ISACA certifications and training

ISACA began in 1969 as the Information Systems Audit and Control Association, although the group now just uses the acronym as its name. ISACA is one of the premier organizations for information technology (IT) professionals who work in the areas of risk management, information security and enterprise IT oversight.

ISACA consists of 110,000+ members in over 80 countries worldwide, and maintains a thriving online community through its chief website The ISACA website offers a wealth of resources to its members, including webinars, online conferences, and a vast library of downloadable e-books.

Types of certifications

The ISACA certification program currently consists of four unique certifications. All are considered to be advanced-to-expert in difficulty level. Candidates must provide evidence of several years’ work experience in order to qualify for ISACA certification.

ISACA certifications focus on the following industry disciplines:

  • Risk Management
  • IT Governance and Strategic Alignment
  • Information Security Management
  • Auditing and Controlling Information Systems

List of ISACA certifications

Here are the current certifications, with a description of the industry disciplines each designation covers.

  • Certified Information Systems Auditor (CISA) — This certification was created in 1978, and has become one of the most highly recognized designations for information technology auditors. CISA is targeted at IT pros who audit information systems, ensure compliance with industry and government regulations and make recommendations for information system development and operations.
  • Certified Information Security Manager (CISM) — The CISM certification was created in 2002, and has been earned by over 23,000 information security professionals since its inception. CISM covers most aspects of information security systems, including development, deployment and management.
  • Certified in the Governance of Enterprise IT (CGEIT) — CGEIT was launched in 2007, making it a relative newcomer to the ISACA program. The key discipline of the CGEIT certification is the strategic management of enterprise-level IT systems, placing this designation at the IT director and CIO levels.
  • Certified in Risk and Information Systems Control (CRISC) — The CRISC certification, created in 2010, is the newest designation offered by ISACA. CRISC is all about risk and how it concerns information systems, including risk identification, monitoring, response and risk management controls.

Exam information

Unlike many vendor certification programs, ISACA exams are not available year-round. In fact, ISACA exams are only offered twice per calendar year. (The exception is the CISA exam, which is offered three times a year.) Exams are booked online through the ISACA website or by submitting a hard copy registration form.

ISACA exams are taken at official ISACA exam centers. There are over seventy ISACA exam centers in the U.S., and several more in dozens of countries around the world. The CISA and CISM exams are available in multiple languages, while the CGEIT and CRISC exams are only available in English at this time.

ISACA certification exams consist of 150-200 multiple-choice questions, and candidates have four hours in which to complete an exam.

Our Partner Listings