ITTA offers an ISACA catalogue focused on information audit, security and governance. Two flagship certifications: CISA (Certified Information Systems Auditor) for IS auditors and CISM (Certified Information Security Manager) for security managers. Courses prepare for the international ISACA exams and cover the five CISA domains and four CISM domains. Audience: IS auditors, CISOs, compliance officers, risk & cyber consultants. Sessions delivered in Geneva, Lausanne and interactive virtual classroom.
FILTER BY
- Domains
- Editors
- Location
- Format
- Level
- Certifying
- Confirmed training
Earn your CISA certification and become an expert in IT audit. Complete training designed for your success
Certifying
Get your Certified Information Security Manager (CISM) certification. Complete training in risk management and information security.
Certifying
ISACA (Information Systems Audit and Control Association) is an international association founded in 1969 that develops and maintains several globally recognised professional certifications in audit, security and information governance. Its best-known certifications are CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in the Governance of Enterprise IT) and the COBIT framework for IS governance. ISACA certifications are among the most in-demand on the IS audit, risk management and cybersecurity leadership market.
In French-speaking Switzerland, demand for these certifications is sustained in banking, insurance, public sector, healthcare and at consulting and audit firms (Big Four leading). The Swiss regulatory context (FINMA, OBA, nFADP) and European (GDPR, DORA, NIS2) reinforces the need for CISA-certified profiles for IS audit missions, and CISM for Chief Information Security Officer (CISO) functions.
Our ISACA catalogue at ITTA:
For the COBIT framework specifically (IS governance), see the dedicated ISACA COBIT publisher.
CISA is the ISACA information systems audit certification, launched in 1978. It is widely demanded in IS internal audit functions, IS internal control, external audit (Big Four, local firms), compliance, IT risk. The certification covers five domains: information systems audit process, governance and management of IT, information systems acquisition, development and implementation, IT operations and business resilience, protection of information assets. Our CISA course prepares for the ISACA exam, focused on audit methodology, key concepts and exam-type questions. The format is intensive and combines theory, practical cases and exam question exercises. The professional experience conditions to validate the certification are managed separately by ISACA after passing the exam.
CISM is the ISACA certification oriented to information security management, launched in 2002. It is positioned on security leadership functions (CISO, cybersecurity manager, security team manager) more than on pure technique (the technical counterpart typically being CISSP from ISC2). The certification covers four domains: information security governance, information risk management, information security programme, security incident management. Our CISM course prepares for the ISACA exam, emphasising managerial perspective, business dimension and translation of technical stakes into organisational stakes. Experience conditions to validate the certification are managed by ISACA.
ISACA offers several complementary certifications, which can be confusing. CISA targets IS audit (audit firm, IT internal audit). CISM targets security management (CISO, cyber manager, security team lead). CRISC targets IT risk management (IT risk officer, ERM, GRC). CGEIT targets executive-level IT governance (CIO, risk direction, audit committee). COBIT is not a personal certification in the same sense, but a governance framework that CISA, CISM, CRISC and CGEIT profiles leverage in their practice.
The choice depends on your target role. For an IT auditor in firm or internal, CISA is the natural path. For a CISO or aspiring CISO, CISM (possibly with CISSP as complement). For an IT risk profile, CRISC is well suited. For a senior IT executive profile oriented governance, CGEIT. Our course addresses this positioning at the session start to help choose if several trajectories are considered.
ISACA fits into a broader landscape covered by our audit, security and compliance catalogue. The audit and cybersecurity sub-domain regroups all audit and security training. For the governance dimension with COBIT specifically, see the ISACA COBIT publisher. For complementary technical cybersecurity certifications, the CompTIA publisher offers Security+, CySA+, PenTest+, CASP+. For ISC2 security certifications (CISSP, CCSP), see ISC2 CISSP.
For Swiss and European regulatory contexts (GDPR, nFADP, FINMA, NIS2, DORA), thematic sessions can be organised as complement. For more operational profiles in incident management, threat intel or pentest, the ethical hacking sub-domain offers complementary training.
CISA is the reference certification in your profession. It brings a recognised competency signal to employers (Big Four and local audit firms, internal audit of large organisations) and formalises your IS audit methodology on the five domains covered by ISACA.
CISM is positioned on security leadership functions, with a management rather than technical angle. It is the certification most aligned with CISO functions in French-speaking Switzerland. It can be combined with CISSP (ISC2) to add a solid technical dimension.
The CISA + CISM combination (and possibly CRISC) is a frequent stack among senior consultants in firms or independents, covering audit, security management and IT risk. Big Four and security consulting profiles value this versatility.
Several trends shape ISACA professions in 2026. Regulatory evolution is dense: DORA (Digital Operational Resilience Act) for the European and Swiss financial sector, NIS2 for essential operator resilience, AI Act for AI, nFADP for Swiss data protection, GDPR on the EU side for cross-border organisations. CISA and CISM progressively integrate these regulatory dimensions in their programmes. Generative AI enters the audit landscape (assistants for documentation, log analysis, anomaly detection) and security (augmented SOCs, cyber copilots, policy generation), with specific questions on AI governance in companies (which call CGEIT and COBIT). Operational resilience (continuity, incident response, crisis management) has become a central topic, integrated into CISM. On cloud, ISACA certifications take into account cloud-specific stakes (shared responsibility, third-party access, multi-provider compliance).
Our ISACA sessions (CISA and CISM) are scheduled in Geneva, Lausanne and in interactive virtual classroom with a live trainer. The course is intensive, with a significant part dedicated to exam question exercises. ISACA exam registration modalities (fees, schedule, online or centre format) are communicated in advance by our education team. For organisations wanting to certify several collaborators simultaneously (Big Four, internal audit departments, CISOs, risk & compliance teams, consulting), in-house format is well suited and allows orienting examples on your sector (banking, insurance, public, healthcare, industry).
Do I need the experience required by ISACA before taking the exam?
Professional experience (generally five years in the field for CISA and CISM) is necessary to validate the certification but not necessarily to take the exam. You can take the exam earlier and validate experience afterwards. Our course prepares for the exam; validation conditions are managed directly by ISACA after passing.
Is the ISACA exam in French or English?
The CISA and CISM exam is available in several languages, including French and English. The choice is made at registration. Our course can be delivered in French in Geneva and Lausanne, with assumed bilingual vocabulary on the official ISACA technical terms.
CISA or CISM first?
It depends on your current or target role. CISA if you are an IT auditor or aspire to become one. CISM if you are a CISO or aspire to a security leadership role. The two certifications share part of their corpus (governance, risk, control), facilitating chaining.
How much preparation time should I plan?
In addition to the ITTA intensive course session, plan structured personal preparation time. Duration varies according to prior experience and familiarity with the covered concepts. Our trainer shares at session end the resources and tips to structure this preparation.
ITTA offers a coherent audit and security catalogue from ISACA certifications (CISA, CISM, COBIT) to CompTIA (Security+, CySA+) and ISC2 (CISSP), covering the full audit, management and technical cybersecurity spectrum. This continuity allows addressing a complete trajectory. Our ISACA trainers are consultants and auditors active on IS audit and security management missions in French-speaking Switzerland, with strong anchoring in the Swiss regulatory context (FINMA, nFADP) and European (GDPR, DORA, NIS2). Sessions available in Geneva, Lausanne and interactive virtual classroom, in-house and inter-company.
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
