ISACA's Certified in Risk and Information Systems Control (CRISC®) is the only credential focused on enterprise IT risk management. The content is based on the latest work practices and knowledge to keep certification holders ahead of the game in tackling real-world threats in today’s business landscape. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyse, evaluate, assess, prioritise and respond to risks. This enhances benefits realisation and delivers optimal value to stakeholders.
The CRISC exam is four hours in duration, contains 150 multiple-choice questions, and covers four areas called domains. Each domain is further detailed through supporting tasks. Read on below for the domains and their weightings.
A copy of ISACA’s Exam Candidate Guide can be downloaded here.
As well as passing the CRISC exam, there are additional criteria for certification. For example, a candidate must submit evidence of at least three years of professional experience in IT risk
management and IS control. If a candidate does not have the required experience, this may still be gained within five years after originally passing the CRISC exam. Please see the full additional criteria detailed on ISACA’s website.