Certified Information Security Manager (CISM)

Certified in Risk and Information Systems Control (CRISC)

Become a CRISC and defend, protect and future-proof your enterprise


CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

Contact to get certified as an Information Security Manager.


How to Become CRISC Certified

Requirements for CRISC Certification – 2015 exams and later


  1. Successful completion of the CRISC examination
  2. IT risk management and information systems control experience
  3. Adherence to the Code of Professional Ethics
  4. Maintain Continuing Professional Education (CPE) Credits

In Addition to Passing the CISM Certification Exam you need


A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) of the four (4) CRISC domains is required for certification. Of these two (2) required domains, one (1) must be in either Domain 1 or 2. There are no substitutions or experience waivers.


Once a CRISC candidate has passed the CRISC certification exam and has met the work experience requirements, the final step is to complete and submit the CRISC Application for Certification. Experience must have been gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the examination. Retaking and passing the examination will be required if the application for certification is not submitted within five years from the passing date of the examination. All experience must be verified independently with employers.


Additional information is available at ISACA’s CRISC Certification page

CRISC Certification Job Practice – Effective 2015


The below job practice is organized by domains that are tested since June 2015 CRISC exam. Since June 2015, the CRISC exam contains 150 questions testing the new job practice.

CRISC Job Practise Domains

  • Domain 1—IT Risk Identification (27%)
  • Domain 2—IT Risk Assessment (28%)
  • Domain 3—Risk Response and Mitigation (23%)
  • Domain 4—Risk and Control Monitoring and Reporting (22%)

Contact for further details on preparing for getting certified as Certified in Risk and Information System Controls (CRISC)


© 2018 - Thanks for Visiting FerroTechnics Inc.    Privacy Policy