Certified in Risk and Information Systems Control (CRISC)

Introduced in 2010, the CRISC certification is for IT and business professionals—including risk and compliance professionals, business analysts and project managers—who identify and manage risks through the development, implementation and maintenance of appropriate information systems (IS) controls. More than 17,000 professionals have earned the CRISC designation since inception. CRISC retention is more than 93 percent.

The CRISC is designed for IT and business professionals who identify and manage risks through the development, implementation and maintenance of appropriate IS controls

Across the globe, CGEIT holders command greater recognition in the marketplace and influence at the executive level which means:


The CGEIT certification was specifically developed for IT and business professionals who have significant management, advisory, or assurance roles relating to the governance of enterprise IT, including :

IS/IT Directors IS/IT Managers IS/IS Consultants IT Governance Professionals


  • More than 3,900 serve as audit directors, managers or consultants.
  • Nearly 3,500 are employed as security directors, managers or consultants.
  • More than 3,200 are employed in managerial, consulting or related positions in IT operations or compliance.
  • Nearly 2,100 are IT directors, managers or consultants.
  • More than 1,300 are CIOs, CISOs, or chief compliance, risk or privacy officers.
  • More than 600 CRISCs are CEOs, CFOs or equivalent executives.
  • More than 400 serve as chief audit executives, audit partners or audit heads.

The CRISC exam is offered twice a Year i.e. June and December and consists of 150 objective type questions which are to be completed in a 4 hour duration.

The Benefits of CRISC

  • Demonstrate your ability to understand risk and control from a business perspective.
  • Provide input to make effective risk-based decisions and prioritize resources to areas that are most at risk.
  • Enable information systems control design and implementation, and control monitoring and maintenance.
  • Affirms your ability to plan and implement appropriate control measures and frameworks that further mitigate enterprise risk without stifling innovation.
  • establish a common language to communicate within IT and to stakeholders throughout the enterprise about risk.

CRISC Impacts Your Career and Your Organization

CRISC is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute. Those who earn CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls.

For the Professional, CRISC Certification Provides:

  • Denotes a prestigious, lifelong symbol of knowledge and expertise as a risk professional
  • Increases your value to your organization as it seeks to manage IT risk
  • Gives you a competitive advantage over peers when seeking job growth
  • Gives you access to ISACA's global community of knowledge and the most up-to-date thinking on IT risk management
  • Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct

Why Employers Hire CRISCs

CRISCs bring additional professionalism to any organization by demonstrating a quantifiable standard of knowledge, pursuing continuing education, and adhering to a standard of ethical conduct established by ISACA.

CRISC employees:

  • Build greater understanding about the impact of IT risk and how it relates to the overall organization
  • Assure development of more effective plans to mitigate risk
  • Establish a common perspective and language about IT risk that can set the standard for the enterprise

How to Become CRISC Certified- 2015 exam and later

To earn the CRISC designation, candidates are required to:

Preparing for the CRISC exam

ISACA Bangalore chapter enables you to prepare for the exam. Regular weekend classes and crash courses are conducted at the Bangalore Chapter. See the Review Classes page for more information and/or Write to chapter@isacabangalore.org for more information.

For a list of frequently asked questions, click FAQ's

Taking the CRISC exam

The CRISC exam is offered twice a year i.e. June & December and is usually held on the second sunday of the respective months. The exam comprises 150 questions and is to be taken within a four hour time frame. For more details about the exam, please click here

For a list of frequently asked questions, click FAQ's

The CRISC certification is gaining popularity globally and is raking in recognitions

  1. The Australian Signals Directorate listed CRISC as a prerequisite for itsInformation Security Registered Assessor Program.
  2. CRISC is listed among the highest-paying certifications in the Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI) for 1 July 2013 – 1 October 2013. CRISC was also noted for earning above-average pay premiums that have been growing at an above-average rate for the last six months.
  3. SC Magazine selected CRISC as the 2013"Best Professional Certification Program" in the Professional Awards category. CRISC was a finalist in 2012.
  4. CRISC was listed as the second-highest-paying certification in the 2012 IT Skills and Salary Surveyby Global Knowledge andTechRepublic.
  5. The State of West Virginia Office of Information Security and Controls used the five CRISC domains and task statements to develop a checklist for use in risk assessments for HIPAA compliance.

CRISC In the News

Make the most of your relatioship with ISACA

Become a Member