Skip to main Content

CISA - Certified Information Security Auditor

Demonstrate your ability to audit, control and secure your information system with the CISA Certified Information Security Auditor certification

The CISA Certified Information Security Auditor is a globally recognized certification designation for audit, assurance and security professionals. Being CISA certified highlights your knowledge, skills, and experience as an auditor, and demonstrates that you are able to assess vulnerabilities, report compliance, and implement controls within the organization.


Once you have passed the CISA exam you have 5 years in which to apply for the CISA certification, you must have five or more years of professional experience in the relevant job practice areas. Any experience will be independently verified with employers. This experience must have been acquired within the ten-year period preceding the date of the application for certification or within five years of the successful completion of the examination. You must also:
  • Adhere to the Code or Professional Ethics
  • Adhere to the Continuing Professional Education Program
  • Comply with the Information Systems Auditing Standards

At ISACA’s discretion it is possible to utilize some degrees to reduce the years of professional experience required. Full details can be found on the ISACA website.

About the CISA exam

The ISACA CISA exam is an MCQ with 150 questions based on the following 5 areas:
  • The process of Auditing Information Systems (21%)
  • Governance and Management of IT (16%)
  • Information Systems Acquisition, Development and Implementation (18%)
  • Information Systems Operation, Maintenance and Service Management (20%)
  • Protection of Information Assets (25%)

The exam is 4 hours in duration and needs to be scheduled via an approved PSI Center. This can be done via the PSI testing site
Please note: The CISA exam is only available in English however a glossary of terminology is provided by ISACA on their website in multiple languages.

Recommended Training

Exam Training Course
;CISAU Security: Preparing for CISA Security Auditor Certification


The CISA Continuing Professional Development Program (CPE) requires the validation of at least 20 hours of CPE per year and 120 hours of CPE every three years.

More details on the ISACA website.