Certified in Risk and Information Systems Control (CRISC) Training

A: ORGANIZATIONAL GOVERNANCE

• Organizational Strategy, Goals, and Objectives
• Organizational Structure, Roles and Responsibilities
• Organizational Culture
• Policies and Standards
• Business Processes
• Organizational Assets

B: RISK GOVERNANCE

• Enterprise Risk Management and Risk Management Framework
• Three Lines of Defense
• Risk Profile
• Risk Appetite and Risk Tolerance
• Legal, Regulatory and Contractual Requirements
• Professional Ethics of Risk Management

A: IT RISK IDENTIFICATION

• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development

B: IT RISK ANALYSIS AND EVALUATION

• Risk Assessment Concepts, Standards and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk

A: RISK RESPONSE

• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding and Exception Management
• Management of Emerging Risk

B: CONTROL DESIGN AND IMPLEMENTATION

• Control Types, Standards and Frameworks
• Control Design, Selection and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation

C: RISK MONITORING AND REPORTING

• Risk Treatment Plans
• Data Collection, Aggregation, Analysis and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)

A: INFORMATION TECHNOLOGY PRINCIPLES

• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies

B: INFORMATION SECURITY PRINCIPLES

• Information Security Concepts, Frameworks and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles

CertOcean’s CRISC (Certified in Risk and Information Systems Control) training equips professionals to identify, evaluate, and manage enterprise IT risks effectively. Covering the core domains of governance, risk assessment, mitigation, and monitoring, this course provides practical insights and real-world strategies. Guided by expert instructors, participants gain the skills needed to align IT risk with business objectives. The program also includes exam preparation resources to ensure success in the globally recognized CRISC certification. This training is ideal for IT professionals, risk managers, and compliance officers aiming to advance their careers in IT risk management.

Benefits of CRISC Certification:

• Recognition as a skilled IT risk and control professional globally.
• Enhanced ability to design and implement effective risk-based strategies.
• Career advancement in roles focused on risk management, compliance, and IT governance.

You are eligible to take up CRISC certification if your professional field is aligned to any of these:

• CEOs/CFOs
• Chief Audit Executives
• Audit Partners/Heads
• CIOs/CISOs
• Chief Compliance/Privacy/Risk Officers
• Security Managers/Directors/Consultants
• IT Directors/Managers/Consultants
• Audit Directors/Managers/Consultant

• Preliminary result (pass or not pass) is available on the screen immediately after the completion of your exam.
• Official score will be emailed and available online within 10 business days from the date that candidates take the exam.
• Successful candidates receive details on how to apply for certification.
• Result is not available on phone or fax to maintain the privacy.

• Pass the CRISC Exam within the last 5 years.
• Work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the exam.
• A minimum of three years of cumulative work experience as a CRISC professional across at least two of the four CRISC domains is compulsory.
• Of these two (2) required domains, one (1) must be in either Domain 1 or 2.
• Submit the CRISC Certification Application including Application Processing Fee
  
  For more information please visit

            https://www.isaca.org/credentialing/crisc/get-crisc-certified

• Maintaining your CRISC Certification means maintaining an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
• The CRISC CPE policy requires the attainment of CPE hours over an annual and three-year certification period. CRISCs must comply with the following requirements to retain certification.
• Earn and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CRISC’s knowledge or ability to perform CRISC-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
• Earn and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting cycle period.
• Pay the CRISC annual maintenance fee
• Comply with the annual CPE audit if selected
• Comply with ISACA’s Code of Professional Ethics
• Abide by ISACA’s IT auditing standards

Failure to comply with these certification requirements will result in the revocation of an individual’s CRISC designation. In addition, as all certificates are owned by ISACA, if revoked, the certificate must be destroyed immediately.