ABOUT: The Certified in Risk and Information Systems Control (CRISC^®) certification, awarded by ISACA^®, is a globally recognized credential that demonstrates expertise in IT risk management and the design, implementation, and maintenance of information system controls. This certification validates your ability to manage risk and ensures your organization’s information systems are robust and secure.

CERTIFICATION BODY: ISACA^® (Information Systems Audit and Control Association), a global leader in IT governance, risk management, and cybersecurity certifications.

LEARNING OBJECTIVE: The CRISC^® certification aims to equip professionals with the skills and knowledge required to effectively identify, assess, and manage IT risks. It covers critical areas such as risk assessment, response strategies, and the implementation and monitoring of information system controls. The goal is to enhance your ability to contribute to business objectives by managing IT risks and ensuring the resilience and security of information systems.

EXAM INFORMATION:

• Format: Multiple-choice
• Number of Questions: 150
• Duration: 4 hours (240 minutes)
• Domains Covered:
  1. Governance (26%)
  2. IT Risk Assessment (20%)
  3. Risk Response and Reporting (32%)
  4. Information Technology and Security (22%)

RE-CERTIFICATION: To maintain CRISC certification, professionals must:

• Earn at least 20 Continuing Professional Education (CPE) credits annually and a total of 120 CPEs over a three-year period.
• Comply with ISACA’s Code of Professional Ethics.
• Pay an annual maintenance fee of $45 for members and $85 for nonmembers.
• Potentially participate in an Annual CPE Audit, which is selected randomly.