ISACA Opens Grandfathering Program for New CRISC Certification


Rolling Meadows, IL, USA (1 April 2010)—Professionals with eight or more years of IT and business experience can now apply for ISACA’s new Certified in Risk and Information Systems Control (CRISC) designation—without taking an exam—under a grandfathering program. The program, which opened today, is designed to recognize professionals who are highly experienced in the following domains:

· Risk identification, assessment and evaluation

· Risk response

· Risk monitoring

· IS control design and implementation

· IS control monitoring and maintenance

To earn the CRISC (pronounced “see risk”) credential through the grandfathering program, candidates must prove that at least six of the eight years of experience included specific experience performing the responsibilities across all of the five domains. They must also prove at least three years of experience in risk identification, assessment, evaluation, response and monitoring. Candidates must complete an application at and submit an application fee.

The grandfathering program will run from April 2010 through March 2011. The first CRISC exam will be administered in 2011.

“Enterprises around the world are rapidly realizing the importance of monitoring, controlling and benefiting from risk-related activities. The CRISC designation helps provide assurance to employers that professionals who earn it are experienced in identifying and evaluating the risks unique to their specific organization,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “Earning CRISC also helps risk and control professionals demonstrate that they have the proven ability to design, implement, monitor and maintain effective risk-based information systems controls.”

ISACA, a global association of 86,000 IT governance, security, risk and assurance professionals, also administers three other certifications:

· Certified Information Systems Auditor (CISA), earned by 75,000 professionals since it was established in 1978

· Certified Information Security Manager (CISM), earned by 13,000 professionals since its inception in 2002

· Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since 2007

CRISC complements ISACA’s existing certifications:

· CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who identify and manage risk, and design, implement and maintain IS controls.

· CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.

· CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who identify, evaluate and monitor risk and are engaged at an operational level to mitigate risk.

Additional information about ISACA certifications is available at


With more than 86,000 constituents in more than 160 countries, ISACA® ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.


Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,

Note: You are receiving this message because you signed up for ISACA’s news release distribution list. If you wish to be removed from this list, please contact To receive ISACA news via RSS feed, visit