CDRP® - Certified Data Centre Risk Professional

CDRP® - Certified Data Centre Risk Professional


The primary audience for this course is any IT, facilities or data centre operations professional who works in and around the data centre and who has the responsibility to achieve and improve the availability and manageability of the data centre. This represents both end-customers and/or service providers/facilitators. It is highly recommended for Data Centre Managers, Operations/ Floor/Facility Managers, IT Managers, Information Security Managers, Security Professionals, Auditors, Risk Managers/Professionals responsible for IT/corporate governance.


There is no specific prerequisite for the CDRP® course. However, participants who have at least three years' experience in a data centre and/or IT infrastructures will be best suited. This experience may come from a business or IT background where the participant has knowledge of both environments, and understands the mission of their organisation. Attendance of CDCP® - Certified Data Centre Professional is beneficial.


2 days.

This class is taught virtually, please click here for more information about our virtual courses.

Course Objectives

Risk management is the process of identifying vulnerabilities and associated threats, followed by estimating the level of risk and its impact on the organisation. Based on international standards (ISO/IEC27001) and guidelines (ISO/IEC 27005, NIST800-30, ISO/IEC 31000), the Certified Data Centre Risk Professional course is designed to expose attendants to the overall risk management process. Focus is on the data centre infrastructure, the physical data centre facility and equipment. The attendant will learn how to identify and quantify risk in their organisation, creating the ability to reduce the risk to a level acceptable for the organisation to allow them to make sound investment decisions based on facts rather than emotions. CDRP® is a must for every organisation that wants to manage their risk without over spending.

After completion of the course the participant will be able to:

  • Understand the different standards and methodologies for risk management and assessment
  • Establish the required project team for risk management
  • Perform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat catalogues
  • Report on the current risk level of the data centre both quantitative and qualitative
  • Anticipate and minimise potential financial impacts
  • Understand the options for handling risk
  • Continuously monitor and review the status of risk present in the data centre
  • Reduce the frequency and magnitude of incidents
  • Detect and respond to events when they occur
  • Meet regulatory and compliance requirements
  • Support certification processes such as ISO/IEC 27001
  • Support overall corporate and IT governance

Course Content

Introduction to Risk Management
Risk management concepts
Senior management and risk
Enterprise Risk Management (ERM)
Benefits of risk management

Data Centre Risk and Impact
Risk in facility, power, cooling, re suppression, infrastructure and IT services
Impact of data centre downtime
Main causes of downtime
Cost factors in downtime

Standards, Guidelines and Methodologies
ISO/IEC 27001:2013, ISO/IEC 27005:2011, ISO/IEC 27002:2013
NIST SP 800-30
ISO/IEC 31000:2009
Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)

Risk Management Definitions
Information processing facility
Information security
Risk analysis/Risk assessment/Risk evaluation/Risk treatment
Types of risk

Risk Assessment Software
The need for software

Risk Management Process
The risk management process
Establishing the context
Communication and consultation
Monitoring and review

Project Approach
Project management principles
Project management methods
Cost estimate methods

Context Establishment
General considerations
Risk evaluation, impact and acceptance criteria
Severity rating of impact
Occurrence rating of probability
Scope and boundaries
Scope constraints
Roles & responsibilities
Training, awareness and competence

Risk Assessment - Identification
The risk assessment process
Identification of assets
Identification of threats
Identification of existing controls
Identification of vulnerabilities
Identification of consequences
Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences

Risk Assessment - Analysis and Evaluation
Risk estimation
Risk estimation methodologies
Assessment of consequences
Assessment of incident likelihood
Level of risk estimation
Risk evaluation
Hands-on exercise: Assessment of consequences, probability and estimating level of risk

Risk Treatment
The risk treatment process steps
Risk Treatment Plan (RTP)
Risk modification
Risk retention
Risk avoidance
Risk sharing
Constraints in risk modification
Control categories
Control examples
Cost-benefit analysis
Control implementation
Residual risk

Effective communication of risk management activities
Benefits and concerns of communication

Risk Monitoring and Review
On-going monitoring and review
Criteria for review

Risk scenarios
Risk assessment approach
Data centre site selection
Data centre facility
Cloud computing
UPS scenarios
Force majeure
Organisational shortcomings
Human failure
Technical failure
Deliberate acts

Sample questions
Self-study (time permitted)


Attendees will take a 1 hour Certified Data Centre Risk Professional exam. The exam is 40 questions, closed book and multiple choice based. The passing mark is 27 out of 40. Attendees passing the exam will be awarded the internationally accredited and recognized 'Certified Data Centre Risk Professional' certificate (CDRP).

The CDRP certificate is valid for 3 years, after which recertification is required.

CDRP is world-wide accredited by EXIN.

Virtual Courses

ALL of our courses can be delivered virtually. And our Bath public schedule of courses are now available as live virtual sessions, using the popular Zoom Virtual Classroom and remote labs. Delegates can test their access at:

Public Courses

There are no upcoming events

On-Site Courses

Can't attend one of our public classes? Booking for multiple people?

All our courses are available on your site! Delivered for your staff, at your premises.

Contact us to find out more...