Press Release


 ISACA’s CRISC Certification Knowledge Areas Will be Updated in 2015 

Rolling Meadows, IL, USA (5 August 2014)—Global IT association ISACA has updated the job practice, which serves as the knowledge basis, for the Certified in Risk and Information Systems Control (CRISC) certification to reflect the latest responsibilities of IT risk and control professionals. The new job practice, which includes task and knowledge statements, will be effective beginning with the June 2015 CRISC exam.

To determine the new knowledge areas, ISACA conducted a nine-month assessment of the roles filled by current CRISCs. The revised CRISC job practice will combine IT risk and control tasks within the domains, resulting in a decrease from the current five domains to four:

  • Domain 1: IT Risk Identification
  • Domain 2: IT Risk Assessment
  • Domain 3: Risk Response and Mitigation
  • Domain 4: Risk and Control Monitoring and Reporting

The updated CRISC job practice reflects the expertise of nine CRISC Practice Analysis Task Force members, 25 independent subject matter expert reviewers and more than 1,400 IT risk professionals from around the world.

“The continuous advancement in information technology and its application in information systems, along with the risk associated with the adoption of these technologies in every business, requires IT risk professionals to stay current with the profession,” said Eduardo Ritegno, CISA, CRISC and chair of ISACA’s CRISC Certification Committee. “As part of this evolution, ISACA conducted a job practice analysis to ensure the CRISC certification requirements and exam content stay current and remain relevant to the practice of IT risk and IS controls.”

With the updated job practice, CRISC certification requirements will also change. While candidates who pass the CRISC exam will still need to submit evidence of three years of cumulative work experience performing the tasks of a CRISC professional, now the experience must be across at least two of the four new domains instead of the current requirement of three domains. Of the two required domains, one must be either domain 1 or 2.

Established in 2010, the CRISC credential is designed for IT and business professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. One of four globally recognized certifications from ISACA, CRISC was found to be the highest-paying certification in the Global Knowledge 2014 IT Skills and Salary Survey. It is tied for fifth highest-paying certifications in the most recent Foote Partners IT Skills and Pay Index™ and was named the Best Professional Certification Program by SC Magazine in 2013.

The CRISC exam is administered at more than 240 locations worldwide in June and December. Beginning with the June 2015 exam, a Spanish version of the exam will be available. More than 17,000 professionals have earned the CRISC designation since it was established in 2010.

For additional information on CRISC, visit For more information on ISACA’s Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise IT (CGEIT) credentials, visit


With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:


Rachel Acevedo, +1.847.660.5617,
Joanne Duffer, +1.847.660.5564,
Kristen Kessinger, +1.847.660.5512,