IARCP | CERTIFICATION | CRCMP(HR²M)

Advanced Specialization

Certified Risk and Compliance Management Professional in Hybrid Risk and Resilience Management - CRCMP(HR²M), distance learning and online certification program

Overview

The CRCMP(HR²M) program is an advanced specialization in Hybrid Risk and Resilience Management, designed exclusively for Certified Risk and Compliance Management Professionals (CRCMPs).

It builds on the solid foundation of the CRCMP designation and equips participants with cutting-edge knowledge to understand, identify, assess, and effectively manage complex hybrid risks.

The program prepares CRCMPs to strengthen organizational resilience across interconnected domains, including geopolitical and regulatory risk, counterintelligence, and supply chain resilience, while advancing capabilities in hybrid threat psychology, hybrid stress testing, and crisis management, ensuring readiness for an increasingly complex risk landscape.

Prerequisites

Enrollment in the CRCMP(HR²M) program is restricted to professionals who have already passed the Certified Risk and Compliance Management Professional (CRCMP) exam. To preserve the credibility and value of this credential, the association does not allow substitutions, equivalency credits, or waivers of any kind. The curriculum assumes mastery of the CRCMP body of knowledge.

If you do not yet hold the CRCMP but wish to pursue the CRCMP(HR²M), you must first pass the CRCMP exam. Upon successful completion, you may immediately enroll in the CRCMP(HR²M) program.

Objectives

The CRCMP(HR²M) program is designed to extend the capabilities of CRCMPs into the advanced domains of hybrid risk and resilience. This advanced specialization:

1. Moves from traditional risk and compliance frameworks into the management of multi-vector, cross-domain, and asymmetric threats that transcend conventional boundaries.

2. Develops expertise in hybrid risk governance.

3. Equips with the skills to design cross-sector resilience strategies, integrate governance across silos, and align risk frameworks with organizational, regulatory, and geopolitical realities.

4. Provides practical methodologies for hybrid stress testing, assisting organizations to withstand hybrid risks.

5. Advances the careers of CRCMPs by adding specialized expertise in hybrid risk and resilience, and offering strategic, cross-sector perspectives that are highly valued by organizations and boards.

The program provides with the skills needed to become a Certified Risk and Compliance Management Professional in Hybrid Risk and Resilience Management - CRCMP(HR²M), a certification that provides independent evidence to firms and organizations that you have a quantifiable understanding of the subject matter.

Target Audience

The CRCMP(HR²M) program is designed for professionals who already hold the CRCMP designation and are ready to expand into the advanced domains of hybrid risk and resilience. It is especially relevant for those engaged in multi-vector risk environments, cross-sector resilience, and global governance:

1. Risk Managers and Professionals. The CRCMP(HR²M) advanced specialization develops expertise in handling hybrid threats, strengthens resilience strategies, enhances communication with leadership, and provides a competitive advantage in a world where risk and compliance are central to organizational survival and success.

It also equips professionals with essential counterintelligence awareness, helping them recognize and mitigate risks stemming from espionage, insider threats, and information manipulation. In addition, the program emphasizes hybrid stress testing, enabling organizations to anticipate cascading crises across digital, financial, regulatory, and geopolitical domains, well beyond the scope of traditional stress testing.

2. Compliance Managers and Professionals. They ensure adherence to laws, regulations, and internal policies. The CRCMP(HR²M) advanced specialization broadens this role by mapping hybrid threats into compliance obligations, enabling them to anticipate emerging risks and strengthen organizational resilience. It prepares them to address challenges that increasingly intersect with legal, ethical, and governance obligations.

Regulators expect boards and executives to demonstrate governance over resilience and hybrid threats. The CRCMP(HR²M) advanced specialization assists compliance managers in translating hybrid risks into board-reportable compliance obligations, and in preserving the evidence needed to withstand scrutiny from regulators and courts, where every word, every document, and every decision counts.

3. IT, Cybersecurity, and Information Security Professionals. This advanced specialization provides the skills to bridge the gap between technical security, compliance, and executive decision-making.

IT, cybersecurity, and information security professionals face the challenge of translating highly technical issues into business and governance terms that leadership can understand and act upon. The CRCMP(HR²M) advanced specialization gives a much better understanding of how to present IT and cyber risks in strategic, regulatory, and financial contexts.

By combining technical expertise, compliance knowledge, and counterintelligence awareness, participants learn to demonstrate the business impact of threats, justify security investments, and align incident response with legal and regulatory expectations.

4. Internal Auditors. The CRCMP(HR²M) advanced specialization develops expertise in evaluating the adequacy and effectiveness of risk, compliance, and resilience frameworks in the face of complex and hybrid threats. It equips internal auditors with the knowledge to provide independent assurance that organizational strategies, controls, and compliance measures are robust enough to withstand crises that cut across cyber, financial, regulatory, and geopolitical domains.

The program integrates counterintelligence awareness, enabling auditors to recognize risks related to insider activity, information manipulation, and hostile influence that can undermine governance structures. Through hybrid stress testing, auditors understand better how cascading crises might expose hidden vulnerabilities in controls, reporting systems, and compliance obligations.

5. Legal, Regulatory, and Corporate Governance Professionals.

The CRCMP(HR²M) advanced specialization develops expertise in understanding and managing the legal, regulatory, and governance implications of hybrid threats. Professionals can understand better compliance and governance under conditions of hybrid stress.

The CRCMP(HR²M) program assists in managing conflict-of-laws, advising on jurisdictional risk exposure, and supporting Boards in navigating the global complexities that arise from hybrid threats, including those orchestrated by state-sponsored actors who blend cyber, legal, financial, and disinformation tactics to destabilize organizations.

6. Consultants and Advisory Professionals.

The CRCMP(HR²M) advanced specialization develops expertise that enables consultants and advisory professionals to deliver high-value, forward-looking insights to clients facing increasingly complex and hybrid risk environments.

By integrating counterintelligence awareness, consultants can help clients recognize and mitigate risks from espionage, insider activity, and disinformation campaigns. These are challenges that are often underestimated but carry significant reputational, financial, and legal consequences. Through hybrid stress testing, they can guide organizations in simulating the cascading impact of combined cyber, financial, regulatory, and geopolitical crises, explaining vulnerabilities and recommending practical solutions.

This advanced specialization strengthens the consultant’s role as a trusted advisor who anticipates the intersection of risks across domains. It allows consultants to differentiate themselves in the marketplace by providing clients with strategic foresight, resilience strategies, and actionable compliance roadmaps that go well beyond traditional advisory services.

7. Project and Program Managers.

The CRCMP(HR²M) advanced specialization develops expertise in embedding risk, compliance, and resilience considerations directly into project and program delivery. For project and program managers, this means gaining the ability to plan, execute, and oversee initiatives that remain robust in the face of hybrid threats spanning digital, financial, operational, and geopolitical domains.

This advanced specialization strengthens the ability of project and program managers to translate organizational resilience goals into actionable plans, ensuring alignment with compliance and regulatory frameworks while maintaining delivery efficiency. It equips them to lead teams through complexity and uncertainty, positioning them as strategic enablers of resilience.

8. Service Providers.

The CRCMP(HR²M) advanced specialization develops expertise that is particularly valuable for service providers in IT, security, cloud, financial, legal, or managed services, that play a very important role in the resilience of the organizations they support.

In hybrid threat environments, service providers are prime targets for cyberattacks, espionage, and manipulation, since compromising them can create cascading effects across multiple client organizations. They also serve as critical partners in helping clients meet regulatory, resilience, and security requirements, often acting as an extension of the client’s own risk and compliance functions.

The program integrates counterintelligence awareness, enabling service providers to understand better threats such as supply chain infiltration, insider risks, and hostile influence campaigns that could undermine client relationships. It also emphasizes hybrid stress testing, equipping them to demonstrate the resilience of their services under combined cyber, regulatory, and operational crisis scenarios, an increasingly important factor in client due diligence and regulatory assessments.

Course Synopsis

Introduction.
- The CRCMP(HR²M) program.
- The CRCMP(HR²M) exam.

Part 1. Hybrid Threats and Resilience.
Resilience in the Age of Uncertainty.
- Business continuity, robustness, and resilience.
- Case study, Basel III and resilience.
- Resilience governance.
- Recovery Time Objective (RTO).
- Recovery Point Objective (RPO).

Hybrid Threats.
- Multi-vector threats.
- Convergent threats.
- Asymmetric threats.
- Functional understanding of hybrid threats.
- Holistic understanding of hybrid threats.

The Strategic Landscape of Hybrid Threats.
- Geopolitical Risk and Strategic Competition.
- Political risk.
- Geopolitical risk.

Cyber-Physical Attacks on Critical Infrastructure.
- Cyber-physical attack.
- Cyber-physical system (CPS).

Advanced Persistent Threats (APTs) and Hybrid Threats.
- What is an Advanced Persistent Threat (APT)?
- Is it an APT or a hybrid campaign?

Hybrid Threats, Guerrilla Warfare, Insurgency.
- Guerrilla warfare.
- Insurgency.
- Similarities and differences. 

Part 2. The Mind Under Siege | Hybrid Threat Psychology.
Desire.
- Affection.
- Motivation.
- Direction.
- Intensity.
- Persistence.
- The objects of desire.
- Is passion derived from "the unknown, the risk, the surprise, and the playfulness"?

Manipulation.
- Manipulation, when deployed strategically.
- What distinguishes manipulation from other forms of influence?
- Gaslighting.
- Mirroring.
- Love Bombing.
- Isolation.

Elicitation.
- Techniques.
- Assumed Knowledge.
- Bracketing.
- Response.
- Confidential Bait.
- Criticism.
- Deliberate False Statements / Denial of the Obvious. 
- Feigned Ignorance.
- Flattery. 
- Good Listener.
- The Leading Question.
- Macro to Micro.
- Mutual Interest.
- Oblique Reference.
- Questionnaires and Surveys.
- Ruse Interviews.
- Target the Outsider. 

Hybrid Threats, double deception, engineered insights.
- Double deception.
- Engineered insights.
- Manufactured reality.
- False Information Operations (FIOs).
- Deep Fake Technologies (DFTs).
- Deep Video Portraits (DVPs).
- Narrative Warfare.
- Information Laundering.
- Influence-as-a-Service (IaaS).
- Defensive deception.

From Trust to Treason. Psychology and Insider Threats.
- Motives, stressors, vulnerabilities, personality traits.

1. The malicious insider.
- a. Long-standing grievances.
- b. Unmet expectations.
- c. Identity conflicts.

2. The compromised insider.

3. The unwitting insider.

- The desire to belong vs. the need to be authentic.
- The hiring process.
- Example, Weaponizing the integrity of IT persons.

Fake, in Psychology.
- Fake, in law.
- Counterfeit.
- Forgery.
- Fraud.
- Misrepresentation.
- The "Simulacrum".

Between Luck and Resilience.
- Fortunately, we have not been hacked!
- The declaration of safety.

The weaponization of conspiracy theories.
- Sophisticated evolution in asymmetric tactics.
- Eroding the presumption of legitimacy.
- Radicalization.
- Conspiracy theories provide cover for malicious insiders.
- 1. The Dunning–Kruger effect.
- 2. The self-serving bias.
- 3. The confirmation bias.
- 4. The pessimism bias.

Part 3. Hybrid Threats | USA, EU, China, Russia.
Hybrid Threats | USA.
- US Department of Defense (DOD) definition and approach.
- Conventional and irregular warfare.
- US Intelligence Community, the Office of the Director of National Intelligence (ODNI).
- The “Updated IC Gray Zone Lexicon.”
- Gray Zone.
- Gray Zone Campaign.
- NATO, hybrid activities.

Hybrid Threats | European Union.
- The Joint Framework on countering hybrid threats, a European Union response.
- Recognising the hybrid nature of a threat.
- Foreign Information Manipulation and Interference (FIMI).

Hybrid Threats | China.
- Informatization.
- Systems-of-systems operations.
- Intelligentization.
- The Chinese doctrine.
- The Three Warfares.
- 1. Public Opinion Warfare.
- 2. Psychological Warfare.
- 3. Legal Warfare.
- China’s National Intelligence Law and Counter-Espionage Law.

Hybrid Threats | Russia.
- Russia’s doctrine of information warfare and hybrid threats.
- A doctrinal tradition spanning decades.
- The link to Soviet active measures.
- The doctrine of information confrontation.

Hybrid Threats | Private Sector.
- The private sector.
- Ambiguity.
- Deniability.
- Distance, dispersion, and disguise.
- Compounding.
- Operational slack.
- Cognitive slack.
- Reputational slack.
- The boundary between national security and corporate risk.
- Extraterritorial application of regulations.
- Incident management, a legal, communications, technical process.

Hybrid Threats Targeting Sectors | Examples.
- Hybrid Threats Targeting the Maritime Sector.
- Hybrid Threats Targeting the Aviation Sector.
- Hybrid Threats Targeting Online Gaming. (It sounds ridiculous. It is not).

Part 4. Hybrid Threats and the Law.
Hybrid Threats and the Law in the USA.
- Presidential Directives, Executive Orders.
- Executive Order 13636.
- Executive Order 13691.
- Presidential Policy Directive 41 (PPD-41).
- Executive Order 13800.
- Executive Order 13848.
- Executive Order 13873.
- Executive Order 13984.
- Executive Order 14028.
- Executive Order 14034.
- Executive Order 14110.
- Executive Order 14117.
- Executive Order 14144.
- Executive Order 14306. 

Hybrid Threats and the Law in the EU.
- Europe’s Resilience Doctrine.
- 1. The Digital Operational Resilience Act (DORA).
- 2. The Critical Entities Resilience Directive (CER).
- 3. The Cyber Resilience Act (CRA).
- 4. The Internal Market Emergency and Resilience Act (IMERA).
- EU and hybrid campaigns.

Part 5. Hybrid stress testing.
- What is hybrid stress testing?
- Penetration testing, red teaming, blue teaming, purple teaming, and hybrid stress testing.
- The Aviation Analogy.
- The Architecture Analogy.
- The Ecology Analogy.
- “I will tell you the outcome. We fail.”
- Which factors are accelerating the adoption?
- Is the world mature enough for hybrid stress testing?
- Which are the main reasons for resistance to hybrid stress testing?

Hybrid stress test, steps.
- Example: Trust Erosion Hybrid Stress Test.

Step 1: Objectives and Scope.

Objectives.
- a. Regulatory Compliance and Assurance.
- b. Operational Resilience.
- c. Strategic and Governance Readiness.

Scope.
- a. Business Functions in Scope.
- b. Datasets in Scope.
- c. Third-Party Providers and Jurisdictions in Scope.
- d. Time Horizon and Severity.

Step 2: Dependencies.
- a. Data Flows.
- b. Jurisdictional Exposure.
- c. Third-Party Dependencies.
- d. Critical Datasets.
- e. Safeguards.
- f. Supply Chain and Ecosystem Dependencies.
- g. Shadow IT and Informal Practices.

Step 3: Hybrid Threat Scenarios.
- Scenarios are not predictions.
- Hybrid scenarios must be intentionally designed to overwhelm.
- Effective scenarios are layered.

Step 4: Stress Parameters and Triggers.
- The boundaries of what stress means in practice.
- The specific events that activate the scenario.
- Technical parameters.
- Legal parameters.
- Operational parameters.
- Reputational parameters.
- Financial parameters.
- Examples of triggers.

Step 5: Execution of the Stress Test.
- Testing methodologies.
- 1. Table-top Exercise.
- 2. Live Simulation.
- 3. Hybrid Approach.
- Red Teaming and Adversary Emulation are not hybrid stress tests.
- Wargaming.

Step 6: Measuring Impact and Resilience.
- a. Technical.
- b. Legal and Compliance.
- c. Operational.
- d. Reputational.
- e. Strategic.

Resilience metrics.
- a. Recovery Time Objective (RTO).
- b. Recovery Point Objective (RPO).
- c. Compliance Continuity.
- d. Decision-Making Latency.
- e. Communication Effectiveness.
- f. Cross-Functional Coordination.
- Measurement must tie back to the objectives.
- Resilience benchmarked over time and across scenarios.

Step 7: Evaluation of Governance and Strategic Posture.
- The organization’s capacity to make clear, lawful, and timely decisions.
- Evaluation of governance.
- a. Decision-Making Speed.
- b. Clarity of Direction.
- c. Regulatory Alignment.
- d. Strategic Consistency.

Step 8: Documenting and Enhancing.
- Vulnerabilities, strengths, and unexpected dynamics.
- Structured Debriefing.
- What went well and reinforced resilience.
- What failed, delayed response, or created confusion.
- What decisions or actions had unintended consequences.
- What support or information was missing at critical moments.
- Lessons learned must be translated into enhancements across the organization.
- Final report.

Case Study, Scenario.
- A five-day hybrid stress test case study, where participants are guided through a simulated crisis scenario that unfolds over a structured timeline.
- Early warning signs and immediate operational impacts.
- Secondary effects spreading across digital, regulatory, and financial domains.
- Cascading consequences, including reputational damage and geopolitical dimensions.
- Mitigation efforts, strategic decision-making under pressure.
- Long-term lessons.

Part 6. What comes next.
Hybrid Threats and AI.
- Data poisoning.
- Model extraction and inversion attacks.
- Prompt injection.
- Scenario: Prompt injection to blind security infrastructure in a high-security facility.
- The hidden bill of cheap AI.
- AI-generated code. 

Decision Sovereignty in the Artificial Reality Age.
- The Artificial Reality Age (ARA).
- Decision Sovereignty.
- 1. At the individual level.
- a. Filtering Information.
- b. Shaping Perception.
- c. Nudging Behavior.
- 2. At the corporate level.

Technologies.
- 1. Virtual Reality (VR). 
- 2. Augmented Reality (AR). 
- 3. Mixed Reality (MR) and Extended Reality (XR).
- 4. Synthetic Media. 
- 5. Generative AI Systems. 
- 6. Digital Twins.
- 7. Persistent Metaverses.

Quantum hybrid threats, the next frontier.
- What is “quantum” and why should I care?
- What constitutes “appropriate measures” and “data protection by design and by default” in the quantum era?
- The “harvest now, decrypt later” strategy.
- Should we worry about retroactive exposure?
- Quantum hybrid actors.
- Integrating quantum capabilities and quantum narratives into hybrid campaigns.

DNA computing and hybrid threats.
- DNA as an information carrier.
- The revolution in data storage.
- Encoding audio, images and text into synthesized DNA molecules.
- Encrypting messages within DNA encoded microdots.
- DNA steganography changes espionage and data exfiltration forever.
- Forensic and compliance risks.
- DNA hybrid threats complicate accountability.
- DNA computing and quantum supremacy.

Neuromorphic and brain-inspired computing.
- Processing information in ways that resemble the nervous system.
- Brain-inspired sensing.
- Neuromorphic systems shift sensing, learning, and decision-making.
- Neuromorphic hardware and event-based sensors create a fertile surface for covert compromise.
- Weaponization of on-device learning.
- Compromising adjacent sensors.
- Manipulated neuromorphic controllers embedded in drones, vehicles, and industrial controllers.
- Governance responses, neuromorphic risk.
- The new class of exploits requires expanding incident taxonomies.
- Neuromorphic and brain-inspired computing systems are already in use.
- Neuromorphic vision sensors already embedded in commercial drones and robotics platforms.
- Intel, IBM, large-scale neuromorphic processors, Loihi, Loihi 2, TrueNorth.
- Surveillance and security systems, robotics, industrial automation, defense.

The fusion of physical, digital, and cognitive space.
- Actions triggered by machine perception, not human observation.
- “See” and “Know” no longer describe human sensory or cognitive experiences.
- Continuously sensed.
- Algorithmically mediated.
- Triggered by machine perception.
- Hybrid Threats in the Artificial Reality Age (ARA).

Closing remarks.

---

Become a Certified Risk and Compliance Management Professional in Hybrid Risk and Resilience Management - CRCMP(HR²M)

The all-inclusive price is $297 (one time fee). There is no additional cost, now or in the future, for this program.

Please note that the standard $100 discount, which is normally applied to a participant’s second and subsequent programs, does not apply in this case. This policy reflects the unique nature, development effort, and specialized content of the CRCMP(HR²M) program.

Lifetime members are entitled to a 50% discount on the CRCMP(HR²M) program. This benefit applies in the same way as for all our other programs, ensuring that lifetime members continue to receive half off the regular program fee. Please note that no additional discounts or exceptions apply to the CRCMP(HR²M) program for any reason.

The CRCMP(HR²M) advanced specialization program is available exclusively to those who have already passed the Certified Risk and Compliance Management Professional (CRCMP) exam.

If you are a CRCMP, you may submit an email request for access. Within 48 hours, you will receive a reply with the URL where you can complete the payment by credit card, QR code, or PayPal.

Your email request must have the subject line: CRCMP(HR²M) Program URL

In the body of the email, please provide your full name exactly as it appears on your CRCMP certificate, along with your preferred email address.

We will send the program up to 24 hours after the payment. Please remember to check your spam or junk folder, as emails with attachments may occasionally be filtered there.

You are entitled to a full refund within 60 days of your payment. If you decide not to proceed with any of our programs or services for any reason, simply send us an email — we’ll process your refund with no questions asked.

Payments are processed by our strategic partner and service provider, Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, registered in the Commercial Register of the Canton of Zürich, Company Number: CHE-244.099.341).

---

What is included in the program:

A. The official presentations (1,164 slides)

The presentations are designed to support both online and offline study, offering maximum flexibility for busy professionals. Whether you prefer to learn at your desk, on the go, or without an internet connection, the presentations are readily accessible and designed to adapt seamlessly to your individual schedule and learning preferences.

You have complete control over your learning experience, allowing you to progress at your own pace. You can move quickly through topics you’re already familiar with and dedicate more time to areas that require deeper understanding. This self-paced approach ensures efficient, focused learning that fits seamlessly into your professional and personal commitments, with no deadlines, no pressure, no expiration date, and no time limit to complete the program.

B. Up to 3 online exam attempts per year

To earn the CRCMP(HR²M) designation, candidates are required to pass a single certification exam. If a candidate does not pass on the first attempt, they are encouraged to review the official training presentations and retake the exam.

Each candidate is permitted up to three exam attempts within a 12-month period, starting from the date of the first attempt.
- If the first attempt is unsuccessful, a second attempt is allowed using the same exam credentials.
- If the second attempt is also unsuccessful, a third attempt is permitted, again using the same credentials.
- If the candidate does not achieve a passing score after the third attempt, they must wait one year before retaking the exam. New exam credentials will be issued at that time.

There is no additional cost for any additional exam attempt.

To learn more, you may visit:

https://www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf

https://www.risk-compliance-association.com/CRCMP_HR2M_Certification_Steps_1.pdf

C. The Certificate, with a scannable QR code for verification.

You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, 7 business days after you pass the exam. A business day refers to any day on which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.

D. One web page of the International Association of Risk and Compliance Professionals (IARCP) dedicated to you (risk-compliance-association.com/Your_Name.htm).

When third parties scan the QR code on your certificate, they will visit the web page of the International Association of Risk and Compliance Professionals (IARCP) that is dedicated to you. They will be able to verify that you are a certified professional, and your certificates are valid and legitimate.

In this dedicated web page we will have your name, the certificates you have received from us, pictures of your certificates, and a picture of your lifetime membership certificate if you are a lifetime member.

This is an example:

https://www.risk-compliance-association.com/John_Anderson_CRCMP_HR2M.htm

Professional certificates are some of the most frequently falsified documents. Employers and third parties need an easy, effective, and efficient way to check the authenticity of each certificate. QR code verification is a good response to this demand.

---

Frequently Asked Questions

1. I want to learn more about the International Association of Risk and Compliance Professionals (IARCP).

The IARCP is a global community of risk and compliance management experts who explore career avenues and acquire lifelong skills.

The IARCP is wholly owned by Compliance LLC, a company incorporated in Wilmington, NC, with offices in Washington, DC. Compliance LLC provides risk and compliance training and certification in 57 countries.

Several business units of Compliance LLC operate as successful associations, offering membership, weekly or monthly updates, training, certification, interest representation, and other services to their members. The business units of Compliance LLC include:

- The Sarbanes-Oxley Compliance Professionals Association (SOXCPA), the largest Association of Sarbanes-Oxley professionals in the world. You may visit: https://www.sarbanes-oxley-association.com

- The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com

- The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-ii-association.com

The Certified Risk and Compliance Management Professional (CRCMP) certificate has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 57 countries. Companies and organizations around the world consider the CRCMP a preferred certificate.

You can find more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf

2. What types of training does the association offer?

The IARCP provides distance learning and online certification programs globally, along with in-house, instructor-led training programs for companies and organizations in many countries.

A. Distance learning and online certification programs.

1. Certified Risk and Compliance Management Professional (CRCMP). To learn more, you may visit: https://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

2. Certified Risk and Compliance Management Professional in Hybrid Risk and Resilience Management - CRCMP(HR²M). To learn more, you may visit: https://www.risk-compliance-association.com/CRCMP_HR2M.htm

3. Certified Information Systems Risk and Compliance Professional (CISRCP). To learn more, you may visit: https://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm

4. Certified Risk and Compliance Management Professional in Insurance and Reinsurance CRCMP(Re)I. To learn more, you may visit: https://www.risk-compliance-association.com/CRCMP_Re_I.htm

5. Certified Cyber (Governance Risk and Compliance) Professional CC(GRC)P. To learn more, you may visit: https://www.risk-compliance-association.com/CC_GRC_P_Distance_Learning_and_Certification.htm

6. Travel Security Trained Professional (TSecTPro). To learn more, you may visit: https://www.risk-compliance-association.com/TSecTPro_Distance_Learning_and_Certification.htm

B. Instructor-led training.

The association develops and maintains five certification programs and numerous customized training programs for directors, executive managers, risk and compliance managers, internal and external auditors, data owners, process owners, consultants, suppliers, and service providers.

For instructor-led training, you may contact Lyn Spooner at: lyn@risk-compliance-association.com

3. Is there any discount available for the distance learning programs?

To keep our programs as affordable as possible for all members, we do not offer a discount on the first program. However, you will receive a $100 discount on your second and every subsequent program.

For example, after purchasing the Certified Risk and Compliance Management Professional (CRCMP) program for $297, you are eligible for exclusive discounts on additional programs, including:

1. The Certified Information Systems Risk and Compliance Professional (CISRCP) program for $197 (regular price: $297).

2. The Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program for $197 (regular price: $297).

3. The Certified Risk and Compliance Management Professional in Insurance and Reinsurance - CRCMP(Re)I program for $197 (regular price: $297).

4. The Travel Security Trained Professional (TSecTPro) program for $197 (regular price: $297).

When you purchase the Certified Cyber (Governance, Risk, and Compliance) Professional – CC(GRC)P program, you’ll receive a 50% discount on the Travel Security Trained Professional (TSecTPro) program. The all-inclusive cost is reduced to $148 (regular price: $297).

Please note that the standard $100 discount, which is normally applied to a participant’s second and subsequent programs, does not apply in the CRCMP(HR²M) program. This policy reflects the unique nature, development effort, and specialized content of it.

Lifetime members are entitled to a 50% discount on the CRCMP(HR²M) program too. This benefit applies in the same way as for all our other programs, ensuring that lifetime members continue to receive half off the regular program fee. Please note that no additional discounts or exceptions apply to the CRCMP(HR²M) program for any reason.

Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, CHE-244.099.341), acting as a strategic partner and authorized service provider of the International Association of Risk and Compliance Professionals (IARCP), extends a $100 discount on each of the online training programs listed below to individuals who have previously enrolled in any online training program offered by the IARCP. This special offer is designed to support your continued growth and professional development.

1. NIS 2 Directive Trained Professional (NIS2DTP)

2. Digital Operational Resilience Act Trained Professional (DORATPro)

3. Critical Entities Resilience Directive Trained Professional (CERDTPro)

4. Data Act Trained Professional (DataActTPro)

5. Data Governance Act Trained Professional (DatGovActTP)

6. European Chips Act Trained Professional (EChipsActTPro)

7. Digital Services Act Trained Professional (DiSeActTPro)

8. Digital Markets Act Trained Professional (DiMaActTPro)

9. Artificial Intelligence Act Trained Professional (AIActTPro)

To receive the URL for the discounted rate, please email us with the subject line: "Request for Discounted Program URL."

In the email, please let us know:

a. Which was the name and email address of the person or legal entity that had purchased the program from the International Association of Risk and Compliance Professionals (IARCP).

b. Which is the program you want to purchase now at $197 instead of $297.

You will receive the URL for the discounted price for your second and subsequent programs within 48 hours (business days).

4. Are your training and certification programs vendor neutral?

Yes, absolutely. All of our training and certification programs are completely vendor-neutral. This means we do not promote or rely on any specific tools, products, or service providers. Instead, we focus on universally applicable concepts, frameworks, and best practices that are recognized across the industry. Our goal is to provide participants with knowledge and skills that are transferable to any organization or environment, regardless of the technologies or vendors they use. By staying independent from vendors, we ensure that our programs remain objective, practical, and relevant to a wide range of roles and sectors.

5. Are there any entry requirements or prerequisites required for enrolling in the training programs?

There are no entry requirements or prerequisites for enrollment in our programs. We believe that learning should be accessible to everyone, regardless of their background, academic credentials, or professional experience. In contrast to providers that set stringent prerequisites or entry barriers, our approach prioritizes accessibility and openness. We do not believe that the opportunity to learn and grow should be limited by prior qualifications. Whether you're just beginning your career, changing paths, or expanding your expertise, our programs are designed to support individuals at all levels. Each course provides a clear and structured learning path, allowing individuals at all levels to gain valuable insights, and build practical skills. Our approach empowers motivated learners from different industries and career stages to gain value and opportunity from the program.

There is one exception. The CRCMP(HR²M) advanced specialization program is available exclusively to those who have already passed the Certified Risk and Compliance Management Professional (CRCMP) exam. It builds on the solid foundation of the CRCMP designation and equips participants with cutting-edge knowledge to understand, identify, assess, and effectively manage complex hybrid risks.

6. I want to learn more about the exam.

You can take the exam online from your home or office, in all countries.

It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.

The exam contains only questions that have been clearly answered in the official presentations.

All exam questions are multiple-choice, composed of two parts:

a. A stem (a question asked, or an incomplete statement to be completed).

b. Four possible responses.

In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.

TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.

BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.

RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.

SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.

We do not send sample questions or past exams. If you study the presentations, you can score 100%.

a. When you are ready to take the CRCMP exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

b. When you are ready to take the CRCMP(HR²M) exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_HR2M_Certification_Steps_1.pdf

c. When you are ready to take the CISRCP exam, you must follow the steps: https://www.risk-compliance-association.com/CISRCP_Certification_Steps_1.pdf

d. When you are ready to take the CRCMP(Re)I exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Re_I_Certification_Steps.pdf

e. When you are ready to take the CC(GRC)P exam, you must follow the steps: https://www.risk-compliance-association.com/CC_GRC_P_Certification_Steps_1.pdf

f. When you are ready to take the TSecTPro exam, you must follow the steps: https://www.risk-compliance-association.com/TSecTPro_Certification_Steps_1.pdf

7. How comprehensive are the presentations? Are they just bullet points?

The presentations are not collections of bullet points, they are thoughtfully structured, in-depth learning materials designed to provide clear explanations, context, and real-world relevance. Unlike slide decks that rely on brief summaries, our presentations guide you through each concept in a comprehensive and engaging manner. They are highly effective for both online and offline study, making them ideal for professionals who value substance and flexibility in their learning experience.

8. Do I need to buy books to pass the exam?

No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. You can:

- Highlight key terms and sections to help you focus during review.
- Add digital sticky notes (just like Post-it notes) anywhere in the document to remind yourself where specific answers or explanations are.
- Underline or circle text using freehand drawing tools.
- Add bookmarks to easily navigate to important sections.
- Search each document using keywords to quickly find what you need.

9. Is it an open book exam? Why?

Yes, it is an open book exam. Risk and compliance management is a field that requires deep understanding, critical thinking, and the ability to apply principles in real-world situations, not simply the ability to memorize facts. The goal of our certification programs is to help you build lasting knowledge and practical skills that you can confidently use in your professional role.

In real-life scenarios, risk and compliance professionals have access to regulations, frameworks, and reference materials, and are expected to use them thoughtfully. Our open book exam reflects this reality by assessing your comprehension and ability to apply what you've learned, rather than testing your memory.

10. Do I have to take the exam soon after receiving the presentations?

No, there is no fixed exam date. You may take the exam at any time that suits you within four (4) years from the date of your payment. Your access to the training materials, including any future updates, will remain available to you at no additional cost during this four-year period.

The Association reserves the right to amend the General Terms and Conditions (GTC) at any time. Any changes will become effective upon publication on the website of the Association and will apply exclusively to training programs purchased after the date of modification.

For our distance learning and online certification programs, the General Terms and Conditions (GTC) in effect at the time of purchase shall apply for a period of four (4) years from the date of payment. After the expiry of this four-year period, the participant’s access to the program and the right to take the exam shall expire. Any future participation in the program shall require a new enrollment and will be subject to the General Terms and Conditions in force at that time.

The Association may, at its sole discretion, extend the four-year period for individual participants or for a group of participants. Such an extension is a voluntary option of the Association and shall not create any obligation, entitlement, or precedent for future cases.

11. Do I have to spend more money in the future to remain certified?

No. Your certificate is issued with lifetime validity and does not expire. There are no renewal fees, no hidden costs, and no requirement to retake the exam in the future. Once certified, you remain certified.

12. Ok, the certificate never expires, but what about changes in the field?

Things do change. While many organizations introduce mandatory recertification as a recurring revenue stream, we’ve taken a different approach. Although we were advised to "introduce multiple recurring revenue streams to keep business flowing", we made a conscious decision to prioritize long-term value for our members over short-term profit. That’s why no recertification is required for our programs.

Instead, we are committed to keeping you informed and up to date, at no cost. We invite you to visit the Association’s Reading Room each week and explore our newsletter, where you’ll find valuable insights, regulatory updates, timely alerts, and new opportunities. This ongoing access ensures you remain current and well-informed in a dynamic and constantly evolving field.

13. How many hours do I need to study to pass the exam?

To ensure you have learned the details, you should study the presentations at least twice. The average time required is:

- 37 hours for the CRCMP program,
- 44 hours for the CRCMP(HR²M) program,
- 28 hours for the CISRCP program,
- 32 hours for the CC(GRC)P program,
- 34 hours for the CRCMP(Re)I program, and
- 12 hours for the TSecTPro program.

This is the average time needed. There are important differences among members.

14. I would like to receive a printed certificate. Can you send me one?

Unfortunately, we do not issue printed certificates. Instead, you will receive your official certificate via email in Adobe Acrobat (PDF) format, which includes a scannable QR code for instant verification. Certificates are issued within 7 business days after you pass the exam. Please note that business days refer to Monday through Friday, excluding weekends and public holidays.

To ensure authenticity and transparency, the association creates a dedicated web page for each certified professional (risk-compliance-association.com/Your_Name.html). This page will include your full name, a list of all certificates you have earned from the association, and images of your certificates.

When a third party scans the QR code on your certificate, they are directed to your personalized verification page. This allows employers, clients, and other stakeholders to easily confirm that your certification is valid, current, and legitimately issued.

Professional certificates are among the most frequently falsified documents. Providing a secure, scannable QR code with direct access to official verification offers a fast, reliable, and efficient solution. You may also print your certificate from the PDF file at any time, with the embedded QR code ensuring instant and reliable validation.

15. What is the refund policy?

The association maintains a clear and customer-friendly refund policy. You are entitled to request a full refund within 60 days of your payment, no questions asked. If, for any reason, you decide that one of our programs or services is not right for you, simply send us an email within this 60-day window.

Once we receive your request, we will process your refund within one business day. There are no forms to fill out, no explanations required, and no delays. Our goal is to provide a risk-free and stress-free experience.

16. Why should I get certified, and why should I choose your certification programs?

1. Global Recognition: The Certified Risk and Compliance Management Professional (CRCMP) designation has become one of the most widely recognized certifications in risk management and compliance. CRCMP-certified professionals live and work in 57 countries, and organizations worldwide recognize the CRCMP as a preferred and trusted credential in risk and compliance management. To learn more about the demand for CRCMP holders, please refer to: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf

2. Flexible and Convenient Learning: Our training programs are designed with flexibility in mind. Participants can access course materials and complete the certification exam anytime, from anywhere. This is especially beneficial for professionals with demanding schedules who need to learn at their own pace.

3. Affordable, All-Inclusive Pricing: Each program is offered at a low, all-inclusive price. There are no hidden fees or additional costs, now or in the future, for any reason.

4. Discounts on Additional Programs: When you enroll in a second program, you receive a $100 discount. This means the all-inclusive cost for your second (and every additional) program is $197 (compared to the regular price of $297). There are no hidden fees or recurring charges. This discount is our way of supporting your continued professional development. Please note that the standard $100 discount, which is normally applied to a participant’s second and subsequent programs, does not apply in the CRCMP(HR²M) program.

5. Multiple Exam Attempts Included: Each program includes up to three exam attempts per year at no additional cost, as outlined above.

6. No Recertification Required: Your certificates are issued with lifetime validity. No recertification is required, and your credentials will not expire.

7. Potential for Career Advancement and Industry Recognition: There is a clear and growing demand for qualified professionals in risk and compliance management. Certified individuals are often recognized by employers, may enjoy broader career opportunities, and may be preferred for promotions or new roles. Earning a professional certification demonstrates your commitment to continuous learning and your active engagement in a global community of experts.

However, it’s important to note that no certificate, regardless of its reputation, can guarantee a new or better job. Career advancement depends on many factors, including supply and demand, market conditions, and timing. Certification is a valuable asset, but it is only one part of a larger professional development journey.

8. The fit and proper requirement in regulations: Firms and organizations hire and promote fit and proper professionals who can provide evidence that they are qualified. Employers need assurance that managers and employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that professionals are qualified, and that controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

9. Increased Earning Potential: Professionals who invest in gaining new skills and recognized certifications may become eligible for higher-paying roles. Training and ongoing professional development may significantly enhance your earning potential and contribute to long-term career success. However, it’s important to understand that increased earnings are not guaranteed. Compensation and career advancement depend on various factors. Certification is a valuable tool, but not a guarantee on your path to career growth.

---