Certified in Risk and Information Systems Control™



Since its introduction in 2010, more than 24,000 professionals have obtained ISACA®’s Certified in Risk and Information Systems Control™ (CRISC™) certification. The designation demonstrates to employers that the holder is able to identify, evaluate and manage information systems and technology risk, and help enterprises achieve their business objectives.

View Schedule

About the Certification

  • Awarded by Information Systems Audit and Control Association (ISACA)
  • Prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise

Training Outlines

  • Domain 1 — IT Risk Identification (27%)
  • Domain 2 — IT Risk Assessment (28%)
  • Domain 3 — Risk Response and Mitigation (27%)
  • Domain 4 — Risk and Control Monitoring and Reporting (22%)

Training Highlights

  • 21-hour intensive examination preparation workshop
  • Conducted by renowned, experienced industrial expert
  • Real case study will be adopted with experience sharing
  • Eligible for 21 units of PDU / CPE

Examination Highlights

All certification exams consist of 150 multiple choice questions that cover the respective job practice areas created from the most recent job practice analysis. Candidates have up to 4 hours (240 minutes) to complete the exam.
Exam Fee for ISACA Member: US $575
Exam Fee for ISACA Non-member: US $760

Chartered Requirements

  • Successful completion of the CRISC examination
  • A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) of the four (4) CRISC domains is required for certification. Of these two (2) required domains, one (1) must be in either Domain 1 or 2. There are no substitutions or experience waivers.
  • Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.


Mr. Anthony Lim, CRISC™, CCSP®, CSSLP®

  • Asia Pacific long-time iconic information security, cyber-security and governance professional, practitioner and advocate, with nearly 20 year's experience
  • Specialized focus on application security since 2006
  • Popular speaker and content-provider for many local, regional and international industry, business, government, academic, defense and think-tank conferences and media (broadcast, internet, print)
  • Sat on several government security & governance
    committees in Singapore and the region