CRISC: Certified in Risk & Information Systems Control

What will you master?

  • Hands-on Risk Modelling: Build and analyse risk registers using actual industry caselets instead of just reading slides.
  • Interactive Cognitive Learning: Retain complex concepts faster with quizzes & group activities.
  • Expert-Led Mentorship: Learn directly from subject matter experts who bring real industry experience.
  • Post-Training Support: We don’t stop at the last session. Get personalized guidance and doubt-clearing support until the day you are certified.
Enquire Now

Program Highlights

Bridge the gap between IT risk and enterprise resilience. Our Certified in Risk and Information System Control (CRISC 2025) program, aligned with the latest 8th Edition, is built for leaders who don’t just identify risks—they master them. Gain the technical authority to design, implement, and govern information security controls that protect your organization’s future.

  • 32-Hour LIVE Instructor-Led Training
  • Immersive Learning
  • Highly Interactive and Dynamic Sessions
  • 90% Exam Pass Rate
  • Experienced Industry Experts
  • Post Training Support

About the Course:

Elevate from IT Specialist to Risk Strategist.

Our CRISC 2025 cohort offers a rigorous, 8th Edition deep-dive into the heart of enterprise resilience. We focus on the ‘How-To’—enabling you to quantify and mitigate complex business risks with precision.

Join a global network of professionals who are redefining risk management and safeguarding the future of world-class financial and tech institutions.

Course Curriculum

Download Syllabus
  • Domain 1: Governance 26%
    • Part A: Organizational Governance
      • Strategy, Goals, and Objectives
      • Organizational Structure, Roles, and Responsibilities
      • Organizational Culture and Ethics
      • Policies and Standards
      • Business Processes and Resilience
      • Organizational Asset Management
    • Part B: Risk Governance
      • Enterprise Risk Management
      • Lines of Defence
      • Risk Profile
      • Risk Appetite and Risk Tolerance
      • Risk Frameworks, Legal, Regulatory, and Contractual Requirements
  • Domain 2: IT Risk Assessment 22%
    • Part A: Risk Identification
      • Risk Events
      • Threat Modeling and Threat Landscape
      • Vulnerability Management
      • Risk Scenario Development and Evaluation
    • Part B: Risk Analysis
      • Risk Assessment Concepts and Standards
      • Business Impact Analysis (BIA)
      • Risk Register
      • Risk Analysis Methodologies
      • Inherent, Residual, and Current Risk
  • Domain 3: Risk Response and Reporting 32%
    • Part A: Risk Response
      • Risk Response Options
      • Risk and Control Ownership
      • Vendor/Supply Chain Risk Management
      • Issues, Findings, Exceptions, and Exemptions Management
    • Part B: Control Design and Implementation
      • Control Frameworks, Types, and Standards
      • Control Design, Selection, Implementation, and Analysis
      • Control Testing Methodologies
    • Part C: Risk Monitoring and Reporting
      • Risk Action Plans
      • Data Collection, Aggregation, Analysis, and Validation
      • Risk and Control Metrics
      • Risk and Control Monitoring and Reporting Techniques
      • Monitoring and Reporting of Emerging Risks
  • Domain 4 : Information Technology and Security 20%
    • Part A: Information Technology Principles
      • Technology Roadmaps and Enterprise Architecture (EA)
      • Operations Management
      • System Development Life Cycle (SDLC)
      • Data Lifecycle Management
      • Portfolio and Project Management
      • Technology Resilience and Disaster Response/Recovery
      • Emerging Technologies
    • Part B: Information Security Principles
      • Security Concepts, Frameworks, and Standards
      • Security/Risk Awareness and Training
      • Data Privacy and Data Protection Principles

Target Audience:

  • CEOs/CFOs
  • Chief Audit Executives
  • Audit Partners/Heads
  • CIOs/CISOs
  • Chief Compliance/Privacy/Risk Officers
  • Security Managers/Directors/Consultants
  • IT Directors/Managers/Consultants
  • Audit Directors/Managers/Consultant

Pre-Requisites

  • A minimum 3 years of work experience across at least two of the four CRISC domains.
  • Pass the CRISC Exam within the last five years.

Exam Details

Certification : Certified in Risk and Information Systems Control

Exam Duration : 240 minutes

Number of Questions : 150

Exam Pattern : Multiple Choice

Passing Marks : 450 out of 800

Ready to transform your career?

Contact Us