Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.

Transcription

1 Application for CRMP Certification (part 1) GRCSI is now offering the Certified Risk Management Professional (CRMP) certification to support and recognize professionals who have skills and experience in the field of risk management. Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision. In order to achieve the CRMP certification, an applicant must: 1. Become a member of GRCSI 2. Complete the required forms describing their knowledge and work experience 3. Provide evidence of knowledge, skill, and accomplishments 4. Agree to adhere to the GRCSI code of ethics 5. Agree to comply with the CRMP continuing professional education (CPE) requirements Once the grandfathering provision has expired, professionals who wish to achieve the CRMP certification will need to pass a test in addition to submitting the required application forms. Work Experience In order to qualify for CRMP certification under the grandfathering provision, an applicant must provide evidence of eight (8) years of risk management experience as defined and described by the Risk Management Body of Knowledge (RMBoK). To recognize that other management experience and credentials are applicable to risk management, up to four (4) of the eight (8) years of required experience can be substituted as follows: One (1) year of experience may be substituted for management experience where risk was a required consideration, though not specific to risk management practices. Applicants wishing to make use of this substitution will be required to submit a 200 to 300 word description of their job, tasks, and functions related to risk for the duration of this substitution. One (1) year of experience may be substituted for each of the relevant credentials held by the applicant up to a maximum of three (3) years. If you hold a credential that you believe should be added to the list, please advise the certification board via our contact form and it will be considered in their next meeting. Financial Risk Management: Certified Public Accountant (CPA) Chartered Accountant (CA) Chartered Financial Analyst (CFA) Certified General Accountant (CGA) Certified Management Accountants (CMA) Certified Fraud Examiner (CFE) MBA in Finance Information Risk Management: Certified Information Systems Auditor (CISA) issued by ISACA Certified Information Security Manager (CISM) issued by ISACA Certified in the Governance of Enterprise IT (CGEIT) issued by ISACA Certified Information Systems Security Professional (CISSP) issued by (ISC) 2 Disaster Recovery Professional (DRP) issued by EC-Council Information Systems Security Management Professional (ISSMP) issued by (ISC) 2 Page 1 of 11

2 Application for CRMP Certification (part 1) Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors Operational Risk Management: Project Management Professional (PMP) issued by the Project Management Institute PRINCE2 issued by the Office of Government Commerce in the United Kingdom and other countries MBA in Operations Management (or equivalent) Advanced Graduate Certificate Program in Operations Risk Management Certified Protection Professional (CPP) issued by ASIS International Certified Business Continuity Professional (CBCP) issued by DRII Other relevant certifications may be considered on a case by case basis. Two (2) years of experience may be substituted for a post-graduate degree from an accredited university in risk management or a related field. GRCSI code of ethics GRCSI sets forth a code of professional ethics to guide the professional and personal conduct of GRCSI members. To view a copy of the code, please go to CRMP continuing professional education (CPE) policy CRMP certified professionals are required to remain current with new practices, trends, and developments in the field of risk management. Every three (3) years, a CRMP certified individual must submit a number of CPE hours consistent with the requirements of their certification and concentration. CPE hour requirements and submissions may be viewed and managed in the GRCSI member center. A CRMP certified professional must submit a minimum of twenty (20) CPE hours per year. Every three years, the total number of CPE hours submitted by the CRMP certified professional must be a minimum of one hundred and twenty (120). For example, in year 1, a CRMP may have submitted 20 hours. In year 2, the CRMP may have submitted 30 hours. In year three, the CRMP must submit 70 hours ( = 70) to maintain the CRMP certification. In addition to the CRMP CPE hours required as described above, A CRMP certified professional with a concentration (Finance, Information, or Operations) must have a minimum of ten (10) hours per year in their concentration. For example, in year 1, a CRMP-F may have submitted 20 hours, 10 of which were in the area of finance. In year 2, the CRMP may have submitted 30 hours, 20 of which were in the area of finance. In year three, the CRMP must submit 70 hours, 10 of which must be in the area of finance to maintain the CRMP certification. GRCSI recognizes that not all certified professionals may be able to submit the required number of CPE hours due to work or personal reasons. In order to maintain their certification, these professionals may retake the CRMP examination every three years. A CRMP certified professional with a concentration who is not capable of submitting the required CPE hours may only retake their concentration examination in order to main both the CRMP and concentration certifications. Page 2 of 11

3 Application for CRMP Certification (part 1) Certification Process Completing and submitting the application and supporting documentation Carefully complete all sections of the application form. Print and sign the document, append all supporting documentation (verification of work experience forms, copies of certifications, certificates, diplomas, letters, etc.) and then scan and , fax, or mail them all to: GRCSI Certification Committee 925 Boul. De Maisoneuve West Suite 412 Montreal, Quebec Canada, H3A 0A2 Fax: Application Fee The payment of an application fee is required for your application to be reviewed. The grandfathering application fee is $495 for GRCSI members. If you are not yet a GRCSI member, you may pay your membership fee and grandfathering application fee at the same time in the member s section of the web site. Page 3 of 11

4 Application for CRMP Certification (part 1) Your information Name: GRCSI ID 1 : Contact address: Your current employer s information: Contact phone number: Company name: Supervisor title: Supervisor phone: Experience verification contact #1: Supervisor name: Supervisor Company web site: Name: Company name: Company web site: Experience verification contact #2: Title: Phone: Name: Company name: Company web site: Experience verification contact #3: Title: Phone: Name: Company name: Company web site: Title: Phone: GRCSI may contact one or more of the persons listed above to verify your experience and the information provided in this application. 1 Your GRCSI ID is the same as the address that you used to create your profile. Page 4 of 11

5 Application for CRMP Certification (part 1) I hereby apply to GRCSI for certification as a Certified Risk Management Professional (CRMP) in accordance with and subject to the procedures and regulations of GRCSI. I have read and agreed to the conditions set forth in the application for CRMP certification and GRCSI continuing professional education (CPE) policy in effect at the time of my application, covering the certification process, and continuing education policies. I agree to denial or revocation of certification and to forfeiture of the relevant fees and redelivery of any certificate or other credential granted to me by GRCSI in the event that any of the statements or answers made by me in this application are false or in the event that I violate any of the rules or regulations governing the CRMP certification program. I authorize GRCSI to make whatever inquiries and investigations it deems necessary to verify my credentials and my professional standing. I understand that this application and any information or material received or generated by GRCSI in connection with my certification will be kept confidential and will not be released unless I have authorized such release or such release is required by law. The fact that I am or am not, or have or have not been, certified is a matter of public record and may be disclosed. I hereby agree to hold GRCSI, its officers, directors, examiners, employees, members, volunteers and agents, harmless from any complaint, claim, or damage arising out of any action or omission by any of them in connection with this application; the application process; the failure to issue me any certificate; or any demand for forfeiture or redelivery of such certificate. Notwithstanding the above, this agreement shall be construed and interpreted in accordance with the laws of the Province of Quebec. Any disputes arising under this agreement shall be resolved in a court of competent jurisdiction located in Montreal, in the province of Quebec, Canada. I understand that the decision as to whether I qualify for any certification offered by GRCSI rests solely and exclusively with GRCSI, and that the decision of GRCSI is final. I have read and understand these statements and intend to be legally bound by them. Signature Date Page 5 of 11

6 If you wish to substitute up to one year of the required eight (8) years of experience in risk management for other management experience, please write 200 to 300 words describing the job and tasks that were performed, and any relevance they have to risk management. If you wish to substitute up to three (3) years of the required eight (8) years of experience in risk management for certifications and designations held, please list them below and include the certification name, number, issuance date, and expiration date. If you hold a post graduate degree (Masters or PH.D) in a risk related field, and wish to substitute up to two (2) years of the required eight (8) years of risk management experience, please provide details below: Degree held: Institution name: Date of graduation / degree granted: Page 6 of 11

7 Risk Management Body of knowledge (RMBoK) I. Manage assets A. Identify assets B. Classify and categorize assets C. Assign ownership and custodianship of assets II. Manage threats & vulnerabilities A. Identify threats & vulnerabilities B. Classify and categorize threats & vulnerabilities C. Assess threats & vulnerabilities III. Manage Risk A. Understand risk management concepts, principals, & objectives B. Evaluate risk management frameworks, models, & standards C. Evaluate risk profiles D. Determine & assess risks 1. Understand Qualitative assessments 2. Understand Quantitative assessments 3. Assess risk methods & tools E. Assess risk treatment methods & controls 1. Evaluate risk treatment methods 2. Evaluate and select controls F. Establish roles and responsibilities G. Document the risk management effort 1. Develop and maintain Risk Management Plans (RMP) 2. Develop and maintain Business Impact Analyses (BIA) 3. Develop and maintain Business Continuity Plans (BCP) 4. Develop and maintain Disaster Recovery Plans (DRP) 5. Track ongoing efforts H. Address risk communication 1. Use risk reporting mechanisms I. Implement Incident Management 1. Plan and prepare for incident response 2. Investigate incidents 3. Contain incidents 4. Restore and follow-up J. Measure the effectiveness of risk management efforts IV. Implement Governance, Compliance & Process Improvement A. Understand organizational structure and processes B. Understand ethical and privacy constraints C. Implement policies, standards, procedures, and guidelines D. Define governance roles and responsibilities E. Understand contractual constraints F. Understand legislative constraints G. Understand privacy constraints H. Understand regulatory constraints I. Manage awareness education & training Page 7 of 11

8 This form must be completed for each job that an applicant has held in the past eight (8) years. Employer company name: Job title: Supervisor name: Supervisor Supervisor phone: Employment start date: Employment end date: Total months of experience: May GRCSI contact your supervisor to verify this information (YES / NO)? Place an X below each domain job task area from the Risk Management Body of Knowledge that corresponds to your job tasks and/or the experience that you gained during the employment period being reviewed. Work domain I experience: Work domain II experience: Work domain III experience: D E F G H I J Work domain IV experience: D E F G H I Write 250 to 500 words describing your risk management experience in this position. Page 8 of 11

9 This form must be completed for each job that an applicant has held in the past eight (8) years. Employer company name: Job title: Supervisor name: Supervisor Supervisor phone: Employment start date: Employment end date: Total months of experience: May GRCSI contact your supervisor to verify this information (YES / NO)? Place an X below each domain job task area from the Risk Management Body of Knowledge that corresponds to your job tasks and/or the experience that you gained during the employment period being reviewed. Work domain I experience: Work domain II experience: Work domain III experience: D E F G H I J Work domain IV experience: D E F G H I Write 250 to 500 words describing your risk management experience in this position. Page 9 of 11

10 This form must be completed for each job that an applicant has held in the past eight (8) years. Employer company name: Job title: Supervisor name: Supervisor Supervisor phone: Employment start date: Employment end date: Total months of experience: May GRCSI contact your supervisor to verify this information (YES / NO)? Place an X below each domain job task area from the Risk Management Body of Knowledge that corresponds to your job tasks and/or the experience that you gained during the employment period being reviewed. Work domain I experience: Work domain II experience: Work domain III experience: D E F G H I J Work domain IV experience: D E F G H I Write 250 to 500 words describing your risk management experience in this position. Page 10 of 11

11 This form must be completed for each job that an applicant has held in the past eight (8) years. Employer company name: Job title: Supervisor name: Supervisor Supervisor phone: Employment start date: Employment end date: Total months of experience: May GRCSI contact your supervisor to verify this information (YES / NO)? Place an X below each domain job task area from the Risk Management Body of Knowledge that corresponds to your job tasks and/or the experience that you gained during the employment period being reviewed. Work domain I experience: Work domain II experience: Work domain III experience: D E F G H I J Work domain IV experience: D E F G H I Write 250 to 500 words describing your risk management experience in this position. If you need more than the four pages provided in this form, please print copies and append them to your application. Page 11 of 11