Upload File

2020-2021 job practice guide

3
Role Description The CTPRP designation is designed to validate knowledge and experience to demonstrate proficiency in the development of a comprehensive ThirdParty Risk Management (TPRM) Program; and, the assessment, analysis, management, and remediation of Third Party risk issues. The Job Practice Guide identifies the domains, topics, skills, competencies, and job role accountabilities that represent the type of work performed by an individual who supports the development, implementation, maintenance, and training of a Third Party risk management program within their organization. The structure of the Job Practice Guide is based on the inputs of Shared Assessments Program members, recognized best practices, and tools that drive Third Party risk assurance. About The CTPRP Credential To achieve the CTPRP credential, candidates must provide both evidence of their years of experience and successfully pass a rigorous proctored exam. To earn a CTPRP credential, we recommend at least 30 hours of preparation prior to taking the examination. The class materials and examination are career resources designed for those professionals who plan to certify, as well as for those who simply need to deepen their knowledge in Third Party risk management. The CTPRP training material and examination are organized by grouping the required body of knowledge topics into specific job practice focus areas. The CTPRP examination contains questions testing the domain technical knowledge and application of on-the-job knowledge based on the CTPRPCurriculum Outline. Examination Protocols & Question Formats The CTPRP examination contains 125 questions worth up to 140 points.Examination questions include testing the domain technical knowledge and application of knowledge using Third Party risk situations. The CTPRP examination is a time-based (3 hours), closed book exam. The exam is taken online from your computer and remote proctoring is required to monitor examination compliance. Multiple choice questions are presented to users using third party risk management scenarios from the Outsourcer or theService Provider point of view. A score of 70% or higher is required to pass the exam. Upon completion of the exam, a survey may be presented to provide feedback on the method of instruction, curriculum,materials, or examination content. 2020-2021 Job Practice Guide © 2020, 2021 The Santa Fe Group, Shared Assessments Program. All rights reserved.

Upload: others

Post on 18-May-2022

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: 2020-2021 Job Practice Guide

Role Description

The CTPRP designation is designed to validate knowledge and experienceto demonstrate proficiency in the development of a comprehensiveThirdParty Risk Management (TPRM) Program; and, the assessment,analysis, management, and remediation of Third Party risk issues. The JobPractice Guide identifies the domains, topics, skills, competencies, and jobrole accountabilities that represent the type of work performed by anindividual who supports the development, implementation, maintenance,and training of a Third Party risk management program within theirorganization. The structure of the Job Practice Guide is based on theinputs of Shared Assessments Program members, recognized bestpractices, and tools that drive Third Party risk assurance.

About The CTPRP Credential

To achieve the CTPRP credential, candidates must provide both evidenceof their years of experience and successfully pass a rigorous proctoredexam. To earn a CTPRP credential, we recommend at least 30 hours ofpreparation prior to taking the examination. The class materials andexamination are career resources designed for those professionals whoplan to certify, as well as for those who simply need to deepen theirknowledge in Third Party risk management. The CTPRP training materialand examination are organized by grouping the required body ofknowledge topics into specific job practice focus areas.

The CTPRP examination contains questions testing the domain technicalknowledge and application of on-the-job knowledge based on theCTPRPCurriculum Outline.

Examination Protocols & Question Formats

The CTPRP examination contains 125 questions worth up to 140points.Examination questions include testing the domain technicalknowledge and application of knowledge using Third Party risk situations.The CTPRP examination is a time-based (3 hours), closed book exam. The exam is taken online from your computer and remote proctoring isrequired to monitor examination compliance. Multiple choice questionsare presented to users using third party risk management scenarios fromthe Outsourcer or theService Provider point of view. A score of 70% orhigher is required to pass the exam. Upon completion of the exam, asurvey may be presented to provide feedback on the method ofinstruction, curriculum,materials, or examination content.

2020-2021 Job Practice Guide

© 2020, 2021 The Santa Fe Group, Shared Assessments Program. All rights reserved.

Page 2: 2020-2021 Job Practice Guide

Program governance policies, standards, and procedures

Contract development, adherence and contract managementVendor risk classificationDue diligence standardsSkills and ExpertiseCommunications and information sharing

Tools, measurements & analysisMonitoring and review

Risk assessment & treatmentInformation security policyOrganizational securityData privacy governanceHuman resources securityCompliance & audit

Access controlEnd user device securityServer securityNetwork securityApplication securityPrivacy Data safeguardsCloud securityPhysical & environmental security

Asset managementOperations managementBusiness continuity managementDisaster Recovery

Incident event and communicationsThreat managementVulnerability programSecurity awareness

I. Third Party Risk Management FoundationA. Regulatory Drivers for Third Party RiskB. Information Classification & Data GovernanceC. Third Party Risk Management Program Components

II. Third Party Risk Program ManagementA. TPRM Program Structure

B. TPRM Operations

C. TPRM Measurements

III. Third Party Risk Control DomainsA. Governance & Risk Management

B. Information Protection

C. IT Operations & Business Resiliency

D. Security Incident & Threat Management

IV. Third Party Risk Assessment ProcessA. Phases of an EngagementB. Assessment Planning & PreparationC. Assessment Engagement & CommunicationD. Post-Assessment Reporting & Remediation

CTPRP BODY OF KNOWLEDGE

CTPRP EXAM PROFILE

© 2020, 2021 The Santa Fe Group, Shared Assessments Program. All rights reserved.

Page 3: 2020-2021 Job Practice Guide

Participates in the classification and risk tiering of third parties, including defining the frequency of risk assessments Coordinates the identification, ranking and tracking of third party risks for the organization Defines the due diligence standards based on risk rating or classification to be applied in third party assessmentsManages communication plans and escalation plans regarding third party risk governance activities Actively drives coordination and implementation for the overall third party risk management program function within theorganization Monitors changes in the regulatory landscape to identify relevant compliance requirements Facilitates the escalation process for management risk acceptance or remediation approvals Partners with lines of business to manage third party risk as defined in contracts and third party policies and procedures Collaborates with internal functions to deploy standard contract provisions for security and privacy requirementsMonitors remediation actions and mitigation plans for identified third party risks Defines and tracks third party risk assessment metrics Communicates third party risk requirements to internal stakeholders Negotiates with third parties and business partners to address compliance with risk management policies Coordinatesgathering and analysis of risk assessment data for management Maintains third party governance policies, procedures and practices Provides dashboard reporting on third party risk management program activities, results, and outcomes Identifies andimplements monitoring functions for critical vendors Supports the vendor due diligence process by ensuring data protection requirements are maintained in contractualrelationships

CTPRP THIRD PARTY RISKROLE ACCOUNTABILITIES

DEFINESrequirements for thirdparty risk managementprogram structures

CONDUCTSvendor risk identificationand analysis to establishassurance and due diligencestandards

THIRD PARTY RISK PROFESSIONAL

IMPLEMENTSthird party risk managementprocesses within theorganization

EVALUATESprogram performance withmanagement reportingand benchmarking

© 2020, 2021 The Santa Fe Group, Shared Assessments Program. All rights reserved.


2021 Clinical Practice Guidelines - Provider

Live File 2021 Search Privacy job hunting

Uttarakhand Govt Jobs - Uttarakhand Employment 2021 Job …

Job Journal May 17, 2021

TRICS Good Practice Guide 2021 Good Practice Guide 2021.pdfTRICS Good Practice Guide 2021 TRICS Good Practice Guide 2021 5 20/11/2020 2. Using the most up to date version of TRICS

SHARING BEST PRACTICE 2021

On-job Training Programme-2021

Advanced Practice Nurse Job Search Strategy For Success

Teacher Job Description 2021

Scope of Practice Alignment with Job Tasks for

Job Classification and Salary Study 2021

WEEKLY JOB SUMMARY December 6 - 10, 2021

2021 Clinical Practice Guidelines - Amerigroup

BTI PRACTICE O 2021

Manufacturing Job Fair 10-8-2021

2021 Practice Classes - georgia4h.org

9 best practice tourism job posting

The Practice of Improving Job Quality - Aspen Institute

Finding a Job and Getting Started in Practice...Finding a Job and Getting Started in Practice Course 1607 Marketing Your Practice and Referral Development February 22, 2013, AAAAI

2021 Practice Schedule January 18 - January 31, 2021 Date ...2021/01/31  · Sponsored By: 2021 Practice Schedule January 18 - January 31, 2021 Day Date Time On Time Off Division Team

1 Employer Order # Job Title Wage City · 2021. 1. 13. · January 6 2021 to January 13 2021 Job on Connectingcolorado.com 1 Employer Order # Job Title Wage City American Greeti8767588

Usdan Director of Development Job Description 2021

YJ1 Job Catalog 2021 - Saint Paul, Minnesota

STUDENT HANDBOOK 2020-2021 - Get Job Ready

Best Practice Job Analysis Techniques

The Job Hunting Cycle & WorkPlace Issues Practice Test

Employment Notification No. 01/2021. - FREE Job Alert

Job Journal March 29, 2021 - American Job Center | Serving

2021 Job Seeker Salary Survey Report

CCAA Federal Job WorkShop Lessons Learned from Fed Job Searching usajobs Best Practice

Fall 2021 Job List - suffolk.edu

Job Descriptions and Job Analyses in Practice

Practice Paper 1 (2021)

Conservation Practice Job Sheet449 ID-JS - eFOTG ... · Web viewIrrigation Water Management Conservation Practice Job Sheet449 ID-JS Natural Resources Conservation Service, Idaho March

March 1, 2021 Job Journal - American Job Center