(CRISC-EN-SP) Certified In Risk and Information System Control (7th Edition)



  • From 04 April 2022 to 06 April 2022
  • From 17 October 2022 to 19 October 2022

CRISC® 7th Edition (Certified in Risk and Information System Control)


This 3-Day training prepares the professionals who want to pass the ISACA’s Certified in Risk and Information System Control CRISC® exam. 

The program covers the four key areas covered in the exam: Governance, IT Risk Assessment, Risk Response and Reporting, Information Technology and Security 

The program is aligned on the latest Edition (7th) of the CBK (Common Body of Knowledge) from the ISACA®

CRISC® certification is recognised around the world. 

Educational objectives 

Master the risk management approach according the CRISC®

Apply the best responses strategies to the risks weighing on the information system

Use best risk monitoring practices

Define information system controls

Use best practices to monitor and maintain these controls 


-Candidates must apply for certification within 5 years of having passed the exam. 

-A minimum of 3-year experience of cumulative work experience performing the tasks of a CRISC® professional across at least two of the four CRISC® domains is required for the certification. 

Of these two domains, one must be in either domain 1 or 2. 

-Adhere to the ISACA® code of Professional Ethics 

-Agree to comply with the CRISC® continuing education policy. 


?                Job roles that can benefit from CRISC® training include, but are not limited to:

?                CISO

?                Information Security consultants 

?                Governance Consultants 

?                Cybersecurity Consultants 

?                IT professionals

?                Risk professionals

?                Control professionals

?                Project managers

?                Business analysts

?                Compliance professionals

?                Auditors

?                CRISC®(R) exam candidates and anyone keen to improve their knowledge in the field of risk management and IS control.

?                Participants who have completed an ISO 27005 or ISO 31000 course

?                People working with an ERM (Enterprise Risk Management) framework 


There is no prerequisite to take the CRISC® exam; however, in order to apply for CRISC® certification you must meet the necessary experience requirements as determined by ISACA. 

Participants should have a basic knowledge of the areas to be covered. The course consists of intense preparation for the certification exam. 

English required for the exam.

Course Schedule 

Chapter 1: Governance

-Organizational Strategy, Goals and Objectives

-Organization structure, Roles and Responsibilities

-Organizational Structure

-Policies and Standards

-Business Process Review

-Organization assets

-Enterprise Risk Management and Risk Management Frameworks

-Three Lines of Defence

-Risk Profile

-Risk Appetite, Tolerance and Capacity 

-Legal, Regulatory and Contractual Requirements

Chapter 2: IT Risk Assessment 

-Risk Events

-Threat Modelling and Threat landscape

-Vulnerability and Control Deficiency Analysis

-Risk Scenario Development

-Risk Assessment Concepts, Standards and Frameworks

-Risk Register

-Risk Analysis Methodologies

-Business Impact Analysis

-Inherent, Residual and Current risk 

Chapter 3: Risk Response and Reporting 

-Risk and Control Ownership

-Risk Treatment/Risk Response Options

-Third-party Risk Management

-Issues, Finding and Exception Management

-Management of Emerging risk 

-Control Types, Standards and Frameworks

-Control Design, Selection and Analysis

-Control Implementation

-Control Testing and Effectiveness Evaluation

-Risk Treatment Plans

-Data Collection, Aggregation, Analysis and Validation

-Risk and Control Monitoring Techniques

-Risk and Control Reporting Techniques

-Key Performances Indicators

-Key Risk Indicators

-Key Control Indicators

Chapter 4: Information Technology and Security 

-Enterprise Architecture

-IT Operations Management

-Project Management

-Enterprise Resiliency 

-Data Life Cycle Management

-System Development Life Cycle

-Emerging Trends in Technology

-Information Security Concepts, Frameworks and Standards 

-Information Security Awareness Training

-Data Privacy and Principles of Data Protection


Preparation to the exam 


Multiple Choice Questions (MCQ) like the exam and correction performed together 

Discussion and exchanges, hints and tips to pass the exam. 

Blank Exam.


Registration to be made on the site, the closing of the registration is done 2 months before the date of the examination. 


The exam consists of 150 MCQ that cover the CRISC® job practice domains. 










  • Price1450.00 €
  • Limit date of registration31 December 2021
  • LocationLanzarote (Spain)
  • Minimum enrollment2 participants
  • TermsGeneral conditions of sales


Back Registration