Certified in Risk and Information Systems Control (CRISC)

What is CRISC?

Introduced in 2010, The Certified in Risk and Information Systems Control certification (CRISC), pronounced “see-risk,” is intended to recognize a wide range of IT and business professionals for their knowledge of enterprise risk and their ability to design, implement and maintain information system (IS) controls to mitigate such risk. CRISC is based on independent market research and input from thousands of subject matter experts from around the world as well as ISACA’s intellectual property including Risk IT and COBIT 4.1. Those who earn the CRISC designation help enterprises benefit from the rising business demands for IT professionals who understand business risk and have the technical knowledge to implement appropriate IS controls.

Designed Exclusively for IT Professionals

The Certified in Risk and Information Systems Control™ certification (CRISC™, pronounced “see-risk”) is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance. The CRISC designation will not only certify professionals who have knowledge and experience identifying and evaluating entity-specific risk, but also aid them in helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.

Get Global Recognition

A growing number of organizations are requiring or recommending that employees become certified.

Apply Under Grandfathering

Professionals with 8 or more years of IT and business experience can now earn ISACA’s new CRISC designation under its grandfathering program.

Who Earns CRISC Certification?

CRISC is for IT and business professionals who are engaged at an operational level to mitigate risk and who have job experience in the following areas:

  • Risk identification, assessment and evaluation
  • Risk response
  • Risk monitoring
  • IS control design and implementation
  • IS control monitoring and maintenance


CRISC demonstrates proven experience: Employers can be assured that CRISC-certified professionals have the proven experience and knowledge to help enterprises accomplish business objectives such as:

  • Effective and efficient operations
  • Designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls
  • Compliance with regulatory requirements
  • CRISC enhances your professional recognition:
    In business today, risk plays a critical role. Almost every business decision requires IT and business professionals to balance risk and reward. A CRISC designation will differentiate you with employers, clients and peers for your knowledge in designing, implementing and maintaining information systems controls to mitigate risk.