Apply for Certification
Get CISA certified and join an elite group of IT professionals recognized and sought after for their expertise. This is a designation that will get you instant credibility with peers, stakeholders and regulators.
A US$50 application processing fee is required for all
submissions. The application fee is a one-time, non-refundable payment.
Candidates must apply for certification within
5 years of having passed the exam.
Finalize your payment and submit your completed
application to ensure an expedited processing time.
CISA Certification Requirements
The ISACA community – members, volunteers and professionals – is guided by our Purpose and Promise, which define the essence of who we are and what we do. Our Purpose is the reason we exist – to help business technology professionals and their enterprises around the world realize the positive potential of technology. Our Promise is how we as an organization and as individuals, deliver on our Purpose – the work we do every day to inspire confidence that enables innovation through technology.
Applicants must meet the following requirements to become CISA Certified:
- Successfully Complete the CISA Examination: The examination is open to all individuals who have an interest in information systems audit, control and security. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score.
For a more detailed description of the exam see CISA Certification Job Practice.
- Adhere to the Code of Professional Ethics: Members of ISACA and/or holders of the CISA designation agree to a Code of Professional Ethics to guide professional and personal conduct.
- Adhere to the Continuing Professional Education (CPE) Policy: The objectives of the continuing education policy are to:
- Maintain an individual's competency by requiring the update of existing knowledge and skills in the areas of information systems auditing, control or security
- Provide a means to differentiate between qualified CISAs and those who have not met the requirements for continuation of their certification
- Demonstrate the Required Minimum Work Experience: A minimum of 5-years of professional information systems auditing, control or security work experience - as described in the CISA job practice areas - is required for certification. The work experience for CISA certification must be gained within the 10-year period preceding the application date for certification. Candidates have 5-years from the passing date to apply for certification.
- Substitutions and waivers may be obtained to a maximum of 3 years as follows:
- A maximum of 1-year of information systems experience OR 1-year of non-IS auditing experience can be substituted for 1-year of experience.
- 60 to 120 completed university semester credit hours (the equivalent of a 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2-years, respectively, of experience.
- A master's degree in information security or information technology from an accredited university can be substituted for 1-year of experience.
The experience substitutions will not satisfy any portion of the 2-year information systems audit work experience requirement.
Exception: Every 2-years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1-year of experience.
It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements. This practice is acceptable and encouraged although the CISA designation will not be awarded until all requirements are met.