IARCP | CERTIFICATION | CC(GRC)P

Note: Membership is not a prerequisite for obtaining certifications from the association.

Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P, distance learning and online certification program

Overview

There are still companies and organisations that consider cyber risk a technical risk. But even the most advanced organizations must adapt and build their risk management framework on the foundation that we now operate in a fundamentally different world, one where cyber risk is a core component of hybrid risk. The old mindset is dangerously outdated. Today, cyber operations are embedded in economic warfare, political conflict, supply chain disruption, and military strategy. Cyber risk today is not just about protecting networks, it’s about protecting societies from hybrid threats.

A hybrid risk management framework should identify primary cyber threats, map their cascading effects on financial, legal, and business operations, and develop cross-functional response strategies.

For centuries, Newtonian mechanics was considered a complete and stand-alone framework for understanding motion and forces. It worked well for most practical applications but failed to explain phenomena at very small (quantum) or very large (cosmological) scales. Eventually, the theory of relativity and quantum mechanics showed that Newtonian physics was just a subset of a much broader and more complex reality.

Similarly, cyber risk has traditionally been seen as a stand-alone issue, much like Newtonian mechanics. However, just as physics evolved to integrate quantum and relativistic perspectives, cyber risk must now be understood as part of the larger hybrid risk environment, where cyber operations interact with economic, political, military, and psychological dimensions.

Instead of thinking “cyber risk”, decision-makers should think “hybrid risk with a cyber component”, to develop a more realistic and effective response strategy. Governments and organizations must recognize that cyber risks are part of a larger conflict strategy, not standalone risks. Defense strategies must address the full spectrum of hybrid threats, not just cybersecurity in isolation.

In almost all companies and organizations, the C-Level executives and the board believe that they are impacted by the cybersecurity skills shortage, and have difficulties to stay ahead of, and to cope with, evolving threats and vulnerabilities. They search for cybersecurity experts that are adequately trained, including those from nontraditional backgrounds. Unfortunately, there are not enough cybersecurity professionals available for hire, so entities are fighting for the same talent.

Objectives

The CC(GRC)P program is designed to empower professionals to confront and manage hybrid risks, where cyber threats collide with operational, regulatory, and reputational challenges, in an era where no risk exists in isolation. The program also provides with the skills needed to become a Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P, a certification that provides independent evidence to firms and organizations that you have a quantifiable understanding of the subject matter.

Target Audience

The CC(GRC)P certification empowers professionals to effectively lead and support cyber risk and compliance initiatives across complex environments. It is intended for managers and employees across all levels, strategic, tactical, and operational, who are responsible for safeguarding digital assets, ensuring regulatory compliance, and managing organizational risk.

Course Synopsis

Part 1.

- Introduction.
- The CC(GRC)P exam.
- Definitions.
- Cyber risks today, and what is different for organizations and employees.

Part 2.

Who is attacking us? How?

- Professional criminals and information warriors.
- Attacks on the critical infrastructure.
- No evidence of a problem is no evidence of no problem.
- From the U.S. National Infrastructure Protection Plan (NIPP).
- Attacks on the internet infrastructure.
- Widespread automated attacks.
- Threats, harassment, and other criminal offences.
- Botnets.
- The Necurs botnet.
- The ZeuS Trojan.
- Forgery and misrepresentation.
- Technology, intellectual property, trade secrets and proprietary information.
- The 2018 Foreign Economic Espionage in Cyberspace, from the National Counterintelligence and Security Center.
- Travel security.
- Hardware attacks.
- Case studies.
- Software attacks.
- The WannaCry Ransomware Virus.
- Worm Nimda.
- Tiny Banker Trojan.
- Mobile Malware.
- Metamorphic and polymorphic malware.
- Weaponized pdfs.
- Packet Sniffing.
- Social Engineering.
- Reverse Social Engineering.
- Common social engineering techniques.
- Phishing.
- Clone phishing.
- Spear-phishing.
- Case Study: The Carbanak gang.
- Whaling, phishing for executives.
- Smishing and vishing attacks.

Deep web, dark web, and the false sense of privacy.

- The deep web.
- The dark web.
- Darknet and overlay networks.
- The Onion Router.
- Tor and anonymity.
- De-anonymizing Tor users.
- Tor “hidden” services.

Modus Operandi.

- Step 1 – Collecting information about persons and systems.
- Reconnaissance.
- Who has signed a confidentiality agreement?
- Vendors, suppliers, service providers.
- Marketing and cyber security.
- Example or publicly available information: EDGAR.
- Attacking systems and persons.
- Ideologies and cyber risk.
- Blackmailing employees, the art and the science.
- Employee collusion with external parties.
- Employees and their weaknesses and vulnerabilities.
- You have an affair?
- Romance fraudsters and criminals.
- Webcam blackmail.
- Case studies.
- Sextortion.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment, and testing.
- Testing the asset.
- Sleeper agents in the private sector.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and stakeholders.
- Step 6 – Critical infrastructure.
- Case study: Operation Aurora.
- Case study: Sony Pictures.

Part 3.

From Warfare to Cyber Warfare.

- Clausewitz, the paradoxical trinity.
- Cyberspace, a domain of war.
- Jus ad bellum, jus in bello, jus post bellum.
- Article 2(4) and Article 51, United Nations (UN) Charter.
- Is a cyber attack an armed attack?
- From the G7 Finance Ministers and Central Bank Governors.
- US Department of Defense (DoD) Law of War manual (2015), Cyber Operations.
- Government Accountability Office (GAO), Weapon Systems Cybersecurity.
- Information Operations (IO).
- Electronic Warfare (EW).
- Electromagnetic Spectrum Targets.
- Computer Network Operations (CNO).
- Psychological Operations (PSYOP).
- Military Deception (MILDEC).
- Operations Security (OPSEC).
- Information assurance (IA).
- Physical security.
- Defensive Information Operations.
- Net-centric warfare.
- Cyberspace and national security.
- Hackers, Spies, or Hybrid Warfare?
- Case studies.
- Challenges to Security in Space, Defense Intelligence Agency (DIA).
- Camouflage for the digital domain (2020), NATO Strategic Communications Centre of Excellence.

Cyber Espionage.

- Espionage, Intelligence.
- Political, Economic, Military Intelligence.
- Competitive Intelligence vs. Economic or Industrial Espionage.
- Espionage, UK Centre for the Protection of National Infrastructure (CPNI).
- Espionage and other intelligence activities, Bundesamt für Verfassungsschutz (BfV, the Federal Office for the Protection of the Constitution).
- Cyber attacks controlled by intelligence services, Bundesamt für Verfassungsschutz (BfV).
- Counterintelligence (CI).
- Cyber Espionage.
- Open-Source Intelligence (OSINT).
- Case studies.
- Case study, Danish assessment of the cyber threat against Denmark.
- Office of Intelligence & Analysis Strategic Plan for Fiscal Years 2020-2024.

The attribution problem.

- A Guide to Cyber Attribution, Director of National Intelligence (DNI).
- Plausible Deniability.
- Misinformation, disinformation, deception management, fabrication.
- Disinformation management.
- ENISA, Disinformation operations in cyber-space.
- ENISA, Active Defense and Offensive Countermeasures.

Part 4.

The NIST Cybersecurity Framework.

- The Framework Core.
- The four elements:
- 1. Functions,
- 2. Categories,
- 3. Subcategories,
- 4. Informative References.
- The Functions:
- 1. Identify (ID),
- 2. Protect (PR),
- 3. Detect (DE),
- 4. Respond (RS),
- 5. Recover (RC).
- The Framework Profiles.
- The Framework Implementation Tiers.
- Tier 1: Partial.
- Tier 2: Risk Informed.
- Tier 3: Repeatable.
- Tier 4: Adaptive.

Coordination of Framework Implementation.

- How to use the framework.
- Communicating Cybersecurity Requirements with Stakeholders.
- Methodology to Protect Privacy and Civil Liberties.

NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.

- The NIST privacy framework, January 16, 2020.
- Privacy Risk Management.
- Privacy Framework Basics.
- The Core.
- Functions, categories, subcategories.
- The Framework Profiles.
- The Framework Implementation Tiers.
- Tier 1: Partial.
- Tier 2: Risk Informed.
- Tier 3: Repeatable.
- Tier 4: Adaptive.
- How to Use the Privacy Framework.
- Using a simple model of “ready, set, go” phases.

The NIST Cybersecurity Framework 2.0.

- The updated NIST Cybersecurity Framework.
- For all organizations, not just those in critical infrastructure.
- 1. CSF Core.
- 2. CSF Organizational Profiles.
- 3. CSF Tiers.
- a. GOVERN (GV).
- b. IDENTIFY (ID).
- c. PROTECT (PR).
- d. DETECT (DE).
- e. RESPOND (RS).
- f. RECOVER (RC).
- Organizational Context (GV.OC).
- Risk Management Strategy (GV.RM).
- Roles, Responsibilities, and Authorities (GV.RR).
- Policy (GV.PO).
- Oversight (GV.OV).
- Cybersecurity Supply Chain Risk Management (GV.SC).
- The CSF Profiles - Current Profile, Target Profile, Community Profile.
- The CSF Tiers.
- Privacy risks.
- Supply chain risks.
- Risks from emerging technologies.

Part 5.

Artificial Intelligence and Risk Management.

- Machine learning, Synthetic Data.
- Machine learning and cybersecurity.
- AI, Prevention, Detection and Response.
- Case study (Morgan Stanley).

- NIST, Artificial Intelligence Risk Management Framework (AI RMF 1.0).

- Workforce Framework for Cybersecurity (NICE Framework).
- Demand for Cyber Risk and Information Security Professionals.

- Closing remarks.

Become a Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P

We will send the program up to 24 hours after the payment. Please remember to check your spam or junk folder, as emails with attachments may occasionally be filtered there.

You are entitled to a full refund within 60 days of your payment. If you decide not to proceed with any of our programs or services for any reason, simply send us an email — we’ll process your refund with no questions asked.

Payments are processed by our strategic partner and service provider, Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, registered in the Commercial Register of the Canton of Zürich, Company Number: CHE-244.099.341).

The all-inclusive price is $297 (one time fee). There is no additional cost, now or in the future, for this program.

First option: You can purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.

Purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program here (VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.)




Second option: QR code payment.

i. Open the camera app or the QR app on your phone.

ii. Scan the QR code and possibly wait for a few seconds.

iii. Click on the link that appears, open your browser, and make the payment.



Third option: You can purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program with PayPal



What is included in the program:

A. The official presentations (1455 slides)

The presentations are designed to support both online and offline study, offering maximum flexibility for busy professionals. Whether you prefer to learn at your desk, on the go, or without an internet connection, the presentations are readily accessible and designed to adapt seamlessly to your individual schedule and learning preferences.

You have complete control over your learning experience, allowing you to progress at your own pace. You can move quickly through topics you’re already familiar with and dedicate more time to areas that require deeper understanding. This self-paced approach ensures efficient, focused learning that fits seamlessly into your professional and personal commitments, with no deadlines, no pressure, no expiration date, and no time limit to complete the program.

B. Up to 3 online exam attempts per year

To earn the CC(GRC)P designation, candidates are required to pass a single certification exam. If a candidate does not pass on the first attempt, they are encouraged to review the official training presentations and retake the exam.

Each candidate is permitted up to three exam attempts within a 12-month period, starting from the date of the first attempt.
- If the first attempt is unsuccessful, a second attempt is allowed using the same exam credentials.
- If the second attempt is also unsuccessful, a third attempt is permitted, again using the same credentials.
- If the candidate does not achieve a passing score after the third attempt, they must wait one year before retaking the exam. New exam credentials will be issued at that time.

There is no additional cost for any additional exam attempt.

To learn more, you may visit:

https://www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf

https://www.risk-compliance-association.com/CC(GRC)P_Certification_Steps_1.pdf

C. The Certificate, with a scannable QR code for verification.

You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, within 7 business days after passing the exam. A business day refers to any day on which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.

Certified Cyber (Governance Risk and Compliance) Professional CC(GRC)P

D. One web page of the International Association of Risk and Compliance Professionals (IARCP) dedicated to you (risk-compliance-association.com/Your_Name.htm).

When third parties scan the QR code on your certificate, they will be directed to your dedicated page on the International Association of Risk and Compliance Professionals (IARCP) website. Here, they can verify that you are a certified professional and confirm the validity and legitimacy of your certificates.

On this dedicated web page, we will display your name, the certificates you have received from us, images of your certificates, and, if applicable, a picture of your lifetime membership certificate.

This is an example:

https://www.risk-compliance-association.com/John_Anderson.htm

Professional certificates are some of the most frequently falsified documents. Employers and third parties need an easy, effective, and efficient way to check the authenticity of each certificate. QR code verification is a good response to this demand.

Frequently Asked Questions

1. I want to learn more about the International Association of Risk and Compliance Professionals (IARCP).

The IARCP is a global community of risk and compliance management experts who explore career avenues and acquire lifelong skills.

The IARCP is wholly owned by Compliance LLC, a company incorporated in Wilmington, NC, with offices in Washington, DC. Compliance LLC provides risk and compliance training and certification in 57 countries.

Several business units of Compliance LLC operate as successful associations, offering membership, weekly or monthly updates, training, certification, interest representation, and other services to their members. The business units of Compliance LLC include:

- The Sarbanes-Oxley Compliance Professionals Association (SOXCPA), the largest Association of Sarbanes-Oxley professionals in the world. You may visit: https://www.sarbanes-oxley-association.com

- The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com

- The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-ii-association.com

The Certified Risk and Compliance Management Professional (CRCMP) certificate has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 57 countries. Companies and organizations around the world consider the CRCMP a preferred certificate.

You can find more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf


CRCMP

2. What types of training does the association offer?

The IARCP provides distance learning and online certification programs globally, along with in-house, instructor-led training programs for companies and organizations in many countries.

A. Distance learning and online certification programs.

1. Certified Risk and Compliance Management Professional (CRCMP). To learn more, you may visit: https://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

2. Certified Information Systems Risk and Compliance Professional (CISRCP). To learn more, you may visit: https://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm

3. Certified Risk and Compliance Management Professional in Insurance and Reinsurance CRCMP(Re)I. To learn more, you may visit: https://www.risk-compliance-association.com/CRCMP_Re_I.htm

4. Certified Cyber (Governance Risk and Compliance) Professional CC(GRC)P. To learn more, you may visit: https://www.risk-compliance-association.com/CC_GRC_P_Distance_Learning_and_Certification.htm

5. Travel Security Trained Professional (TSecTPro). To learn more, you may visit: https://www.risk-compliance-association.com/TSecTPro_Distance_Learning_and_Certification.htm

B. Instructor-led training.

The association develops and maintains five certification programs and numerous customized training programs for directors, executive managers, risk and compliance managers, internal and external auditors, data owners, process owners, consultants, suppliers, and service providers.

For instructor-led training, you may contact Lyn Spooner at: lyn@risk-compliance-association.com

3. Is there any discount available for the distance learning programs?

To keep our programs as affordable as possible for all members, we do not offer a discount on the first program. However, you will receive a $100 discount on your second and every subsequent program.

For example, after purchasing the Certified Risk and Compliance Management Professional (CRCMP) program for $297, you are eligible for exclusive discounts on additional programs, including:

1. The Certified Information Systems Risk and Compliance Professional (CISRCP) program for $197 (regular price: $297).

2. The Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program for $197 (regular price: $297).

3. The Certified Risk and Compliance Management Professional in Insurance and Reinsurance - CRCMP(Re)I program for $197 (regular price: $297).

4. The Travel Security Trained Professional (TSecTPro) program for $197 (regular price: $297).

When you purchase the Certified Cyber (Governance, Risk, and Compliance) Professional – CC(GRC)P program, you’ll receive a 50% discount on the Travel Security Trained Professional (TSecTPro) program. The all-inclusive cost is reduced to $148 (regular price: $297).

Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, CHE-244.099.341), acting as a strategic partner and authorized service provider of the International Association of Risk and Compliance Professionals (IARCP), extends a $100 discount on each of the online training programs listed below to individuals who have previously enrolled in any online training program offered by the IARCP. This special offer is designed to support your continued growth and professional development.

1. NIS 2 Directive Trained Professional (NIS2DTP)

2. Digital Operational Resilience Act Trained Professional (DORATPro)

3. Critical Entities Resilience Directive Trained Professional (CERDTPro)

4. Data Act Trained Professional (DataActTPro)

5. Data Governance Act Trained Professional (DatGovActTP)

6. European Chips Act Trained Professional (EChipsActTPro)

7. Digital Services Act Trained Professional (DiSeActTPro)

8. Digital Markets Act Trained Professional (DiMaActTPro)

9. Artificial Intelligence Act Trained Professional (AIActTPro)

To receive the URL for the discounted rate, please email us with the subject line: "Request for Discounted Program URL."

In the email, please let us know:

a. Which was the name and email address of the person or legal entity that had purchased the program from the International Association of Risk and Compliance Professionals (IARCP).

b. Which is the program you want to purchase now at $197 instead of $297.

You will receive the URL for the discounted price for your second and subsequent programs within 48 hours (business days).

4. Are your training and certification programs vendor neutral?

Yes, absolutely. All of our training and certification programs are completely vendor-neutral. This means we do not promote or rely on any specific tools, products, or service providers. Instead, we focus on universally applicable concepts, frameworks, and best practices that are recognized across the industry. Our goal is to provide participants with knowledge and skills that are transferable to any organization or environment, regardless of the technologies or vendors they use. By staying independent from vendors, we ensure that our programs remain objective, practical, and relevant to a wide range of roles and sectors.

5. Are there any entry requirements or prerequisites required for enrolling in the training programs?

There are no entry requirements or prerequisites for enrollment in our programs. We believe that learning should be accessible to everyone, regardless of their background, academic credentials, or professional experience. In contrast to providers that set stringent prerequisites or entry barriers, our approach prioritizes accessibility and openness. We do not believe that the opportunity to learn and grow should be limited by prior qualifications. Whether you're just beginning your career, changing paths, or expanding your expertise, our programs are designed to support individuals at all levels. Each course provides a clear and structured learning path, allowing individuals at all levels to gain valuable insights, and build practical skills. Our approach empowers motivated learners from different industries and career stages to gain value and opportunity from the program.

6. I want to learn more about the exam.

You can take the exam online from your home or office, in all countries.

It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.

The exam contains only questions that have been clearly answered in the official presentations.

All exam questions are multiple-choice, composed of two parts:

a. A stem (a question asked, or an incomplete statement to be completed).

b. Four possible responses.

In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.

TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.

BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.

RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.

SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.

We do not send sample questions or past exams. If you study the presentations, you can score 100%.

a. When you are ready to take the CRCMP exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

b. When you are ready to take the CISRCP exam, you must follow the steps: https://www.risk-compliance-association.com/CISRCP_Certification_Steps_1.pdf

c. When you are ready to take the CRCMP(Re)I exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Re_I_Certification_Steps.pdf

d. When you are ready to take the CC(GRC)P exam, you must follow the steps: https://www.risk-compliance-association.com/CC_GRC_P_Certification_Steps_1.pdf

e. When you are ready to take the TSecTPro exam, you must follow the steps: https://www.risk-compliance-association.com/TSecTPro_Certification_Steps_1.pdf

7. How comprehensive are the presentations? Are they just bullet points?

The presentations are not collections of bullet points, they are thoughtfully structured, in-depth learning materials designed to provide clear explanations, context, and real-world relevance. Unlike slide decks that rely on brief summaries, our presentations guide you through each concept in a comprehensive and engaging manner. They are highly effective for both online and offline study, making them ideal for professionals who value substance and flexibility in their learning experience.

8. Do I need to buy books to pass the exam?

No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. You can:

- Highlight key terms and sections to help you focus during review.
- Add digital sticky notes (just like Post-it notes) anywhere in the document to remind yourself where specific answers or explanations are.
- Underline or circle text using freehand drawing tools.
- Add bookmarks to easily navigate to important sections.
- Search each document using keywords to quickly find what you need.

9. Is it an open book exam? Why?

Yes, it is an open book exam. Risk and compliance management is a field that requires deep understanding, critical thinking, and the ability to apply principles in real-world situations, not simply the ability to memorize facts. The goal of our certification programs is to help you build lasting knowledge and practical skills that you can confidently use in your professional role.

In real-life scenarios, risk and compliance professionals have access to regulations, frameworks, and reference materials, and are expected to use them thoughtfully. Our open book exam reflects this reality by assessing your comprehension and ability to apply what you've learned, rather than testing your memory.

10. Do I have to take the exam soon after receiving the presentations?

No, there is no set exam date, you may take the exam at any time that suits you. Your account will not expire. Any future updates to the training materials will be made available to you at no cost.

The Association reserves the right to amend the General Terms and Conditions (GTC) at any time. Any changes will become effective upon publication on the website of the association, and will apply exclusively to training programs purchased after the date of modification.

For our distance learning and online certification programs, the General Terms and Conditions in effect at the time of purchase shall apply for a period of eighteen (18) months from the date of payment. If a participant does not pass the exam within this 18-month period, access to the program will remain valid, and the participant may take the exam at a later date. In such cases, however, the participant shall be subject to the General Terms and Conditions in force at the time the exam is taken.

11. Do I have to spend more money in the future to remain certified?

No. Your certificate is issued with lifetime validity and does not expire. There are no renewal fees, no hidden costs, and no requirement to retake the exam in the future. Once certified, you remain certified.

12. Ok, the certificate never expires, but what about changes in the field?

Things do change. While many organizations introduce mandatory recertification as a recurring revenue stream, we’ve taken a different approach. Although we were advised to "introduce multiple recurring revenue streams to keep business flowing", we made a conscious decision to prioritize long-term value for our members over short-term profit. That’s why no recertification is required for our programs.

Instead, we are committed to keeping you informed and up to date, at no cost. We invite you to visit the Association’s Reading Room each week and explore our newsletter, where you’ll find valuable insights, regulatory updates, timely alerts, and new opportunities. This ongoing access ensures you remain current and well-informed in a dynamic and constantly evolving field.

13. How many hours do I need to study to pass the exam?

To ensure you have learned the details, you should study the presentations at least twice. The average time required is:

- 37 hours for the CRCMP program,
- 26 hours for the CISRCP program,
- 35 hours for the CC(GRC)P program,
- 34 hours for the CRCMP(Re)I program, and
- 12 hours for the TSecTPro program.

This is the average time needed. There are important differences among members.

14. I would like to receive a printed certificate. Can you send me one?

Unfortunately, we do not issue printed certificates. Instead, you will receive your official certificate via email in Adobe Acrobat (PDF) format, which includes a scannable QR code for instant verification. Certificates are issued within 7 business days after you pass the exam. Please note that business days refer to Monday through Friday, excluding weekends and public holidays.

To ensure authenticity and transparency, the association creates a dedicated web page for each certified professional (risk-compliance-association.com/Your_Name.html). This page will include your full name, a list of all certificates you have earned from the association, and images of your certificates.

When a third party scans the QR code on your certificate, they are directed to your personalized verification page. This allows employers, clients, and other stakeholders to easily confirm that your certification is valid, current, and legitimately issued.

Professional certificates are among the most frequently falsified documents. Providing a secure, scannable QR code with direct access to official verification offers a fast, reliable, and efficient solution. You may also print your certificate from the PDF file at any time, with the embedded QR code ensuring instant and reliable validation.

15. What is the refund policy?

The association maintains a clear and customer-friendly refund policy. You are entitled to request a full refund within 60 days of your payment, no questions asked. If, for any reason, you decide that one of our programs or services is not right for you, simply send us an email within this 60-day window.

Once we receive your request, we will process your refund within one business day. There are no forms to fill out, no explanations required, and no delays. Our goal is to provide a risk-free and stress-free experience.

16. Why should I get certified, and why should I choose your certification programs?

1. Global Recognition: The Certified Risk and Compliance Management Professional (CRCMP) designation has become one of the most widely recognized certifications in risk management and compliance. CRCMP-certified professionals live and work in 57 countries, and organizations worldwide recognize the CRCMP as a preferred and trusted credential in risk and compliance management. To learn more about the demand for CRCMP holders, please refer to: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf

2. Flexible and Convenient Learning: Our training programs are designed with flexibility in mind. Participants can access course materials and complete the certification exam anytime, from anywhere. This is especially beneficial for professionals with demanding schedules who need to learn at their own pace.

3. Affordable, All-Inclusive Pricing: Each program is offered at a low, all-inclusive price. There are no hidden fees or additional costs, now or in the future, for any reason.

4. Discounts on Additional Programs: When you enroll in a second program, you receive a $100 discount. This means the all-inclusive cost for your second (and every additional) program is $197 (compared to the regular price of $297). There are no hidden fees or recurring charges. This discount is our way of supporting your continued professional development.

5. Multiple Exam Attempts Included: Each program includes up to three exam attempts per year at no additional cost, as outlined above.

6. No Recertification Required: Your certificates are issued with lifetime validity. No recertification is required, and your credentials will not expire.

7. Potential for Career Advancement and Industry Recognition: There is a clear and growing demand for qualified professionals in risk and compliance management. Certified individuals are often recognized by employers, may enjoy broader career opportunities, and may be preferred for promotions or new roles. Earning a professional certification demonstrates your commitment to continuous learning and your active engagement in a global community of experts.

However, it’s important to note that no certificate, regardless of its reputation, can guarantee a new or better job. Career advancement depends on many factors, including supply and demand, market conditions, and timing. Certification is a valuable asset, but it is only one part of a larger professional development journey.

8. The fit and proper requirement in regulations: Firms and organizations hire and promote fit and proper professionals who can provide evidence that they are qualified. Employers need assurance that managers and employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that professionals are qualified, and that controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

9. Increased Earning Potential: Professionals who invest in gaining new skills and recognized certifications may become eligible for higher-paying roles. Training and ongoing professional development may significantly enhance your earning potential and contribute to long-term career success. However, it’s important to understand that increased earnings are not guaranteed. Compensation and career advancement depend on various factors. Certification is a valuable tool, but not a guarantee on your path to career growth.

IARCP, some of our clients