Policy, Program and Procedures

 View Only
  • 1.  TPRM Certification

    Posted 04-28-2022 02:32 PM
    Good Afternoon,

    I'm looking to obtain a certification in the TPRM realm. I'm looking at getting either the CTPRP or C3PRMP certification. I'm wondering what is everyone's thoughts on these two certifications.....which is considered better, should it be based on job title, etc.

    A little background on me....I'm an Information Security Analyst with the primary duty of developing our company's TPRM program. I also work in risk management, business continuity, and security monitoring.

    Thank you in advance for all thoughts and input!

  • 2.  RE: TPRM Certification

    Posted 04-28-2022 03:07 PM

    Not sure if this is helpful, but for Vendor Management, which is part of the program, I took courses through Compliance Education Institute. They offer on-line courses to obtain Certified Regulatory Vendor Program Manager (CRVPM) certifications, and the prices are reasonable. I've attended the first two and they are very through on putting together the Vendor Management program.




    Cheryl Turner



  • 3.  RE: TPRM Certification

    Posted 04-28-2022 03:14 PM
    I have the same certification from Compliance Education Institute and it has courses.

  • 4.  RE: TPRM Certification

    Posted 04-28-2022 04:11 PM

    I can't speak to the C3PRMP process, but I obtained my CTPRP in 2019.  I appreciated that it was associated with the org (Shared Assessments) that developed the SIG used by many of the vendors I review.  While I haven't attended a Shared Assessments conference, I have attended many free webinars sponsored by them.

    To obtain the certification, an applicant must have at least 5 years professional experience in a field related to risks and controls (ex:  audit, compliance, BCP, access control, etc) and successfully complete a proctored exam. 

    I completed the 2 day CTPRP session to prepare for the proctored exam.

    Maintaining the CTPRP requires 60 CPEs per 3 year term, maintenance and renewal fees, and adhering to a Code of Ethics.


    As background, I have > 20 years experience in business resiliency and risk, information, and security controls with a super-regional bank.  I also have a Master of Science in Management of Information Systems (MS-MIS) and am a Certified Business Continuity Professional (CBCP)


    Obtaining the CTPRP provided increased credibility within the organization by confirming the processes and procedures I'd developed in support of our program were sound, and, when followed, would help us manage our vendor risks.    


    I'm sure both certifications have their pros and cons.  Good luck in obtaining whichever you pursue!


    Rosalie Stremple, MS-MIS, CTPRP, CBCP

    Vice President


  • 5.  RE: TPRM Certification

    Posted 04-29-2022 07:57 PM
    Out of curiosity I did a little research using a very popular job dashboard. 

    Here are some basic when searching for the acronyms for these certifications.
    • CRVPM - 74 jobs (Compliance Education Online - All financial and mostly banks)
    • CTPRP - 179 jobs (Shared Assessments - Some banks, but quite a bit of diversity for opportunities not tied to finance)
    • C3PRMP - 6 jobs (Third Party Risk Institute and Sourcing Industry Group)
    I am interested in Venminder's position on this topic.  Venminder is the one of the 6 jobs listing C3PRMP for a Third Party Risk Principal role.

    Other than the obvious implied by the outputs of the crude research above, does Venminder have any preference?  If Venminder was sending someone to training, what training path would be preferred and why?

    : -]

  • 6.  RE: TPRM Certification

    Posted 05-02-2022 10:09 AM

    Thanks for your question. The requirements for our Third-Party Risk Principal role included "relevant certification including CTPRP, C3PRMP, CTPRA, CRCM, CERP or equivalent certification/experience". We at Venminder do not endorse any one certification over another. We recognize, however, that certifications provide evidence that an individual has the requisite knowledge for a third-party risk management position.

    When choosing a certification, you must review the application requirements as they do vary slightly. For example, CTPRP requires five years of experience, while C3PRMP requires four. C3PRMP requires a bachelor's degree, while CTPRP does not. You should also consider tuition costs, training and exam formats, and recertification requirements. So your decision should be based on the best fit for you.

    Risk management certifications from reputable organizations are usually a good choice since they provide an independent seal of approval of your skillset and add credibility to your resume.

    I hope that answer is helpful, but I would love to hear the perspective of other members.

  • 7.  RE: TPRM Certification

    Posted 05-02-2022 10:32 AM
    Hi Everyone,

    Happy Monday! Thank you to everyone for your valuable input.

    I have aimed for the CTPRA through as it encompasses everything I need to independently assess, understand, and execute upon within my TPRM/VM/VRM Ecosystem/Landscape.

    Hope this helps.





    Wes Carrington, MBA, CCIPS, CERP, GRCA, GRCP (USMC-Ret.)

    Director of Risk Management