CRISC - Certified in Risk and Information Systems Control
Validate your skills in enterprise risk management and become a true strategic security partner for your organization
Becoming a CRISC Professional, Certified Certified Information Systems Control, means being able to defend, protect and sustain your organization.
CRISC certification is the most recent and rigorous assessment available to assess candidates' risk management competency; it is aimed at all IT professionals, and more particularly security specialists, business analysts, project managers, and those in charge of corporate compliance.
Obtaining CRISC certification confirms that you have the knowledge and expertise to help companies understand business risks. It also validates the technical knowledge required to implement the appropriate information system (IS) controls.
Prerequisites
Once you have passed the CRISC exam you have 5 years in which to apply for the CRISC certification, you must have three or more years of professional experience in risk management and the relevant job practice areas. Any experience will be independently verified with employers. This experience must have been acquired within the ten-year period preceding the date of the application for certification or within five years of the successful completion of the examination.
About the CRISC exam
The ISACA CRISC exam is an MCQ with 150 questions based on the following 4 areas:
- IT Risk Identification (27%)
- IT Risk Assessment (28%)
- Risk Response and Mitigation (23%)
- Risk and Control Monitoring and Reporting (22%)
The exam is 4 hours in duration and needs to be scheduled via an approved PSI Center. This can be done via the PSI testing site https://isacaavailability.psiexams.com/.
Please note : The CRISC exam is only available in English however a glossary of terminology is provided by ISACA on their website in multiple languages.
Recommended training
CRISC | Preparation for CRISC (Certified in Risk and Information Systems Control) Certification |
Recertification
To maintain your CISA certification, the Continuing Professional Development (CPE) program requires the validation of at least 20 hours of CPE per year and 120 hours of CPE every three years.