top of page
CRISC | Certified in Risk and Information Systems Control

CRISC | Certified in Risk and Information Systems Control


Globally accepted management-focused certification for professionals with three or more years of experience. This credential demonstrates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.

There are 150 Questions on the exam which must be completed in 4 hours. It is available online via remote proctoring and at in-person testing centers where available.


Audience profile

IT risk management professionals with at least 3 years of relevant professional work experience in IT risk and information systems control including:

  • Security Directors/Managers/Consultants
  • Compliance/Risk/Privacy Directors and Managers
  • IT Audit Directors/Managers/Consultants
  • Compliance/Risk/Control Staff


CPE Overview

To maintain your CRISC, you must earn and report a minimum of 120 CPE hours every 3-year reporting cycle and at least 20 hours annually.

CRISC awards up to 1 hour of CPE for every 1 hour of instructor led training. Online review course earns 15 CPEs and the Virtual Instructor-Led Course (VILT) earns 14 CPEs.


Outline Course

  • Domain 1: IT Risk Identification

Identify the universe of IT risk to contribute to the execution of the IT risk management strategy in support of business objectives and in alignment with the enterprise risk management (ERM) strategy.

  • Domain 2: IT Risk Assessment

Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making.

  • Domain 3: Risk Response Mitigation

Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives.

  • Domain 4: Risk and Control Monitoring and Reporting

Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment to business objectives.


Descargue el temario para conocer el detalle completo de los contenidos.


Debido a las constantes actualizaciones de los contenidos de los cursos por parte del fabricante, el contenido de este temario puede variar con respecto al publicado en el sitio oficial, sin embargo, Netec siempre entregará la versión actualizada de éste.

CRISC | Certified in Risk and Information Systems Control

bottom of page