What is CRISC certification?
CRISC is a globally recognised certification that validates your ability to design, implement and maintain information security programmes that protect against risks.
Professionals who earn the CRISC certification have demonstrated their ability to identify and manage risks throughout the enterprise.
The CRISC certification is offered by ISACA®, a global professional association focused on information security, assurance and governance.
Is CRISC a good certification?
CRISC is an excellent certification if you are looking to further your career in the information security field. It can help you become a more well-rounded security professional and make you more attractive to potential employers by demonstrating your knowledge and skills in identifying, assessing and responding to risk.
Is CRISC difficult?
The CRISC exam is challenging, especially compared to other certification exams. This is because it covers a wide range of topics and requires a solid understanding of risk management concepts.
What are the requirements for the CRISC qualification?
The CRISC qualification is awarded to candidates with at least three years of relevant work experience who pass a rigorous written examination.
ISACA defines four CRISC domains on which you will be examined:
- Domain 1 - Governance (26% of exam)
- Domain 2 - IT Risk Assessment (20% of exam)
- Domain 3 - Risk Response and Reporting (32% of exam)
- Domain 4 - Information Technology and Security (22% of exam)
For more information, please see the official ISACA CRISC certification web page.
How do you pass the CRISC exam at the first attempt?
We recommend the following actions:
- Check that you have the relevant three years of work experience or will gain this experience within the next three years.
- Purchase your training and exam here.
- Register and schedule your exam with ISACA.
- Plan a self-study programme that covers all the key knowledge domains.
- Attend our CRISC exam preparation training course 2–4 weeks before you sit the exam.
How to register and schedule the CRISC exam
The CRISC exam is offered via a CBT (computer-based testing) session, which is available online or at a PSI exam centre all year round. All candidates must first register online direct with ISACA. They will then receive email instructions on how to schedule an exam appointment.
CPE (Continuing Professional Education)
There is a CPE policy in respect of qualified CRISC professionals. Its goal is to ensure that all CRISCs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
CRISCs who successfully comply with the continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organisations.
The responsibility for setting the continuing professional education requirements rests with the CRISC Certification Board, which oversees the continuing professional education process and requirements to ensure their applicability.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed 3-year period.
Please see the Maintain CRISC Certification page on the ISACA website for further details.
Get in touch
If you are an IT professional looking to advance your career with the CRISC qualification but have some questions, call our training team on +44 1474 55 66 85, or request a call back using the form below. Our experts are ready and waiting with practical advice.