1. Successful completion of the CRISC examination

The examination is open to all individuals who have an interest in business and technology risk management as well as the development and implementation of IS controls. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score. For a more detailed description of the exam see the CRISC certification job practice. CRISC exam candidates should be familiar with the terminology and concepts described in ISACA’s intellectual property and other credible sources.

2. Risk management and information systems control experience

Certification is granted initially to individuals who have successfully completed the CRISC exam and meet the following work experience requirements in the fields of risk management and IS control. A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least three (3) CRISC domains is required for certification. There are no substitutions or experience waivers.

Once a CRISC candidate has passed the CRISC certification exam and has met the work experience requirements, the final step is to complete and submit the CRISC Application for Certification. Experience must have been gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the examination. Retaking and passing the examination will be required if the application for certification is not submitted within five years from the passing date of the examination. All experience must be verified independently with employers.

3. Adherence to the Code of Professional Ethics

Members of ISACA and/or holders of the CRISC designation agree to a Code of Professional Ethics to guide professional and personal conduct.

4. Adherence to the Continuing Professional Education (CPE) Policy

The objectives of the continuing education program are to:

• Maintain an individual's competency by requiring the update of existing knowledge and skills in the areas of risk and information systems control.
• Provide a means to differentiate between qualified CRISCs and those who have not met the requirements for continuation of their certification
• Provide a mechanism for monitoring risk and information systems control professionals' maintenance of their competency
• Aid top management in developing sound risk and information systems control functions by providing criteria for personnel selection and development

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.

Disclaimer:
The data contained on these pages is supplied for informational purposes only. It was acquired from internet resources posted by the actual governing body of the certification providers. To the best of our knowledge, the information is accurate and up-to-date as of the date we published it to our sites. CBT Campus does not guarantee the accuracy or claim to know the current policies of these organizations. We highly recommend that you research any and all certification requirements from these organizations on your own.

For more information on ISACA certifications, visit
http://www.isaca.org/certification/pages/default.aspx