Your browser is incompatible with this site. Upgrade to a different browser like Google Chrome or Mozilla Firefox to experience this site.
CRISC - Certified in Risk and Information Systems Control
Propel your career with CRISC certification and build greater understanding of the impact of IT risk and how it relates to your organization.
Types of risk may vary, but with its key role as an agent of innovation, technology has become the most critical risk factor for today’s enterprises. Since, conducting a risk assessment is not something a typical information technology education includes, many IT professionals are lacking in knowledge that businesses increasingly deem integral to their future success.
The CRISC designation demonstrates the holder is able to identify and evaluate IT risk and help their enterprise accomplish its business objectives. Since its inception in 2010, more than 20,000 professionals worldwide have earned the CRISC to affirm their business and IT risk management competence, and their ability to design, implement, monitor and maintain effective, risk-based information systems controls.
- CRISC certification ensures you are recognized as a professional with the skills and experience to provide value and insight from an overall organizational perspective on both IT risk and control.
- One of the key CRISC domains focuses on the organizational framework for managing and mitigating risk across business processes and technology.
- CRISC holders are able to establish a common language to communicate within IT and to stakeholders throughout the enterprise about risk.
- With CRISC certification, your enterprise can rely on your input to make effective risk-based decisions and prioritize resources to areas that are most at risk.
- With the CRISC certification you will understand information systems control design and implementation and control monitoring and maintenance.
- CRISC certification affirms your ability to plan and implement appropriate control measures and frameworks that further mitigate enterprise risk without stifling innovation.
Certified in Risk and Information Systems Control (CRISC)
Domain 1 – Information Security Governance (24%)
Domain 2 – Information Risk Management (30%)
Domain 3 – Information Security Program Development and Management (27%)
Domain 4 – Information Security Incident
- All ISACA certification exams consist of 150 multiple choice questions that cover the respective job practice areas created from the most recent job practice analysis.
- You have 4 hours to complete the exam.
The CRISC continuing professional education (CPE) policy requires that you attain at least 20 CPE hours per year and 120 CPE hours every three years.
Visit the ISACA website for additional detail.