Introduction to the CRISC exam
- About the CRISC certification
- Exam structure, scoring, and preparation strategies
Domain 1 – Governance
- Strategy, goals, and objectives
- Organisational structure, culture, ethics, and accountability
- Risk appetite, tolerance, and enterprise risk frameworks
- Policies, standards, legal and regulatory requirements
- Maintaining risk registers and profiles
- Stakeholder communication and reporting
Domain 2 – Risk assessment
- Risk event identification and threat modelling
- Vulnerability management and scenario development
- Business impact analysis and residual risk evaluation
- Risk analysis methodologies and risk register updates
- Promoting a risk-aware culture through awareness and training
Domain 3 – Risk response and reporting
- Risk response options and treatment planning
- Control design, selection, and implementation
- Issue, finding, and exception management
- Vendor and supply chain risk management
- Monitoring and analysing KPIs, KRIs, and KCIs
- Reporting emerging risks to stakeholders
Domain 4 – Technology and security
- Technology roadmaps and enterprise architecture
- IT operations, lifecycle management, and disaster recovery
- Security frameworks, standards, and awareness training
- Data lifecycle management, privacy, and protection
- Emerging technologies and their risk implications
Exam readiness
- Mock exam review
- Time management and test-taking strategies
Exams and Assessments
This course prepares learners for the CRISC exam. The exam is booked separately via ISACA and delivered online. It consists of 150 multiple-choice questions over four hours. A passing score of 450 (out of 800) is required. Practice questions and mock tests are included during the course.
CRSIC exam changes from 3rd Nov 2025, the four CRISC domains remain the same, but the distribution of the exam content will slightly change to the following:
Domain 1: Governance (26 percent)
Domain 2: Risk Assessment (22 percent, compared to 20 percent previously)
Domain 3: Risk Response and Reporting (32 percent)
Domain 4: Technology and Security (20 percent, compared to 22 percent previously)
Hands-On Learning
Learners will engage in:
- Scenario-based group exercises and tabletop simulations
- Risk register development and analysis workshops
- Mock exam practice with guided review from instructors
- Case studies reflecting real-world enterprise risk challenges
Product Access Change
Important Update to ISACA Product Access Periods
Effective 16 April 2026, ISACA is changing product access times from 12-months to 6-months across Exams, QAE, Online Review Courses, non-sponsored Webinars, and Virtual Workshops.
Access periods will change from 12 months to 6 months, as outlined below.
How the New Access Windows Work
- 1. Assignment & Redemption Window: Products must be assigned and redeemed within 6 months of the purchase date.
- 2. Access & Completion Window: Once redeemed, learners will have 6 months of access to use the product. This includes - Accessing learning content, Scheduling exams, Sitting exams (where applicable).
What This Means for You as a Learner
- Review Manuals – Learners will continue to have longterm access
- QAE Databases & Online Review Courses – Available for 6 months after redemption
- Exams – Must be scheduled and completed within 6 months of redemption
- We recommend redeeming products promptly and planning your study and exam schedule early to make the most of your access period.