Skip to main Content

CRISC - Certified in Risk and Information Systems Control

Validate your skills in enterprise risk management and become a true strategic security partner for your organization

Becoming a CRISC Professional, Certified Certified Information Systems Control, means being able to defend, protect and sustain your organization.

CRISC certification is the most recent and rigorous assessment available to assess candidates' risk management competency; it is aimed at all IT professionals, and more particularly security specialists, business analysts, project managers, and those in charge of corporate compliance.
Obtaining CRISC certification confirms that you have the knowledge and expertise to help companies understand business risks. It also validates the technical knowledge required to implement the appropriate information system (IS) controls.


Once you have passed the CRISC exam you have 5 years in which to apply for the CRISC certification, you must have three or more years of professional experience in risk management and the relevant job practice areas. Any experience will be independently verified with employers. This experience must have been acquired within the ten-year period preceding the date of the application for certification or within five years of the successful completion of the examination.

About the CRISC exam

The ISACA CRISC exam is an MCQ with 150 questions based on the following 4 areas:

  • IT Risk Identification (27%)
  • IT Risk Assessment (28%)
  • Risk Response and Mitigation (23%)
  • Risk and Control Monitoring and Reporting (22%) 

The exam is 4 hours in duration and needs to be scheduled via an approved PSI Center. This can be done via the PSI testing site
Please note: The CRISC exam is only available in English however a glossary of terminology is provided by ISACA on their website in multiple languages

Recommended Training

Exam Training Course
CRISC Preparation for CRISC (Certified in Risk and Information Systems Control) Certification


To maintain your CISA certification, the Continuing Professional Development (CPE) program requires the validation of at least 20 hours of CPE per year and 120 hours of CPE every three years.

More Information

Please contact us for more details about this or any of the ISACA certifications or training courses.