Certified Risk and Information Systems Control (CRISC)

Course Overview

IT organizations today operate in a high risk environment that can make or break their prospects for success. Mitigating, controlling and maintaining security therefore has become pivotal to an IT organization’s existence and so has the need for Risk and Security Management professionals in the IT sector. The Certified in Risk and Information Systems Control (CRISC) from ISACA – USA is the benchmark certification recognized world over in the field of risk and IT Security management. Get CRISC certified to validate your credentials in managing enterprise IT risk and information systems control. Navigate through to the core of the organization and boost your professional worth.

Course duration

  • 32 hours spread over 4 days of classroom based lectures with e-Learning facility.
  • Course includes simulations and exam preparation through quizzes and mock tests.

Who should attend?

The Certified in Risk and Information Systems Control (CRISC) course is ideal for professionals already engaged in or interested in enterprise risk management and control. It is ideal for IT professionals, risk and security professionals, control and compliance professionals, Business Analysts and PRoject Managers.

Course path:

The course will give you a thorough understanding of the following 4 CRISC Domains:

  1. IT Risk Identification,
  2. IT Risk Assessment,
  3. Risk Response and Mitigation, and
  4. Risk and Control Monitoring and Reporting.

Pre-requisites for the course and eligibility for exam

  • There are no pre-requisites or eligibility requirements to sit the exam. All interested in information systems audit, control and security can take the course and sit the exam.
  • It is to be noted that the application for certification is made after sitting and passing the exam. To apply for the certification, candidates have a period of 5 years from the date of passing the exam. For the certification, in addition to passing the exam, candidates must possess work experience as follows:
    • Minimum 3 years of cumulative work experience performing tasks in at least two of the four CRISC domains. Out of these two, at least one domain should be either of the first two CRISC domains.
    • This work experience should have been gained within the 10 years preceding the date of application for certification.


The Certified in Risk and Information Systems Control (CRISC) exam and certification is provided by ISACA, an association based out of the USA and dedicated to research, development, training and accreditation in the field of IT / IS risk, security and governance for over 50 years.

Exam format

  • The online proctored exam is conducted at a PSI test center.
  • The exam duration is 4 hours (240 minutes) comprising 150 multiple choice questions. The passing score is not disclosed by ISACA.
  • The pass or fail result is shown on screen immediately upon completion of the exam. The official results with scores are emailed to the candidates typically within 10 working days.


Q. For how long is the certification valid?
A. The CRISC certification is valid for 3 years.

Q. How do I renew / maintain my CRISC certification?
A. To maintain your CRISC certification, you need to earn and report at least 120 CPE hours by the end of 3 years. In that, you have to earn and report at least 20 CPE hours annually. You also have to pay the annual CRISC maintenance fee (US$ 45 for members and US$ 85 for non-members) by January 1st every year and comply with ISACA’s Code of Professional Ethics.

Q. What are CPE hours and how to earn them?
A. CPE (Continuing Professional Education) hours quantify the number of hours that a CRISC professional spends in undertaking continuous professional education activities to maintain adequate current knowledge and proficiency in IT Risk Management. One hour so spent earns you one CPE. To know more about how to earn CPE’s, you may check the following link: https://www.isaca.org/credentialing/how-to-earn-cpe

Q. What happens if I do not complete the CPE requirement?
A. In that case, your certification is revoked by ISACA. If you wish to reinstate your certification, you need to file a detailed reconsideration request along with CPE related documentation to ISACA. ISACA will review your appeal and may accept or reject it. If the appeal is accepted, you may have to pay a reinstatement fee of US$ 50 in addition to the maintenance fee. If the appeal is rejected, you will have to reapply for certification and retake the exam.

Q. What is the cost of ISACA membership?
A. ISACA membership costs US$ 135 per year, plus US$ 10 new member fee, plus chapter dues variable on your location. Please note that membership is not mandatory to hold and renew certifications.

Q. Can I prepare for and sit the exams by self-study without attending any course?
A. Yes, you may. However, owing to the difficulty level of the exams, it is advisable that you pursue formal training before sitting the exam.

Q. Is the course fee inclusive of exam fee and cost of study material?
A. The course fee is inclusive of the cost of study material and training kit but NOT the exam fee.

Q. What is the exam fee?
A. The exam fee is US$ 575 for members and US$ 760 for non-members. The application processing fee for the certificate is US$ 50 for both members and non-members.

Q. How do I book an exam?
A. To book an exam follow the procedure as under:

  • Login to your ISACA profile on the ISACA website;
  • Follow this path by clicking the tabs: Credentialing >> Certifications >> CRISC >> Learn More >> Take and Pass Exam;
  • Click on the “Register Now” button, complete the exam application form and add it to cart;
  • Check out by making payment of the exam fee.
  • You have an eligibility window of one year to schedule and take the exam and thereafter a window of 5 years to apply for the certification.

After passing the exam and gathering the required work experience, you may apply for the Certification by: