The CRISC qualification
Awarded by ISACA®, the Certified in Risk and Information Systems Control (CRISC) qualification is awarded to IT professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls.
What are the requirements for the CRISC qualification?
The Certified in Risk and Information Systems Control (CRISC) qualification is awarded to candidates with at least three years of relevant work experience who pass a rigorous written examination.
ISACA defines four CRISC domains on which you will be examined:
- Domain 1 - IT Risk Identification (27% of exam)
- Domain 2 - IT Risk Assessment (28% of exam)
- Domain 3 - Risk Response and Mitigation (23% of exam)
- Domain 4 - Risk and Control Monitoring and Reporting (22% of exam)
For more information, please see the official ISACA ‘How to Become CRISC Certified’ web page.
How do you pass the CRISC exam at the first attempt?
We recommend the following actions:
- Check that you have the relevant three years of work experience to qualify, or will gain this experience within the next five years.
- Register and schedule your exam direct with ISACA.
- Purchase the official ISACA study guides and textbooks.
- Plan a self-study programme that covers all the key knowledge domains.
- Attend an exam preparation training course a few days before you sit the exam.
How to register and schedule the CRISC exam
The CRISC exam has been offered via a computer-based testing (CBT) session, which is available all year round. All candidates must first register online direct with ISACA and pay for the examination in advance. They will then receive email instructions on how to schedule an exam appointment at a local PSI exam centre.
Continuing Professional Education (CPE)
There is a Continuing Professional Education (CPE) policy in respect of qualified CRISC professionals. The goal of this policy is to ensure that all CRISCs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security. CRISCs who successfully comply with the ‘continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organizations.’ The responsibility for setting the continuing professional education requirements rests with the CRISC Certification Board, which oversees the continuing professional education process and requirements to ensure their applicability.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period.
Please see the Maintain Your CRISC page on the ISACA website for further details.
Get in touch
If you’re an IT professional looking to advance your career with the CRISC qualification but have some questions, call our training team on
+353 (0) 1695 0411, or request a call back using the form below. Our experts are ready and waiting with practical advice.
Contact us