ISC2
Advanced
35 hours
CGRC

Certified in Governance, Risk and Compliance (CGRC)

The ISC2 CGRC (formerly CAP) is the updated certification for governance, risk, and compliance professionals. It validates expertise in implementing GRC frameworks, managing organizational risk, and ensuring information systems comply with regulatory and policy requirements across both government and commercial sectors.

Request Training Email Inquiry

What is the CGRC Course?

The ISC2 CGRC (formerly CAP) is the updated certification for governance, risk, and compliance professionals. It validates expertise in implementing GRC frameworks, managing organizational risk, and ensuring information systems comply with regulatory and policy requirements across both government and commercial sectors.

Who Should Take This Course?

  • GRC managers and analysts
  • Information Security Officers and Compliance Officers
  • Risk management professionals
  • Internal and external auditors
  • IT governance specialists
  • Federal agency security professionals
  • Commercial sector compliance teams in regulated industries

What You Will Learn in the CGRC Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Domain 1: Information Security Risk Management Program

Establishing and maintaining a risk management program aligned with organizational objectives.

  • Risk management program components
  • Organizational risk tolerance
  • Security governance structure
  • Policy and procedure development

Domain 2: Scope of the Information System

  • System boundary identification
  • System characterization and inventory
  • Interconnection agreements
  • Data flow and information types

Domain 3: Selection and Approval of Security & Privacy Controls

  • Control frameworks (NIST SP 800-53, ISO 27001)
  • Baseline controls tailoring
  • Privacy control selection
  • Documentation of selected controls

Domain 4: Implementation of Security & Privacy Controls

  • Security and privacy plans
  • Configuration management
  • Supply chain risk
  • Control implementation evidence

Domain 5: Assessment/Audit of Security & Privacy Controls

  • Assessment planning and methodology
  • Control testing techniques
  • Audit findings documentation
  • Remediation planning

Domains 6-7: Authorization / Approval & Monitoring

  • Authorization decision packages
  • Residual risk acceptance
  • Continuous monitoring strategy
  • Ongoing compliance and reporting

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

  • 2 years of cumulative paid work experience in 1+ of the 7 CGRC domains
  • Experience in information security risk management or compliance
  • Endorsement by an ISC2 member within 9 months of passing
  • Agreement to the ISC2 Code of Ethics

Exam Information

Everything you need to know about the CGRC certification exam.

Exam ComponentDetails
Exam Name
Certified in Governance, Risk and Compliance
Exam Code
CGRC
Exam Type
Multiple choice
Total Questions
125
Passing Score
700 (out of 1000)
Exam Duration
180 minutes
Language
English
Exam Provider
Pearson VUE (in-person or online proctored)
Exam Focus
GRC framework implementation, risk management, and compliance across 7 domains
Exam Registration
Pearson VUE via ISC2.org
Retake Policy
30-day wait after 1st/2nd fail; 90-day wait after 3rd; max 3 attempts per year
Certification Validity
3 years (60 CPE credits required for renewal)

Exam Topics

Risk Management Program (16%)
System Scope (11%)
Control Selection (15%)
Control Implementation (15%)
Control Assessment (16%)
System Authorization (11%)
Monitoring (16%)

Training Plans

Select the plan that matches your career goals

Basic

Certification Program

USD699
  • Certification syllabus training
  • Private instructor-led live classes
  • Hands-on labs
  • Practice exams
  • Certification exam guidance
Get Started

Pro

Certification + Projects

USD919
  • Everything in Basic
  • Real-world industry projects
  • Case studies
  • GitHub portfolio project
  • Assignment reviews
  • Capstone mini project
Get Started
Most Popular

Premium

Career Acceleration

USD1,189
  • Everything in Pro
  • Resume building
  • LinkedIn profile optimization
  • Interview preparation
  • Mock interviews
  • Career mentoring sessions
  • Capstone project
  • Certification exam strategy
  • Industry use-case training
Get Started

Need custom enterprise pricing? support@prosupportconsulting.in

Learning Path

Your certification journey — from prerequisites to advanced roles.

2 years security/compliance experience
CAP or equivalent
This Certification

CGRC Certification

Prerequisite This Certification Next Steps

Related Certifications

CAP — Authorization ProfessionalCISSP — Expert Level SecurityCISM — ISACA Security ManagementCISA — ISACA Audit

Ready to Get Certified?

Start your Certified in Governance, Risk and Compliance (CGRC) journey with private 1-to-1 training from certified industry developers.

Book a Discovery Call Contact Us
support@prosupportconsulting.in