The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

ISACA Opens Grandfathering Program for New CRISC Certification

ROLLING MEADOWS, Ill. -- Professionals with eight or more years of IT and business experience can now apply for ISACA’s new Certified in Risk and Information Systems Control (CRISC) designation—without taking an exam—under a grandfathering program. The program, which opened today, is designed to recognize professionals who are highly experienced in the following domains:

“Earning CRISC also helps risk and control professionals demonstrate that they have the proven ability to design, implement, monitor and maintain effective risk-based information systems controls.”

  • Risk identification, assessment and evaluation
  • Risk response
  • Risk monitoring
  • IS control design and implementation
  • IS control monitoring and maintenance

To earn the CRISC (pronounced “see risk”) credential through the grandfathering program, candidates must prove that at least six of the eight years of experience included specific experience performing the responsibilities across all of the five domains. They must also prove at least three years of experience in risk identification, assessment, evaluation, response and monitoring. Candidates must complete an application at and submit an application fee.

The grandfathering program will run from April 2010 through March 2011. The first CRISC exam will be administered in 2011.

ISACA, a global association of 86,000 IT governance, security, risk and assurance professionals, also administers three other certifications:

  • Certified Information Systems Auditor (CISA), earned by 75,000 professionals since 1978
  • Certified Information Security Manager (CISM), earned by 13,000 professionals since 2002
  • Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since 2007

CRISC complements ISACA’s existing certifications:

  • CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who identify and manage risk, and design, implement and maintain IS controls.
  • CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
  • CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who identify, evaluate and monitor risk and are engaged at an operational level to mitigate risk.

Additional information about ISACA certifications is available at


With 86,000 constituents in 160 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance.