What is CRISC?
CRISC stands for Certified in Risk and Information Systems Control. It is a credential focused on enterprise IT risk management (ITRM). The CRISC accreditation is based on the latest practices and body of knowledge to manage and mitigate risks and threats across various facets in the enterprise business landscape. The ISACA website states CRISC as “the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.”
Why is CRISC certification important?
CRISC focuses on corporate governance and enhanced business resilience in enterprise IT risk management. It offers employers assurance that the IT team is applying governance best practices and taking a proactive and agile approach to ITRM. CRISC demonstrates a person’s ability to build a well-defined, agile risk-management program while using best practices to identify, analyze, evaluate, assess, prioritize and respond to risks.
Who needs a CRISC credential?
The CRISC certification focuses on four key work-related domain areas including: governance, IT risk assessment, risk response and reporting, and information technology and security. The credential is tailored for mid-career information technology, information systems, audit, risk and security professionals.
Common professional roles for CRISC include:
- Business analysts
- Compliance professionals
- Control professionals
- IT professionals
- Project managers
- Risk professionals
How to get CRISC certified
To gain CRISC certification, you must pass the exam within 5 years, have relevant full-time work experience in the areas stated in the exam content outline, and submit your CRISC certification application.
Who is the certifying association
CRISC is offered through the Information Systems Audit and Control Association (ISACA). ISACA is an international professional association for information technology and information security professionals.
Requirements to stay certified
ISACA has a continuing professional education (CPE) policy to ensure that all CRISCs maintain an adequate level of current knowledge and proficiency in the field. The policy states an annual minimum of 20 CPE credits, plus maintenance fees.