The ISACA reference credential for IT risk. Four domains bridging business risk to IS controls. The natural complement to CISA and to ISO 31000 / 27005 for the ISACA vocabulary.
For
Honest call
We'd rather you keep your money than buy the wrong path.
Outcomes
Public sessions
Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.
No confirmed live cohort right now. You can still:
FAQ
Different markets and different methodology layers. CRISC is the ISACA credential, IT-and-IS focused, recognised internationally in Big Four engagements, banking and audit-room contexts. ISO 31000 Lead Risk Manager is the PECB credential on the ISO 31000 standard, applicable to enterprise risk broadly (operational, financial, strategic, supply-chain), not just IT.
Many practitioners hold both: CRISC for the ISACA vocabulary their audit team uses, ISO 31000 Lead Risk Manager for the framework their enterprise-risk programme is built on. If you can only do one, CRISC if you work in IT risk, ISO 31000 Lead Risk Manager if you work in enterprise risk.
Four hours, 150 multiple-choice questions, scoring 200 to 800, passing mark 450. Computer-based at a PSI testing centre. Identical format to CISA and CISM.
Three years of cumulative work experience in IT risk management and information-systems control across at least two of the four CRISC domains (governance, IT risk assessment, risk response and reporting, information technology and security). No substitutions are accepted for this requirement.
The 2021 CRISC syllabus refresh added some references to emerging tech risk, but AI-specific risk is not the focus. For AI risk specifically, ISACA released AAIR (Advanced in AI Risk) in 2024 as an advanced add-on that builds on CRISC fundamentals.
Taught by a practicing CISO. Prices shown up front. Certified or refunded.