Certified in Risk and Information Systems Control (CRISC)

The Certified in Risk and Information Systems Control (CRISC) certification validates expertise in identifying and managing enterprise IT risk. It’s designed for professionals who develop, implement, and maintain information system controls and governance. 

Looking for a CRISC training course?
Get in touch to book
CRISC

What is Certified in Risk and Information Systems Control (CRISC)?

The CRISC certification, developed by ISACA, is a globally recognised credential for professionals who manage IT risks. It demonstrates proficiency in designing and implementing risk-based information systems controls that align IT risk management with broader business objectives.

CRISC bridges the gap between risk management and technical implementation, helping organisations strengthen resilience and compliance.

This CRISC certification guide was written by our team of cyber security experts

What topics does a CRISC certification cover?

The CRISC certification covers four key topics: 

Governance 

Organisational structure, risk appetite, and stakeholder engagement. 

IT Risk Assessment 

Identifying, analysing, and evaluating risk. 

Risk Response and Reporting 

Implementing mitigation strategies and reporting mechanisms. 

Information Technology and Security 

Managing control design, implementation, and monitoring. 

Together, these domains ensure that certified professionals can integrate risk management into everyday business and IT processes. 

How do I earn a CRISC certification?

To earn the CRISC certification, candidates must: 

  1. Pass the CRISC exam, which covers ISACA’s four risk domains. 

  1. Adhere to ISACA’s Code of Professional Ethics and Continuing Education Policy. 

  1. Submit verified work experience, with at least three years in IT risk management or information systems control. 

  1. Maintain certification by earning Continuing Professional Education (CPE) credits annually. 

What are the pre-requisites of a CRISC certification?

To qualify for certification, you need at least three years of work experience in IT risk management, information systems control, or related governance roles. 

  • Experience must be gained across at least two of the four ISACA CRISC domains, one of which must be IT Risk Identification or IT Risk Response and Mitigation. 

  • You can take the exam before completing this experience, but the requirement must be fulfilled within five years of passing. 

Which roles require a CRISC certification?

CRISC is ideal for professionals responsible for IT risk management, compliance, and governance. Typical job roles include: 

  • IT Risk Manager 

  • Information Security Manager 

  • Control and Compliance Officer 

  • Cyber Risk Analyst 

  • Chief Risk Officer (CRO) 

  • Audit Manager 

The CRISC certification is particularly valued in sectors such as finance, government, and technology, where managing IT-related risk is critical.  

Is CRISC worth it?

The CRISC certification is highly respected among IT governance and risk management professionals. 

Industry recognition 

CRISC is consistently ranked among the top-paying IT certifications worldwide. 

Career growth  

It opens pathways to senior roles in enterprise risk management, audit, and cybersecurity leadership. 

Salary advantage 

According to ITjobswatch, UK professionals with a CRISC certification earn around £80k per annum depending on sector. 

Global credibility 

Recognised in over 180 countries, CRISC validates your expertise in connecting business risk with IT strategy.  

Prepare for CRISC with our course

This four-day official ISACA course equips learners with the knowledge and practical skills needed to prepare for and pass the CRISC exam.

Prepare for the CRISC exam

What is the exam structure of Certified in Risk and Information Systems Control (CRISC)?

The CRISC exam consists of 150 multiple-choice questions covering ISACA’s four domains. Candidates have four hours to complete the test, which is delivered via computer-based testing through PSI. The scoring range is 200–800 points, with a minimum score of 450 required to pass. The exam tests both conceptual understanding and applied knowledge of IT risk management, control, and governance. 

What study resources are available for CRISC?

Take an official CRISC training course aligned with ISACA’s current exam content outline. Other recommended study materials include: 

  • The ISACA CRISC Review Manual 

  • ISACA CRISC Exam Study Guide 

  • Practice Question Database from ISACA 

  • Community-led study groups via local ISACA chapters 

Does a CRISC certification expire?

CRISC certification holders must renew every three years by earning 120 Continuing Professional Education (CPE) hours and paying an annual maintenance fee. This ensures certified professionals stay up to date with evolving risk management practices and regulatory standards. 

Why choose QA for CRISC training?

Proud partner of ISACA

Proud partner of ISACA

We are an accredited, elite partner of ISACA, offering the full catalogue of ISACA certifications.

View all ISACA courses
Expert-led training

Expert-led training

QA and its trainers have been recognised for its excellence in delivering ISACA training courses.

Cyber Experts
More ways to learn

More ways to learn

Our expert-led CRISC training can be taken virtually with an instructor, or in-person in a classroom.  

Book CRISC now

More Cyber Security Certifications

CISM CIPP OSCP CISSP CIPM AIGP CCISO CISA Certified Ethical Hacker SSCP OSIR OWASP

Let's talk

Start your digital transformation journey today

Contact us today via the form or give us a call

+44 113 220 7150 (UK)

By submitting this form, you agree to QA processing your data in accordance with our Privacy Policy and Terms & Conditions. You can unsubscribe at any time by clicking the link in our emails or contacting us directly.