ISACA offers CRISC Certification without taking an exam

(20/05/2010)

Professionals with eight or more years of IT and business experience can now apply for ISACA's new Certified in Risk and Information Systems Control (CRISC) designation without taking an exam under a grandfathering program.

The program is designed to recognize professionals who are highly experienced in the following domains:
• Risk identification, assessment and evaluation
• Risk response
• Risk monitoring
• IS control design and implementation
• IS control monitoring and maintenance

To earn the CRISC credential through the grandfathering program, candidates must prove that at least six of the eight years of experience included specific experience performing the responsibilities across all of the five domains. They must also prove at least three years of experience in risk identification, assessment, evaluation, response and monitoring. Candidates must complete an application online and submit an application fee.

The grandfathering program will run until March 2011. The first CRISC exam will be administered in 2011.

“Enterprises around the world are rapidly realizing the importance of monitoring, controlling and benefiting from risk-related activities. The CRISC designation helps provide assurance to employers that professionals who earn it are experienced in identifying and evaluating the risks unique to their specific organization,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “Earning CRISC also helps risk and control professionals demonstrate that they have the proven ability to design, implement, monitor and maintain effective risk-based information systems controls.”

ISACA, a global association of 86,000 IT governance, security, risk and assurance professionals, also administers three other certifications:
• Certified Information Systems Auditor (CISA), earned by 75,000 professionals since it was established in 1978
• Certified Information Security Manager (CISM), earned by 13,000 professionals since its inception in 2002
• Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since 2007

CRISC complements ISACA’s existing certifications:
• CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who identify and manage risk, and design, implement and maintain IS controls.
• CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
• CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who identify, evaluate and monitor risk and are engaged at an operational level to mitigate risk.

Related topics:  Security training 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources