CRISC is the only credential focused on enterprise IT risk management. It is based on the latest work practices and knowledge to keep certification holders ahead of the game in tackling real-world threats in today’s business landscape. CRISCs are expected to maintain an adequate level of current knowledge and proficiency in risk identification, assessment, evaluation, response, and monitoring and the design, implementation, monitoring, and maintenance of IS controls. CRISCs who successfully comply with the CPE policy will be better trained to assess information systems and technology and provide leadership and value to their organizations.
MY-CPE LLC is approved by NASBA and it offers Continuing Professional Education (CPE) courses for the designation provided by ISACA. ISACA does not require its designation holders to take CPE from an ISACA-approved CPE provider. We are focused on providing quality continuing education content that incorporates the qualified subject areas. Our NASBA-approved CPE courses are authored/reviewed by industry specialists and subject matter experts. All our courses are designed in a way to ensure that courses meet your continuing education requirements.
CERTIFIED IN RISK AND INFORMATION SYSTEM CONTROL (CRISC) CONTINUING EDUCATION PROFESSIONAL REQUIREMENT OVERVIEW
| CPE Requirements | 120 hours for a three-year reporting period, 20 hours annually |
| License Renewal Period | January 15th annually |
| CPE Reporting Cycle | The annual reporting period begins on 1 January of each year. The three-year certification period varies and is indicated on each annual invoice and the letter confirming annual compliance. |
| Ethics Requirement | There is no ethics requirement for CRISC designation holders. |
| Carry Over Credits | No credit may be carried over from excess hours earned during a reporting period. |
All CRISC needs to complete 120 hours of CPE during a 3-year reporting period out of which 20 hours must be completed annually.
There is no ethics requirement for CRISC designation holders.
The Certified in Risk and Information System Control (CRISC) license renewal period ends on January 15th annually.
The annual reporting period begins on 1 January of each year. The three-year certification period varies and is indicated on each annual invoice and on the letter confirming annual compliance.
Save $20 on Auto Renewal
DOMAIN 1—Governance
DOMAIN 2—IT Risk Assessment
DOMAIN 3—Risk Response and Reporting
DOMAIN 4—Information Technology and Security
The following categories of qualifying activities and limits have been approved by the CRISC Certification Committee and are acceptable for CPE:
The annual maintenance fee for CRISC members is $ 45 and CRISC non-members are $ 85.
CLICK HERE for more detailed information on renewal fees.
CRISCs can complete 100% of the total required CPE hours via self-study courses. myCPE provides courses that are eligible for CRISC Credit hours. Please CLICK HERE to visit more qualifying webinars on CRISC.
CRISC members who fail to comply with the CRISC CPE Policy will have their CRISC credential revoked and will no longer be allowed to present themselves as a CRISC. Individuals who have their CRISC certification revoked will be required to take and pass the CRISC exam and submit a completed application for CRISC certification.
For newly certified CRISCs, the annual and three-year certification period begins on 1 January of the year following certification. Reporting CPE hours attained during the year of certification is not required. However, hours attained between the date of certification and December 31 of that year can be used and reported as hours earned in the initial reporting period.
A CRISC must obtain and maintain documentation supporting reported CPE activities. Documentation should be retained for twelve months following the end of each three-year reporting cycle. Documentation should be in the form of a letter, certificate of completion, attendance roster, Verification of Attendance form, or other independent attestation of completion. At a minimum, each record should include the name of the attendee, name of the sponsoring organization, activity title, activity description, activity date, and the number of CPE hours awarded or claimed.
Retired CRISC Status
CRISC members are entitled to apply for retired CRISC status if over 55 years of age and permanently retired from the CRISC profession, or unable to perform the duties of an IS audit, control, or security professional because of permanent disability. CRISCs granted this status are no longer required to obtain CPE hours.
Non-practicing CRISC Status
CRISC professionals who are no longer working in risk identification, assessment, evaluation, response, and monitoring and in the design, implementation, monitoring, and maintenance of IS controls are entitled to apply for non-practicing CRISC status. Requests for the non-practicing status must be received by ISACA no later than 15 January and accompanied by your annual renewal. CRISCs granted this status are not required to obtain CPE hours but are required to pay the annual maintenance fee. Once the individual has returned to the profession, they are required to return to active status.
myCPE provides courses that are approved for continuing education credits by NASBA. Based on the guidelines issued by these boards regarding Continuing Education Requirements, we recommend the programs/ webinars be suitable for CRISC Professionals for the content specified in each webinar. However, it will be the responsibility of each attendee to ensure that they are eligible for the Continuing Education Credits based on their occupation/ job profile, knowledge requirements as well as guidelines laid down by their regulatory board before registering for the webinars.
CLICK HERE to view the ISACA website for credit requirements for CRISC professionals.
