CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise
QA is proud to be an official ISACA partner. The official Certified Risk Information Systems Control (CRISC) certification is a powerful manifestation of proficiency and expertise regarding various areas of risk. As well as this, CRISC demonstrates a commitment to IT security operations and enterprises, and a willingness to deliver quality within their profession. CRISC has been established as one of the most desirable and preferable IT security certifications worldwide.
The CRISC designation is designed for IT risk, control and compliance practitioners, business analysts, project managers and other resected professionals. The highly respected certification demonstrates to employers that the holder is able to identify and evaluate IT risk, and help their enterprise accomplish its business objectives. CRISC has received over 15 global recognitions.
Professional experience within risk management/control for a minimum of 3 years is required for CRISC certification. You should have taken the QACRISC training and be familiar with the CRISC job practice domains before taking the exam.
Types of risk may vary, but with its key role as an agent of innovation, technology has become the most critical risk factor for today’s enterprises. Since, conducting a risk assessment is not something a typical information technology education includes, many IT professionals are lacking in knowledge that businesses increasingly deem imperative to determining their future success.
Since its introduction in 2010, more than 24,000 professionals have obtained ISACA®’s Certified in Risk and Information Systems Control™ (CRISC™) certification. The designation demonstrates to employers that the holder is able to identify, evaluate and manage information systems and technology risk, and help enterprises achieve their business objectives.
1. Identifying IT Risk
- Proficiency in this realm validates the expertise required to identify the universeof IT risk in order to contribute to the execution of the IT risk management strategy, in support of business objectives and in alignment with the enterprise risk management (ERM) strategy.
- Domain 1 confirms one’s ability to recognize and gauge threats and vulnerabilities to the organization’s people, processes and technology.
2. Assessing IT Risk
- Exam success demonstrates the advanced ability to analyze and evaluate IT risk to determine the likelihood and impact on business objectives, in order to enable risk-based decision making.
- Domain 2 attests to advanced skill in identifying the current state of existing controls and evaluating their effectiveness for IT risk mitigation.
3. Risk Response and Mitigation
- This key job practice area verifies expertise in determining risk response options while evaluating their efficiency and effectiveness to manage risk in alignment with business objectives.
- Domain 3 tests your ability to select and implement informed risk decisions that are well-aligned and enunciated throughout the organization.
4. Risk and Control Monitoring and Reporting
- The final job practice area assesses your capacity to continuously monitor and report on
- IT risk and controls to relevant stakeholders, so as to ensure the effectiveness of the IT risk management strategy and its alignment with business objectives.
- Domain 4 assesses your ability to define and establish key risk indicators (KRIs) and thresholds based on available data, to enable monitoring of changes in risk.
The CRISC exam will focus on the four domains of Certified Risk Information Systems Control. The CRISC domains encompasses:
Domain 1: Risk Identification
- Risk Identification Objectives
- Risk Identification Overview
- Concepts of IT Risk
- Risk Management Standards
- Risk Identification Frameworks
- Elements of Risk
- Penetration Testing
- COBIT 5
- Risk Scenarios
- Communicating Risk
- Risk Awareness
- Organisational Structures and Culture
- Risk within the Enterprise
- Principles of Risk
Domain 2: Risk Assessment
- Risk Assessment Objectives
- Risk Assessment Overview
- Risk Assessment Techniques
- Risk Assessment Analysis
- Control Assessment
- Risk Evaluation and Impact Assessment
- Risk and Control Analysis
- Third Party Management
- System Development Lifecycle
- Developing Technologies
- Enterprise Architecture
Domain 3: Risk Response and Mitigation
- Risk Response and Mitigation Objectives
- Risk Response and Mitigation Overview
- Risk Response Options
- Response Analysis
- Risk Response Plans
- Control Objectives and Practices
- Control Ownership
- Systems Control Design Implementation
- Control and Countermeasures
- Business Continuity
- Disaster Recovery
- Risk Accountability
- Inherent and Residual Risk
Domain 4: Risk and Control Monitoring and Reporting
- Risk and Control Monitoring and Reporting Objectives
- Risk and Control Monitoring and Reporting Overview
- Key Risk Indicators (KRIs)
- Data Collection
- Monitoring Controls
- Control Assessments
- Penetration Testing
- Vulnerability Assessments
- Third Party Assurance
- Maturity Model Assessment
- Techniques for Improvement
- Capability Maturity Model
- IT Risk Profile
Delegates will receive an official ISACA CRISC exam voucher to take the exam post course. The exam tests delegate's knowledge of the four CRISC domains: Risk Identification, Risk Assessment, Risk Response and Mitigation, and Risk and Control Monitoring and Reporting. It is marked using a 200-800 point scale, with 450 being the passing mark. The Certified Risk and Information Systems Control examination is a CBT (Computer-Based Testing) exam, which has 3 testing windows per year.
Cyber Security learning paths
Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.
Frequently asked questionsSee all of our FAQs
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.