Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology or business experience, with a minimum of three years work experience in at least three CRISC domains.
The intent of the certification is to provide a common body of knowledge for information technology/systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.
The CRISC requires demonstrated knowledge in five functional areas or ‘domains’ of IT risk management:
- Risk identification, assessment and evaluation
- Risk response
- Risk monitoring
- Information systems control, design and implementation
- IS control, monitoring and maintenance