CRISC
The CRISC course covers the four areas of the CRISC
Fondamental
4
jours
Certifying
Présentiel, Virtuel
ITTA offers an ISACA CRISC catalogue dedicated to IT risk management. The Certified in Risk and Information Systems Control (CRISC) course prepares for the ISACA exam and covers IT risk governance, risk assessment, risk response, and control monitoring. Audience: IT risk managers, CISOs, risk-focused IS auditors, GRC profiles, ERM consultants, internal controllers. Sessions delivered in Geneva, Lausanne and interactive virtual classroom.
FILTER BY
- Domains
- Editors
- Location
- Format
- Level
- Certifying
- Confirmed training
The CRISC course covers the four areas of the CRISC
Certifying
CRISC (Certified in Risk and Information Systems Control) is the ISACA certification dedicated to profiles steering IT risk in organisations. Launched in 2010, it gradually gained notoriety to become one of the reference certifications on IT risk management, alongside CISA (IS audit) and CISM (security management). It is issued by ISACA (Information Systems Audit and Control Association), the international association founded in 1969 that also maintains the COBIT IS governance framework.
In 2026, several factors drive CRISC demand. The regulatory environment imposes a structured approach to IT risk, notably via DORA for the European and Swiss financial sector, NIS2 for essential operator resilience, the AI Act for AI uses, and nFADP on the Swiss side. GRC (Governance, Risk and Compliance) functions are actively recruiting, and CRISC-certified profiles are demanded in banking, insurance, public sector, healthcare, and at consulting firms.
Our CRISC course at ITTA:
The course prepares for the ISACA CRISC exam and covers the four official domains: IT risk governance, IT risk assessment, risk response and reporting, information technology and security. It combines theory, practical cases and exam question exercises, in an intensive format calibrated for active professionals.
This first domain sets the foundations: risk appetite, risk tolerance, alignment of IT risk with enterprise strategy, governance structures, roles and responsibilities. This domain anchors CRISC in a business vision of IT risk and distinguishes it from a purely technical approach.
Identification, analysis and evaluation of IT risks. Analysis methodologies (qualitative, quantitative, semi-quantitative), asset mapping, threat modelling, vulnerability assessment, risk scenarios. This domain concretely equips risk managers to produce an actionable mapping.
Choice of response strategies (acceptance, mitigation, transfer, avoidance), control design and implementation, control effectiveness monitoring, reporting to governance bodies. Reporting has become a major topic with reinforced regulatory requirements.
Technical understanding of underlying technologies: IS architecture, access management, system lifecycle, infrastructure security, cloud, business continuity. This domain ensures risk managers do not settle for an abstract methodological approach but understand what they assess.
CRISC positions itself alongside other ISACA certifications. CISA targets IS audit (audit firms, IT internal audit). CISM targets security management (CISO, security team manager). CGEIT targets executive-level IT governance. CRISC specifically targets IT risk management and GRC functions. For complete GRC profiles, the CISA + CISM + CRISC triptych is frequent among senior consultants. For governance with COBIT, see the ISACA COBIT publisher, and for other ISACA certifications see ISACA (root).
Our CRISC audience is precise. We meet IT risk managers in banking or insurance needing to formalise their approach according to a recognised framework, CISOs seeking to add a structured risk competency to their portfolio (often complementing CISM), IS auditors on risk missions wanting a specialised certification beyond CISA, GRC consultants in firms (Big Four notably) responding to tenders requiring CRISC profiles, IT-oriented internal controllers, and operational risk officers extending their scope to IT risk.
CRISC fits in a broader landscape covered by our audit, security and compliance catalogue. The audit and cybersecurity sub-domain regroups all associated training. The ISACA publisher covers CISA and CISM, complementary to CRISC for profiles aiming at a multi-certification portfolio. The ISACA COBIT publisher brings the detailed governance dimension. For technical cybersecurity certifications, CompTIA offers Security+, CySA+, PenTest+, CASP+. For ISC2 security certifications, see ISC2 CISSP.
The CISM + CRISC combo is frequent for CISOs wanting to add a structured risk dimension to their security management function. CRISC brings the vocabulary and method to dialogue with operational risk and risk direction.
If you come from operational risk (banking, insurance) and need to extend your scope to IT risk, CRISC is well suited. The certification gives you IT vocabulary and methods to integrate this risk into your global mapping.
CRISC adds an IT risk specialisation signal to your profile, useful for GRC missions at regulated clients. Combined with CISA, it covers audit and risk management coherently.
Several trends shape IT risk professions in 2026. DORA has become central for European and Swiss financial institutions, with strict requirements on operational resilience, third-party risk management and incident reporting. NIS2 extends requirements to essential service operators. The AI Act introduces a risk-based approach for AI systems. nFADP on the Swiss side aligns data protection practices with GDPR. These evolutions multiply needs for certified profiles able to structure IT risk management.
Generative AI also enters the risk management scope: new risks (hallucinations, data leaks via prompts, biases, model governance), new methods (assistants for risk analysis, automated scenario generation). CRISC progressively integrates these dimensions, and ITTA sessions discuss them concretely with current examples.
Our CRISC sessions are scheduled in Geneva, Lausanne and in interactive virtual classroom with a live trainer. The format is intensive, with a significant part dedicated to exam question exercises. ISACA exam registration modalities are communicated in advance by our education team. For organisations wanting to certify several collaborators simultaneously (risk teams, CISOs, GRC, internal audit, consulting), in-house format is well suited and allows orienting examples on your sector.
CRISC or CISM if I am a CISO?
Both are complementary. CISM is broader on security management. CRISC is sharper on IT risk. For a CISO, CISM first is often recommended, CRISC as complement to add the structured risk dimension.
Do I need prior experience to take the exam?
The professional experience ISACA requires to validate the certification (generally three years in IT risk or IS control) is not mandatory to take the exam. You can take the exam earlier and validate experience afterwards. Validation conditions are managed directly by ISACA.
Is the exam in French or English?
The CRISC exam is available in several languages, including English. The choice is made at registration. Our course can be delivered in French in Geneva and Lausanne with assumed bilingual vocabulary on official ISACA technical terms.
How much preparation time should I plan?
In addition to the ITTA intensive session, plan structured personal preparation time. Duration varies according to prior experience. Our trainer shares resources and tips to structure this preparation at session end.
ITTA offers a coherent audit, security and risk catalogue from ISACA certifications (CISA, CISM, CRISC, COBIT) to CompTIA and ISC2, covering the full audit, security management, IT risk and technical cybersecurity spectrum. This continuity allows addressing a complete trajectory. Our CRISC trainers are consultants and risk managers active on real missions in French-speaking Switzerland, with strong anchoring in Swiss (FINMA, nFADP) and European (DORA, NIS2, AI Act, GDPR) regulatory contexts. Sessions available in Geneva, Lausanne and interactive virtual classroom, in-house and inter-company.
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.