CRISC Certification : Certified in Risk and Information Systems Control

What is CRISC Certified in Risk and Information Systems Control ?

The CRISC (Certified in Risk and Information Systems Control) certification, awarded by ISACA (formerly Information Systems Audit and Control Association), represents a globally recognized standard among audit professionals, the control, governance and security of information systems. It demonstrates the expertise and ability to identify, assess, manage and control IT risks within an organization.

This cybersecurity certification encompasses four key areas :

• Information systems governance : Understand and apply the principles, structures and processes necessary for effective information systems governance, consistent with the strategic objectives and regulatory constraints of the company.

• IT Risk Assessment : Identify, analyze and assess the risks associated with information systems, taking into account the context of the organization and emerging factors such as artificial intelligence.

• Risk response and reporting : Develop, implement and monitor risk mitigation action plans and measures, while ensuring effective communication of results and recommendations to stakeholders.

• Information systems security and control : Ensure the availability, integrity, confidentiality and compliance of information systems, following security and control standards, policies, procedures and best practices.

‍

The CRISC certification is intended for IT and security professionals, such as auditors, consultants, managers, analysts, engineers or system administrators, whose mission is to manage and control IT risks within their organization. It is considered an indicator of quality and competence in the field of IT risk management.

Obtaining the CRISC certification can not only strengthen your professional credibility and enhance your profile, but also promote your career development and potentially increase your remuneration.

Which organizations offer CRISC certification ?

The CRISC (Certified in Risk and Information Systems Control) certification is internationally recognized. Several organizations offer this certification, and we will present the main ones, detailing their conditions and benefits.

ISACA

ISACA, originally named the Information Systems Audit and Control Association, was the founding body of the CRISC certification in 2010. It updates and promotes it. With more than 150,000 members in more than 180 countries, ISACA also offers other prestigious information and security certifications, such as CISA, CISM, CGEIT and CSX.

To obtain CRISC certification through ISACA, candidates must :

• Pass the CRISC exam, consisting of 150 multiple-choice questions covering the four areas of certification. The four-hour exam can be done online or at an authorized centre. You must get at least 450 points out of 800 to pass.

• Have at least three years of professional experience in at least two of the four areas of certification, including at least one year in information systems governance. This experience must have been acquired within the ten years preceding the application or within five years of passing the examination.

• Adhere to the ISACA Code of Professional Ethics and adhere to the standards of conduct and professional practice related to CRISC certification.

• Pay the certification fee, which is $50 for ISACA members and $85 for non-members.

• Submit an application for certification online, providing proof of professional experience and passing the exam.

‍

Obtaining CRISC certification from ISACA confers recognition and credibility on a global scale, attesting to your expertise in IT risk management. You will also have access to professional development resources and opportunities, as well as an extensive professional network.

ISACA partner organizations

For those who prefer accompanied preparation, ISACA partner organizations offer preparatory training. These accredited training centres provide courses, course materials and white exams aligned with the content and format of the CRISC exam.

These organizations also assist you in the preparation of your certification file and the validation of your professional experience.

Many partner organizations, offering online or face-to-face training at various rates, are available. You can find the list of partner organisations on the ISACA website or by searching on the internet for the terms "CRISC training" or "CRISC preparation". Here are some partner organizations in France :

• Global Knowledge : propose une formation CRISC de quatre jours, disponible en ligne ou en présentiel, pour 2 295 euros HT.

• Orsys : offre une formation CRISC de cinq jours, en ligne ou en présentiel, pour 3 150 euros HT.

• IT-Gnosis : met à disposition une formation CRISC de cinq jours, en ligne ou en présentiel, pour 2 500 euros HT.

‍

By taking preparatory training at an ISACA partner organization, you receive personalized support to strengthen your knowledge, prepare effectively for the exam and maximize your chances of success. Qualified trainers will provide experience and advice throughout your certification process.

What are the specific CRISC certification requirements for my industry ?

Designed for information and security professionals, the CRISC (Certified in Risk and Information Systems Control) certification aims to equip them with the skills necessary to manage and control IT risks within their organization. However, depending on your industry, specific requirements may apply, influencing your decision to pursue CRISC certification. Here we will explore the sectors mainly concerned by CRISC certification, highlighting their peculiarities and the benefits of this certification for each.

The financial sector

Particularly vulnerable to IT risks, the financial sector processes data of a sensitive nature, where a security breach can seriously affect the reputation, performance and compliance of the organization. Professionals in the sector must master the management of IT risks, taking into account specific regulations such as the European PSD2 directive, the GDPR, or the standards of the Basel committee.

The CRISC certification is valuable to these professionals, enabling them to prove their competence in IT risk management principles, frameworks and processes, while aligning with the strategic and regulatory objectives of their organization. It also strengthens their credibility and trust with various stakeholders.

The public sector

The public sector, which manages personal, confidential or strategic information, is also strongly impacted by IT risks. These sensitive data relate to national security, defence, health, education or justice. Professionals in this sector must manage these risks by considering the legal, ethical and social obligations, as well as the expectations of citizens and partners.

Obtaining CRISC certification allows them to demonstrate their ability to effectively identify, assess, manage and control IT risks, taking into account the unique context of the public sector. This certification values their professionalism and ethics, thus contributing to the improvement of the quality and efficiency of public services.

The industrial sector

With the evolution towards Industry 4.0, the industrial sector is increasingly relying on information technologies, integrating the Internet of Things, cloud computing, robotics, artificial intelligence and augmented reality. Challenges for information and security professionals in this sector include performance, innovation, competitiveness and security. They must take into account specific standards such as ISO 9001, ISO 14001 or ISO 27001.

CRISC certification is essential, demonstrating their ability to manage and control IT risks adapted to the specificities and opportunities of Industry 4.0. It strengthens their competitiveness, innovation, security and compliance of industrial information systems.

What are the steps to obtain a CRISC certification ?

Obtaining CRISC (Certified in Risk and Information Systems Control) certification is a great way to enhance your IT risk management skills. If you are wondering how to obtain this certification, discover here the essential steps, the deadlines and the associated costs.

This guide will provide you with an overview of the key steps to successfully complete your CRISC certification, along with practical tips to facilitate your journey.

Step 1 : Register for the CRISC exam

The first thing to do is to register for the CRISC exam, which is mandatory for certification. The four-hour exam consists of 150 multiple-choice questions covering four key areas : information systems governance, IT risk assessment, risk management and information systems control. It is possible to spend it online or at an authorized center.

You have to reach at least 450 points out of 800 to succeed. To register, go to the ISACA website, create a personal account, choose the date and place, and pay the registration fee. These vary depending on your ISACA membership status and registration period :

It is recommended to register early to save on fees and have enough time to prepare. CRISC exams are offered three times a year : in May, August, and December.

Step 2 : Prepare for the CRISC exam

CRISC exam preparation is a demanding test. Several resources are available :

• The CRISC revision manual, a complete guide available in digital or paper.

• The database of questions, answers and explanations CRISC, to train online.

• The CRISC online review course, offering interactive lessons and additional resources.

• Preparatory training with an ISACA partner organization, for personalized support.

‍

Regardless of the method chosen, serious and regular preparation, based on the official program and practical exercises, is recommended.

Step 3 : Take the CRISC Exam

Taking and passing the CRISC exam is the final step. Be sure to follow the instructions, including :

• Arrive 30 minutes before with valid ID.

• Do not bring personal items into the examination room.

• Avoid any form of communication or fraud during the exam.

• Manage your time effectively without the possibility of a break.

• Review your answers before submitting the exam.

‍

An interim report will be provided to you at the end of the exam, and the final result will be emailed to you within 10 business days. If successful, you can then apply for your CRISC certification. If you fail, you can try again after 48 hours.

How much does a CRISC certification cost ?

Obtaining CRISC (Certified in Risk and Information Systems Control) certification validates your IT risk management skills. You’re probably wondering what the budget is for that certification. We detail here the cost associated with CRISC certification and propose strategies to reduce or finance it.

The cost of CRISC certification consists of two main components :

Registration fees for the CRISC exam

Fees that vary depending on your ISACA membership and when you register. For the early registration period, the fee is $575 for ISACA members and $760 for non-members. For the standard registration period, the fee is $675 for ISACA members and $860 for non-members. Finally, for the late registration period, the fee is $775 for ISACA members and $960 for non-members.

Certification fees

This fee is $50 for ISACA members and $85 for non-members, to be paid once the CRISC exam is passed and the professional experience justified.

The total cost of CRISC certification is therefore approximately $725 for ISACA members and $825 for non-members, without including additional expenses related to exam preparation materials and resources, which vary according to the selected options (revision guides, question databases, online courses, preparatory training, etc.).

To reduce the cost of CRISC certification, consider the following options :

• Join ISACA to benefit from preferential rates on registration and certification fees, as well as on preparation materials. ISACA membership costs $135 annually, with an initial registration fee of $10 and local dues that vary by chapter.

• Register early for the CRISC exam to take advantage of the preferential rate. Registration at least three months before the exam date is recommended.

• Effectively prepare the CRISC exam to maximize your chances of success the first time, avoiding the additional costs associated with a retake of the exam. Rely on the official program and practice with multiple choice questions.

To finance the cost of CRISC certification, several options are possible :

• Ask for support from your employer, as part of a training or vocational retraining plan, highlighting the benefits of certification for the company.

• Use your personal training account (CPF) if the CRISC certification is eligible and your balance is sufficient.

• Look for financial support from public or private organizations, which may offer grants, scholarships, or loans, according to various criteria. Prepare a solid case to increase your chances.

‍

The cost of CRISC certification varies according to several factors, but strategies exist to reduce or finance it, making this certification more affordable and advantageous.

What is the deadline for obtaining CRISC certification ?

After passing the CRISC (Certified in Risk and Information Systems Control) exam, you’re probably wondering how long it will take to get your CRISC certification, a testament to your IT risk management skills. What factors can influence this delay and are there ways to accelerate it? We will explore the average time it takes to achieve this certification and how you can optimize this process.

The process to obtain CRISC certification is divided into two main steps :

• The first step is to submit your application for certification, to be completed within five years of passing the CRISC exam. You must complete an online form, provide proof of your professional experience and adhere to the ISACA Code of Ethics and Standards of Conduct. The certification fee is $50 for ISACA members and $85 for non-members.

• The second step is waiting for your certification, which can take eight to ten weeks after the application is submitted. ISACA verifies the information submitted and sends you a confirmation email once your request is approved. You will then receive your CRISC certificate by mail, accompanied by a welcome kit with information on maintaining and renewing your certification.

‍

On average, the total time to obtain CRISC certification is about five years and two months, taking into account the preparation and passing of the exam, the submission of the application and the receipt of the certification. This period may vary depending on :

• Your availability and ability to take the CRISC exam and submit your certification application quickly, based on your schedule, budget and career goals.

• The complexity of your file, which may require more verification by ISACA, depending on the nature, duration and diversity of your professional experience, as well as the quality and reliability of the evidence provided.

• Unforeseen events in the certification process, which may cause delays or errors in the processing of your application or in the sending of your certificate, due to technical, logistical or administrative problems.

To speed up CRISC certification, here are some tips :

• Plan your certification journey by setting realistic and motivating deadlines, taking into account the examination sessions and deadlines set by ISACA.

• Prepare your certification file by gathering all the documents and information necessary to prove your professional experience and your success in the CRISC exam. Ensure accuracy and consistency and have them validated by an independent auditor.

• Follow the progress of your certification file by regularly consulting the status of your application on the ISACA website, responding to any requests for clarification or additional information and reporting any problems or anomalies.

‍

The time to obtain CRISC certification varies depending on the time it takes to prepare and pass the exam, the time it takes to submit the application and the time it takes to receive the certification. However, by following the tips above, you can reduce this time and make it easier to obtain your CRISC certification.

Is there a renewal to be done regarding the CRISC certification ?

If you hold CRISC (Certified in Risk and Information Systems Control) certification, you are recognized for your expertise in IT risk management. Is this certification permanent or requires renewal? Let’s discover together the conditions and steps to renew the CRISC certification and how to continue to sharpen your IT risk management skills.

We will explain how to renew your CRISC certification and best practices to achieve it.

The renewal of CRISC certification includes two major aspects :

• Maintenance of certification : This involves following the ISACA continuing education requirements to ensure that CRISC certification holders maintain an adequate level of knowledge and skills. Acquire and report at least 20 hours of continuing education each year, with a total of 120 hours over three years. These hours must be relevant to maintaining or improving the skills related to CRISC certification. They may also count towards other ISACA certifications, if the activities are relevant. Pay the annual maintenance fee: $45 for ISACA members and $85 for non-members. Adhere to the ISACA Code of Ethics and professional practice standards related to CRISC certification.

• Recertification : This requires taking the CRISC exam every five years to demonstrate that you are up-to-date with developments in the field. This renewal is mandatory for those who obtained their certification after August 2021. Those who obtained it before this date can choose to renew or not their certification.

‍

The renewal of the CRISC certification is an ongoing commitment, requiring continuous training and taking the exam every five years. This process may vary depending on several elements :

• The date of certification, determining whether renewal is mandatory or optional.

• Membership or non-member status of ISACA, influencing the cost of the annual membership fee and registration for the renewal exam.

• Professional or volunteer activities, which can count as hours of continuing education according to certain criteria.

To facilitate the renewal of CRISC certification, here are some tips :

• Join or maintain your ISACA membership to benefit from reduced fees on exam fees and registration, as well as access to resources and continuing education.

• Plan your renewal journey by setting goals and deadlines for training hours, paying dues and registering for the renewal exam.

• Planifiez votre parcours de renouvellement en fixant des objectifs et des échéances pour les heures de formation, en payant les cotisations et en vous inscrivant à l’examen de renouvellement.

The renewal of CRISC certification requires an ongoing commitment to training and updating competencies every five years. Fortunately, strategies exist to simplify this process and make the renewal of CRISC certification more accessible and advantageous.