CRISC Frequently Asked Questions (FAQ) [updated 2022]

Daniel Brecht
January 5, 2022 by
Daniel Brecht

ISACA's Certified in Risk and Information Systems Control (CRISC) certification is a great option for mid-career IT/IS audit, risk and security professionals looking for a way to validate their enterprise IT risk management knowledge and abilities. If you're planning to get CRISC certified, here are some commonly asked questions that you may wish to answer if you consider this designation. This information includes information across all of the test's subject areas, scheduling a testing appointment after payment of exam registration fees, on to the examination cost, pass/fail scores and how to keep your certification valid.

Your roadmap to becoming CRISC certified starts here with this article that contains quick facts on how to plan for your exam, register, prepare for and maintain this certification.

Earn your CRISC certification, guaranteed!

Earn your CRISC certification, guaranteed!

Enroll in a CRISC Boot Camp and earn one of the highest paying industry certifications — guaranteed.

Exam registration and scheduling

Before registering for an exam, candidates must first have an ISACA profile, which can be created online here. Registration to the CRISC exam can only be accomplished through this electronic procedure.

Once you have registered and paid for the exam in full, you will receive a notification by email that you are eligible to schedule your testing appointment. From the registration date, you have 12 months (365 days) to take your exam. View the Exam Scheduling Guide for step-by-step help. Note: if you cannot take the test during the 365-day eligibility period, you will forfeit your exam fees.

Most ISACA exams are now administered all year round in what is known as Continuous Testing; this means candidates may register for the CRISC test whenever they are ready to sit for the examination within their 365-day window. Candidates can schedule a testing appointment as early as 48 hours after paying the exam registration fees.

How much does it cost to take the CRISC exam?

Exam fees are based on membership status at the time of exam registration.

  • ISACA Member: $575
  • ISACA Nonmember: $760

ISACA members not only receive a discount of $185 on their exam registration for CRISC but also have access to additional offers on study materials, online courses, training and conferences as benefits of membership:

  • Discounts of 25% off the non-member rate on CRISC exam registrations
  • Discounts of up to 20-30% off non-member rates on CRISC exam preparation material

Testing and examination

The CRISC computer-based exam is administered at authorized PSI testing centers globally. Test center availability is on a first-come, first-serve basis; the available dates and times will be shown when you schedule your examination.

ISACA has now made the CRISC certification exam available online with remotely proctored options through ISACA's exam vendor PSI. This provides test-takers flexibility and convenience at a time when public health concerns related to the COVID-19 global pandemic have impeded traditional testing methods. There is no additional cost.

The ISACA Certification Exams Candidate Guide provides everything required to prepare for and take a CRISC test. Before opting for remote testing, ensure your computer meets all requirements.

How is the exam scored?

ISACA uses a 200-800 standard point scale with 450 as the passing mark for its CRISC exam. Here's a breakdown of exam scores:

  • The scaled 450 or higher passing score represents the minimum consistent standard of knowledge as established by ISACA's certification working groups.
  • A score of 800 represents a perfect score with all questions answered correctly.
  • A score of 200 represents the lowest score possible and signifies only a small number of questions were answered correctly.

When will I receive my exam results?

Testers can view their preliminary result (pass or not pass) on the screen immediately following the completion of the exam. The official score is released within10 business days. Exam results are provided two ways:

  • Email notification (encrypted) — sent to the email address listed on your profile
  • Online results — available on your ISACA Profile

Why should I take the CRISC certification?

If you are a mid-career professional focusing on IT and cyber risk and control, the CRISC can validate your skills and knowledge. This certification can provide a competitive edge in your job search and help your career advancement within your organization.  

CRISC employees can:

  • Act as a resource for users and management to learn about the overall impact and potential dangers that IT risks present to the enterprise
  • Assure the development of effective plans to mitigate risk to IT infrastructure and systems
  • Ensure the policies and procedures of the organization reflect an understanding of IT risk

What are the four domains on the CRISC exam?

ISACA's exam was recently revised (August 2021). The new domains covered are as follows:

  • Domain 1: Governance (26%)
  • Domain 2: IT Risk Assessment (20%)
  • Domain 3: Risk Response and Reporting (32%)
  • Domain 4: Information Technology and Security (22%)

A full breakdown of the key domains, subtopics and associated tasks candidates will be tested on can be found in the CRISC exam content outline that was updated to reflect changes in IT risk professionals' work practices.

How applicants become fully certified

Successful candidates who pass the exam can apply for certification to become CRISC certified if all other requirements have been met. Professionals need to also demonstrate three or more years of experience in IT risk management and IS control.

The application processing fee is $50 for members and non-members and is a one-time, non-refundable payment. Candidates need to apply within five years of having passed the exam.

Maintaining your certification

The CRISC Continuing Professional Education (CPE) policy requires certification holders to collect CPE hours over an annual and three-year period to maintain their certification. ISACA offers many CPE opportunities for professionals to help them demonstrate their commitment to continuing knowledge growth.

Here's the list of requirements to keep certification active status:

  • Completing the minimum number of CPE hours (20 CPE hours annually and 120 CPE hours over three years). This requirement is in place to ensure all CRISCs maintain an adequate level of current knowledge and proficiency in the field
  • Providing the required documentation of CPE activities if audited
  • Adhering to the ISACA's Code of Professional Ethics
  • Paying the annual maintenance fee ($45 for members, $85 for non-members) to retain active status

Note: your first maintenance fee will be due by January 1 of the calendar year following the day when you became certified.

Earn your CRISC certification, guaranteed!

Earn your CRISC certification, guaranteed!

Enroll in a CRISC Boot Camp and earn one of the highest paying industry certifications — guaranteed.

The value of adding a CRISC credential

This article has reviewed some of the CRISC exam details and processes and covers common questions that tend to recur by interested certification candidates.

This is the only credential focused on professionals in positions that carry out IT risk management (ITRM) through the development, implementation and maintenance of appropriate information systems (IS) controls and using governance best practices and continuous risk monitoring and reporting.

Earning this certification will validate professionals as IT risk experts for any organization and capable of tackling real-world threats in today's business landscape. This credential also proves that their skills and knowledge are always up to date and relevant thanks to a challenging test, stringent requirements that allow for no work experience waivers or substitutions and a rigorous maintenance program.



Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.