner Members, Vendor Members, & Non-members. $85 for TPRA Premium Practitioner Members. Participation in 20 hours of Continuing Professional Education (CPE) and submit evidence to CPE credits annually. Successfully abide by the Third Party Risk Association's Practitioner Code of Ethics.

CPE credits are provided to those that attend TPRA member meetings, as well as TPRA conferences.

Yes. CPEs issued by other organizations are accepted towards your CPE requirements.