Home / Credentialing / CRISC / Get CRISC Certified


Apply for Certification

Get CRISC certified and join an elite group of IT professionals recognized and sought after for their expertise. This is a designation that will get you instant credibility with peers, stakeholders and regulators.

Pay Now

A US$50 application processing fee is required for all
submissions. The application fee is a one-time, non-refundable payment.

Pay Now


Candidates must apply for certification within
5 years of having passed the exam.



Finalize your payment and submit your completed
application to ensure an expedited processing time.




CRISC Certification Requirements

The ISACA community – members, volunteers and professionals – is guided by our Purpose and Promise, which define the essence of who we are and what we do.  Our Purpose is the reason we exist – to help business technology professionals and their enterprises around the world realize the positive potential of technology.  Our Promise is how we as an organization and as individuals, deliver on our Purpose – the work we do every day to inspire confidence that enables innovation through technology.

Applicants must meet the following requirements to become CRISC Certified:

  • Successfully Complete the CRISC Examination: The examination is open to all individuals who have an interest in information systems audit, control and security. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score.

    For a more detailed description of the exam see CRISC Certification Job Practice.

  • Adhere to the Code of Professional Ethics: Members of ISACA and/or holders of the CRISC designation agree to a Code of Professional Ethics to guide professional and personal conduct.

    View ISACA’s Code of Professional Ethics

  • Adhere to the Continuing Professional Education (CPE) Program: The objectives of the continuing education program are to:
    • Maintain an individual's competency by requiring the update of existing knowledge and skills in the areas of risk and information systems control
    • Provide a means to differentiate between qualified CRISCs and those who have not met the requirements for continuation of their certification
  • Demonstrate the Required Minimum Work Experience: A minimum of 3-years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) of the four (4) CRISC domains is required for certification. Of these two (2) required domains, one (1) must be in either Domain 1 or 2.
  • The work experience must be gained within the 10-year period preceding the application date for certification. Candidates have 5-years from the passing date to apply for certification. There are no substitutions or experience waivers.

It is important to note that many individuals choose to take the CRISC exam prior to meeting the experience requirements. This practice is acceptable and encouraged although the CRISC designation will not be awarded until all requirements are met.

CRISC CPE Policy: English | Chinese Simplified 

Applications for CRISC Exam Passers 2015 and Later