Certified in Risk and Information Systems Control (CRISC)

CRISC is ISACA's premier certification for IT risk management professionals. It validates expertise in identifying, assessing, evaluating, and managing IT risk within the context of business objectives. CRISC-certified professionals design and implement information systems controls to mitigate risk, making it one of the most sought-after credentials for risk management and governance roles worldwide.

Request Training Email Inquiry

What is the Certified in Risk and Information Systems Control (CRISC)?

Who Should Take This Course?

IT Risk Managers and Risk Analysts
Business Analysts with IT risk responsibilities
Information Security Professionals focused on risk
Project Managers overseeing IT risk governance
Control Professionals and IT Auditors
Compliance Officers in technology organizations
Consultants advising on enterprise risk frameworks

What You Will Learn in the CRISC Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Domain 1: Governance

Align IT risk management with enterprise governance structures.

Organizational strategy, goals, and risk appetite
Risk management frameworks: NIST, ISO 31000, COBIT
Three lines of defense model
Risk culture and communication

Domain 2: IT Risk Assessment

Identify, evaluate, and prioritize IT risks to the organization.

Threat and vulnerability identification methodologies
Qualitative and quantitative risk assessment techniques
Risk scenario development and analysis
Control deficiency and gap analysis

Domain 3: Risk Response and Reporting

Select and implement risk responses and communicate risk posture.

Risk treatment options: accept, avoid, transfer, mitigate
Risk response plans and accountability
Key Risk Indicators (KRIs) and monitoring
Risk reporting to senior management and board

Domain 4: Information Technology and Security

Apply IT and security knowledge to effectively manage risk.

Enterprise architecture and IT infrastructure risk
Emerging technologies: cloud, IoT, AI risk implications
Cybersecurity controls and frameworks
Business continuity and disaster recovery planning

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

3 years of IT risk management and IS control experience required
Experience must span at least 2 of the 4 CRISC domains
Adherence to ISACA Code of Professional Ethics
Experience must be verified within 5 years of passing the exam

Exam Information

Everything you need to know about the CRISC certification exam.

Exam Component	Details
Exam Name	Certified in Risk and Information Systems Control
Exam Code	CRISC
Exam Type	Multiple Choice
Total Questions	150
Passing Score	450 (out of 800)
Exam Duration	240 minutes
Language	English, Chinese Simplified, Japanese, Korean, Spanish
Exam Provider	PSI Exams (in-person or online)
Exam Focus	IT risk governance, risk assessment, risk response, and IS controls
Exam Registration	ISACA portal (isaca.org/certification/crisc-certified-in-risk-and-information-systems-control)
Retake Policy	1-year waiting period; maximum 3 attempts per year
Certification Validity	3 years (120 CPE hours required for renewal)