CRISC (Certified in Risk and Information Systems Control)

The Certified in Risk and Information Systems Control (CRISC) certification, offered by ISACA, is a globally recognized credential designed for IT professionals who manage enterprise IT risk and implement information systems controls. Introduced in 2010, CRISC has become a benchmark for professionals aiming to establish their expertise in IT risk management and control.​

What is CRISC?

CRISC is tailored for individuals responsible for identifying and managing risks through the development, implementation, and maintenance of information systems controls. It bridges the gap between business risk and technical understanding, ensuring that IT professionals can effectively align IT risk management with overall organizational goals. The certification emphasizes a proactive approach to risk management, enabling professionals to enhance business resilience, deliver stakeholder value, and optimize risk management across the enterprise.​

Benefits of CRISC Certification

Earning the CRISC certification offers several advantages:​

  • Global Recognition: CRISC is acknowledged worldwide, validating your expertise in IT risk management and control.​
  • Career Advancement: Certified professionals often experience improved job performance and are considered for higher-level positions within their organizations.​
  • Competitive Salary: CRISC holders report an average annual salary of approximately US$151,000, reflecting the high demand for their specialized skills.
  • Organizational Impact: CRISC professionals play a critical role in helping organizations understand business risk and have the technical knowledge to implement appropriate IS controls.​

CRISC Job Practice Domains

The CRISC certification focuses on four key domains, each representing essential areas of expertise:​

  1. Governance (26%): Establishing and maintaining a governance framework to support risk management strategies and ensure alignment with organizational objectives.
  2. IT Risk Assessment (20%): Identifying and evaluating IT risk to facilitate the execution of the enterprise risk management strategy.​
  3. Risk Response and Reporting (32%): Developing and implementing risk responses to ensure that risk factors are effectively managed and communicated to stakeholders.​
  4. Information Technology and Security (22%): Ensuring that information systems and security measures are in place to support the achievement of business objectives and manage risk .​

Preparing for the CRISC Exam

ISACA provides a range of resources to help candidates prepare for the CRISC exam:​

  • CRISC Online Review Course: A self-paced course covering key concepts in governance, IT risk assessment, risk response and reporting, and information technology and security.​
  • CRISC Questions, Answers & Explanations Database: A comprehensive 600-question pool allowing candidates to build a custom study plan and track progress.
  • CRISC Review Manual (Digital and Print Versions): A comprehensive reference guide to understand the responsibilities of those who implement or manage governance of enterprise IT.​
  • Exam Candidate Guide: Includes registration, scheduling, and important exam day information.​
  • Free CRISC Practice Quiz: A set of 10 questions to test your knowledge of risk and information systems control.​

It’s important to note that the CRISC Exam Content Outline will be updated effective 3 November 2025. Updated preparation materials reflecting the new outline will be available for purchase in September 2025. Purchasing current materials will not grant access to the newer versions later

Exam Registration and Costs

CRISC exams are computer-based and administered at authorized PSI testing centers globally or as remotely proctored exams. Registration is continuous, allowing candidates to register at any time. After payment of exam registration fees, candidates can schedule a testing appointment as early as 48 hours later.​

  • Member Exam Cost: US$575.00​
  • Non-Member Exam Cost: US$760.00​

For more details and to register, visit the official ISACA CRISC page.​

Maintaining Your CRISC Certification

To maintain the CRISC certification, certified professionals must engage in Continuing Professional Education (CPE) to stay current with evolving industry practices:​

  • Annual CPE Requirement: Earn and report a minimum of 20 CPE hours annually.​
  • Three-Year CPE Requirement: Accumulate and report a total of 120 CPE hours over a three-year period.​
  • Annual Maintenance Fee: Pay the CRISC annual maintenance fee (US$45 for members, US$85 for non-members).​
  • Compliance: Adhere to ISACA’s Code of Professional Ethics and comply with the Annual CPE Audit if selected.

Digital Badges and Recognition

Upon achieving CRISC certification, professionals receive an ISACA open badge—a verifiable visual representation of the certification. These badges can be shared on social media, professional networking sites, emails, or personal websites, showcasing your achievement to peers and potential employers. ISACA’s digital badges are managed by Acclaim (Credly), ensuring security and authenticity.

Conclusion

The CRISC certification is a valuable asset for IT professionals aiming to specialize in enterprise IT risk management and information systems control. It not only enhances individual career prospects but also contributes significantly to organizational risk management strategies. With comprehensive preparation resources, global recognition, and a commitment to ongoing professional development, CRISC stands as a testament to excellence in the field of IT risk management.​

Scroll to Top