ISACA’s certifications have been recognized by government entities, major industry publications, standard bodies and major consulting groups. The lists below detail many of these recognitions.
Phoenix-based National Association for Information Destruction (NAID)
has approved the creation of a new category of auditor specifically for conducting electronic media destruction audits. Effective April 1, 2012, NAID auditors inspecting and evaluating electronic media sanitization operations will be required to have the certified information systems security professional (CISSP) and certified information systems auditor (CISA) accreditations. NAID Certification Chair Angie Singer Keating says, “As NAID continues to grow its electronic information destruction certification, it is important that we align the accreditations and qualifications of the auditors.”
It was decided that third-party audits of Smart Order Routing in the Indian securities market need to be conducted by a CISA or equivalent.
“In 2009, the Financial Entities General Superintendence in Costa Rica (SUGEF) issued a new Regulation on Information Technology (SUGEF 14-09) for the institutions under its supervision. Financial institutions must comply, within two years, with a minimum maturity level of 3 on 17 of the 34 COBIT processes and must have an annual assessment of its IT management framework with an external auditor. This external auditor must be a CISA.”
The 2010 Information Career Trends Survey, conducted by the Information Security Media Group, found CISA to be one of the three most sought-after certifications.
In a January 2010 study by Mile High Research, ISACA’s CISA and CISM certifications made the top 10 in-demand IT certifications for new jobs posted over the last 14 days. The job descriptions specified one or more certifications as minimum or preferred credentials for the job posting. ISACA and other organizations whose credentials made the top 10 “obviously make a connection between their certifications and employers – that connection is value," said Denny Schall, CLO of Mile High Research.
The CISA certification program was awarded the “Best Professional Development Grand Award” and the “Best Professional Development (Scheme) Award” in the ‘Hong Kong ICT Awards 2009’ presentation ceremony. The Hong Kong ICT Awards were established in 2006 under a collaborative effort amongst the industry, the academia and the Government.
CISAs qualify for the Disaster Recovery Institute International’s (DRII) CBLA (Certified Business Continuity Lead Auditor) certification and get a bypass for the corresponding reference (experience) requirement. In addition, all CISAs are offered a 10% discount on DRII courses.
The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
SC Magazine named CISA the winner of the 2009 Best Professional Certification Program.
The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs for the past three years.
CIO magazine, SC Magazine and Foote Partners research continually cites CISA as a credential that earns top pay compared with other credentials.
The US Department of Defense (DoD) includes CISA in its list of approved certifications for its information assurance professionals.
The US Department of Veteran Affairs reimburses exam fees for the CISA exam.
The Department of Information Technology has issued an empanelment of vendors for auditing the Reserve Bank’s internal network and IT systems. CISA was listed as one of the prequalification criteria for bidding vendors. It was stipulated that the vendor should have a minimum of three CISA/CISSP certified professionals participating in the audit.
The Payment Card Industry (PCI) Data Security Standard (DSS) has named CISA and CISM certifications as validation requirements for qualified security assessors (QSAs)—organizations that validate an entity’s adherence to PCI DSS requirements.
All assistant examiners employed by the US Federal Reserve Banks must pass the CISA exam before they are eligible for commissioning.
The Department of Information Technology of the Government of N.C.T. of Delhi sent out an RFP for Website Security Audits of Delhi Government departments. This is the first large-scale audit RFP issued by any state government in India. CISA was named as one of the prequalification criteria for bidders.
The National Stock Exchange of India has recognized CISA as a requirement to conduct system audits.
CERT-IN, the Indian Computer Emergency Response Team, has recognized CISA as one of the requirements to be empanelled to conduct security audits.
An information security law in Korea requires that highly skilled professionals, such as CISAs, perform information system audit and security services.
In Romania, banks desiring to implement distance or electronic payment instruments, such as Internet and home banking, are required by law to be certified by auditors who hold the CISA certification.
In Article 58 of the Public Finance Act in the Republic of Poland (passed in late 2006), the CISA certification is one of three designations recognized as an entitlement to be a public-sector auditor.
In Malaysia, the Multimedia Development Corporation (MDEC) provides partial reimbursement for certain CISA and CISM certification and training fees.
The Canadian Institute of Chartered Accountants (CICA) accredits ISACA as the only body whose designation leads to recognition as a CA-designated specialist in information systems audit, control and security.
In Hong Kong, ISACA members who have held a CISA certification for at least four years have the right to vote for the city’s legislative counselors, as representatives of the IT category among the functional constituencies.
India’s National Information Security Assurance Program, the Department of Information Technology, recognizes the CISA designation to assess the information security risks in public-sector organizations.
The US Securities and Exchange Commission (SEC) strongly encourages the use of COBIT as a baseline for governance, implementation and planning, and overall IT controls. While certifications are not embedded in guidelines and rules, the CISA certification is strongly encouraged.
The State Bank of Pakistan offers reimbursement of examination fees and payment of a cash bonus to employees who earn the CISA certification.
In Hyderabad, India, the State Bank provides incentives in the form of exam and maintenance fee reimbursement to employees earning and retaining CISA.
ISACA worked with the Chinese National Audit Office (CNAO) in 2002 to offer the first CISA exam in the People’s Republic of China (PRC). The exam was conducted in four locations in the PRC, in both English and Mandarin Chinese.
The Peruvian government recognizes CISAs for their expertise and specialization, which is required for practitioners in internal auditing.
Following the results of an eight-month stage II audit under the direction of a CISA and CISM certified professional, the Credit Union Central of British Columbia will be the first online banking system in Canada to become ISO 27000 Certified. CISAs and CISMs continue to make worldwide impact by effecting and influencing organizational progress.
The Multimedia Development Corporation Sdn Bhd (MDEC) in Malaysia provides reimbursement for certain CISA and CISM certification and training fees. This reimbursement is made possible through the MSC Malaysia Capability Development Program, which was launched to enhance the skills of local information and community technology knowledge workers and assist MSC status companies in human capital development.
To qualify for empanelment of chartered accountant firms with the office of the Comptroller & Auditor General of India (C&AG) for the year 2009-10, a “copy of CISA certificate in respect of members who have qualified CISA” is required.
CISAs are given exemption from the CEH (Certified Ethical Hacker) exam and are allowed directly to take the EC-Council Certified Security Analyst (ECSA) exam, which leads to the (LPT) Licensed Penetration Tester Certification.