CRISC Certification Training
Certified in Risk and Information Systems Control
Program Highlights
Certified in Risk and Information System Control (CRISC) certification training program at InfosecTrain is developed for those professionals who identify and manage the enterprise risks by implementing information system controls. The training will help you understand the impacts of IT risks and gain technical expertise in implementing proper information security controls to confront the challenges posed by these risks.
32-Hour LIVE Instructor-Led Training 
ISACA Premium Training Partner 
Immersive Learning 
Highly Interactive and Dynamic Sessions 
98% Exam Pass Rate 
Experienced Industry Experts 
Practice with Online Test Engine 
Post Training Support Till Exam 
Telegram Group for Exam Practice
Learning Schedule
- upcoming classes
- corporate training
- 1 on 1 training
| 26 Jul - 06 Sep | Online | Weekend | 09:00 - 12:00 IST | Only 1 Seat Available | |
| 23 Aug - 14 Sep | Online | Weekend | 09:00 - 13:00 IST | BATCH FULL | |
| 18 Oct - 22 Nov | Online | Weekend | 20:00 - 23:00 IST | BATCH OPEN |
Why Choose Our Corporate Training Solution
- Upskill your team on the latest tech
- Highly customized solutions
- Free Training Needs Analysis
- Skill-specific training delivery
- Secure your organizations inside-out
Why Choose 1-on-1 Training
- Get personalized attention
- Customized content
- Learn at your dedicated hour
- Instant clarification of doubt
- Guaranteed to run
Can't Find a Suitable Schedule? Talk to Our Training Advisor
The CRISC Certification Training with InfosecTrain equips IT professionals to tackle the unique challenges of enterprise risk management, preparing them to serve as strategic partners within their organizations. As the industry’s leading certification in risk management, CRISC provides a rigorous, up-to-date evaluation of professionals’ expertise in managing risk and implementing IS controls. By earning CRISC, individuals demonstrate their ability to assess, understand, and address business risks effectively, empowering enterprises and financial institutions to strengthen their risk resilience and safeguard their operations.
DOMAIN 1: GOVERNANCE – 26%
A: ORGANIZATIONAL GOVERNANCE
- Organizational Strategy, Goals, and Objectives
- Organizational Structure, Roles and Responsibilities
- Organizational Culture
- Policies and Standards
- Business Processes
- Organizational Assets
B: RISK GOVERNANCE
- Enterprise Risk Management and Risk Management Framework
- Three Lines of Defense
- Risk Profile
- Risk Appetite and Risk Tolerance
- Legal, Regulatory and Contractual Requirements
- Professional Ethics of Risk Management
DOMAIN 2: IT RISK ASSESSMENT – 20%
A: IT RISK IDENTIFICATION
- Risk Events (e.g., contributing conditions, loss result)
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
- Risk Scenario Development
B: IT RISK ANALYSIS AND EVALUATION
- Risk Assessment Concepts, Standards and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent and Residual Risk
DOMAIN 3: RISK RESPONSE AND REPORTING – 32%
A: RISK RESPONSE
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Third-Party Risk Management
- Issue, Finding and Exception Management
- Management of Emerging Risk
B: CONTROL DESIGN AND IMPLEMENTATION
- Control Types, Standards and Frameworks
- Control Design, Selection and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
C: RISK MONITORING AND REPORTING
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis and Validation
- Risk and Control Monitoring Techniques
- Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
- Key Performance Indicators
- Key Risk Indicators (KRIs)
- Key Control Indicators (KCIs)
DOMAIN 4: INFORMATION TECHNOLOGY AND SECURITY – 22%
A: INFORMATION TECHNOLOGY PRINCIPLES
- Enterprise Architecture
- IT Operations Management (e.g., change management, IT assets, problems, incidents)
- Project Management
- Disaster Recovery Management (DRM)
- Data Lifecycle Management
- System Development Life Cycle (SDLC)
- Emerging Technologies
B: INFORMATION SECURITY PRINCIPLES
- Information Security Concepts, Frameworks and Standards
- Information Security Awareness Training
- Business Continuity Management
- Data Privacy and Data Protection Principles
- CEOs/CFOs
- Chief Audit Executives
- Audit Partners/Heads
- CIOs/CISOs
- Chief Compliance/Privacy/Risk Officers
- Security Managers/Directors/Consultants
- IT Directors/Managers/Consultants
- Audit Directors/Managers/Consultant
- Take the CRISC exam to demonstrate your information security knowledge. Even without meeting experience requirements, passing qualifies you to apply for certification within five years once experience criteria are met.
- Complete a minimum of 3 years in information systems auditing, control, or security within the CRISC job practice areas, with experience gained within the last 10 years. Candidates have up to 5 years from the passing date to apply for certification.
- Fulfill 120 Continuing Professional Education (CPE) hours every three years, with at least 20 hours per year. CPE hours may also count toward other ISACA certifications if requirements align.
- Uphold ISACA’s Code of Professional Ethics as a CRISC-certified professional, ensuring ethical conduct in both professional and personal activities.
| Certification | Certified in Risk and Information Systems Control |
| Exam Duration | 4 Hours |
| Number of Questions | 150 |
| Exam Pattern | Multiple Choice |
| Passing Marks | 450 out of 800 |
| Languages | English, French, German, Hebrew, Italian, Japanese, Korean, Spanish, Turkish, Chinese |
- Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy.
- Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making.
- Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives.
- Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives.
How We Help You Succeed
Vision
Goal
Skill-Building
Mentoring
Direction
Support
Success
Career Transformation
Risk Management professionals needed
average cost of a data breach highlighting the critical need for effective risk management
Organizations plan to recruit trained staff
Organizations plan to invest in training
Education
Healthcare
Retail
Government
Manufacturing
Finance
Your Trusted Instructors
18+ Years Of Experience
21+ Years of Experience
8+ Years Of Experience
20+ Years of Experience
22+ Years Of Experience
Words Have Power
It was an excellent experience with the CRISC course. The instructor was extremely knowledgeable and supportive, with an exceptional understanding of the subject matter. They explained concepts in a simple and clear way. The salesperson was also very helpful and responsive to all my requests.
The CRISC online training program was informative and highly valuable. The instructor was very knowledgeable and engaging. The discussions really enhanced my learning. I highly recommend this course to others looking to strengthen their skills.
The CRISC training was excellent, well-paced and focused on core concepts. The live scenario discussions really helped in understanding the topics better.
The CRISC training was helpful in understanding key concepts clearly and effectively.
The CRISC training was really good! The trainer is excellent, and the materials were easy to read and understand. Happy to be part of the InfosecTrain team, looking forward to learning more!
Excellent, interactive CRISC sessions that boosted my confidence in attempting the certification as well.
Success Speaks Volumes
Get a Sample Certificate
Frequently Asked Questions
How long is the CRISC exam?
The CRISC examination is a four-hour (240 minutes) exam consisting of 150 multiple choice questions.
Where can I take the CRISC exam?
- Computer-Based Testing Locations
- CRISC exams are administered at 1,300 PSI locations across the world and in ten languages.
Can I review answers before the end of the test??
Yes. Answers can reviewed.
Flag questions you want to review before your exam time is over.
When will I receive my exam results?
- Preliminary result (pass or not pass) is available on the screen immediately after the completion of your exam.
- Official score will be emailed and available online within 10 business days from the date that candidates take the exam.
- Successful candidates receive details on how to apply for certification.
- Result is not available on phone or fax to maintain the privacy.
Do I need to apply for another exam voucher if I need to retake the exam?
Yes, but candidates do not need to go through the eligibility application process again.
What are the eligibility requirements for CRISC Certification?
- Pass the CRISC Exam within the last 5 years.
- Work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the exam.
- A minimum of three years of cumulative work experience as a CRISC professional across at least two of the four CRISC domains is compulsory.
- Of these two (2) required domains, one (1) must be in either Domain 1 or 2.
- Submit the CRISC Certification Application including Application Processing Fee.
For more information please visit
https://www.isaca.org/credentialing/crisc/get-crisc-certified
What qualifications are required to earn the CRISC Certification?
- Pass the CRISC examination
- Submit an application for CRISC certification
- Adherence to the Code of Professional Ethics
- Adherence to the Continuing Professional Education Program
- Compliance with the Information Systems Auditing Standards
Who is eligible to become CRISC Certified and what makes CRISC unique?
IT professionals working to manage company risks and controls and have the required experience can apply for the certification.
- CRISC certification indicates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.
- Gives access to the ISACA global community of knowledge, including the most current ideas regarding IT risk management.
- It enables the candidates to increase their value in the organization with expertise to manage IT risk.
How much is the exam voucher?
- Member: US$575
- Non Member Fee: US$760
How is the CRISC exam scored?
On 200-800 point scale, ISACA has set 450 as the passing mark for the exams.
- A scaled score is a conversion of the raw score on an exam to a common scale.
- Please note that the exam score is not based on an arithmetic or percent average. For example, if all 150 questions are answered correctly, the scaled score is 800, a perfect score; a scaled score of 200 is the lowest score possible when only a small number of questions are answered correctly.
- Scaled score of 450 or higher must be achieved to pass the exam.
- A score of 450 represents a minimum consistent standard of knowledge as established for the exam by the respective ISACA Certification Committee.
What are languages in which this exam is available?
The exam is available in 3 languages: English, Spanish and Chinese simplified.
Is there any fee to apply for CRISC Certification?
- A US$50 application processing fee is required for all submissions.
- The application fee is a one-time, non-refundable payment.
Payment can be made on https://www.isaca.org/credentialing/crisc/get-crisc-certified
Can I take the CRISC, CISA, CISM and CGEIT exams in the same exam window?
- Yes, candidates are allowed to take one each of CRISC, CISA, CISM and CGEIT within the same window.
- Candidates may NOT take the same certification exam more than one time within a window.
Where can I find the application for CRISC certification?
CRISC application is available on ISACA website
https://www.isaca.org/credentialing/crisc/get-crisc-certified
What are the requirements to maintain CRISC Certification? What does CRISCs continuing professional education policy require?
- Maintaining your CRISC Certification means maintaining an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
- The CRISC CPE policy requires the attainment of CPE hours over an annual and three-year certification period. CRISCs must comply with the following requirements to retain certification.
- Earn and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CRISC’s knowledge or ability to perform CRISC-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
- Earn and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting cycle period.
- Pay the CRISC annual maintenance fee
- Comply with the annual CPE audit if selected
- Comply with ISACA’s Code of Professional Ethics
- Abide by ISACA’s IT auditing standards
Failure to comply with these certification requirements will result in the revocation of an individual’s CRISC designation. In addition, as all certificates are owned by ISACA, if revoked, the certificate must be destroyed immediately.
How can I schedule the exam for CRISC?
- Candidates can register online anytime for the CRISC certification exam.
- Registration and payment will be valid for 365days/12 months from the date of online registration.
- Payment is mandatory before scheduling the exam.
- Candidates can schedule their exam for any available date/time/location within their 365-day eligibility period.
- Exam can be rescheduled within 365 days eligibility period. But it must be done more than 48 hours prior to the original scheduled testing appointment.
- Candidates must take the exam if they are within 48 hours of scheduled testing appointment or their registration fee will be forfeited.
What are the pre requisites for CRISC certification?
To earn CRISC certification, candidates need to:
- Submit the complete application within five years from the date of initially passing the examination
- The experience should have been gained within the 10-year period preceding the date of application, or within five years of passing the examination.
- A minimum of 3-years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) of the four (4) CRISC domains is required for certification. Of these two (2) required domains, one (1) must be in either Domain 1 or 2.
Is there any waiver for 3years experience required for CRISC Certification?
No, there are no substitutions or experience waivers.
What is the best way to prepare for the exam?
- CRISC Review Manual offered by ISACA, has all the relevant course content good enough to help the aspirants to crack CRISC exam. Make a habit to read it religiously. This Manual is treated as the best guide for self study.
- Practice questions can easily be picked up from ISACA’s Review Questions Database. It is an online source which not only has questions but also answers and explanation of those answers.
- In addition to these candidates can join boot camps/ online training offered by Infosec Train for CRISC Certification exam.
1800-843-7890 (India)