More than 18,000 people have earned the Certified in Risk and Information Systems Control (CRISC) credential. This certification identifies IT professionals who are responsible for implementing enterprise-wide information risk management programs.
The CRISC exam has 4 domains, which are important in determining eligibility for the cert:
Domain 1—IT Risk Identification (27%)
Domain 2—IT Risk Assessment (28%)
Domain 3—Risk Response and Mitigation (23%)
Domain 4—Risk and Control Monitoring and Reporting (22%)
To achieve the CRISC certification, you must pass a 150-question exam, then provide proof of work experience (a minimum of 3 years of cumulative, professional-level risk management and control, and perform the tasks of at least two CRISC domains), and complete the application.
Unlike other ISACA certifications, you can't substitute education or other certifications for the work experience requirement. ISACA gives you up to 10 years to gain experience after applying for certification or five years from the date you passed the exam.