Version 04.

23
 ISACA Certification Exams
Candidate Guide

Table of Contents
Candidate Guide Overview ......................................................................................................... 1
Section I: Introduction................................................................................................................. 2
1.1 - ISACA Overview and Code of Ethics ................................................................................. 2
1.2 - ISACA Certification Program Summary ............................................................................. 4
Section II: Exam Registration and Scheduling .......................................................................... 6
2.1 - Before You Register .......................................................................................................... 6
2.2 - Registering for the Exam ................................................................................................... 6
2.3 - Scheduling the Exam Appointment ................................................................................... 9
Section III - Exam Preparation .................................................................................................. 10
3.1 - Getting Ready for the Exam ............................................................................................ 10
3.2 - Exam Day Rules.............................................................................................................. 12
3.3 - Exam Administration ....................................................................................................... 14
Section IV - After the Exam ....................................................................................................... 15
4.1 - Exam Scoring .................................................................................................................. 15
4.2 - Retake Policy .................................................................................................................. 16
4.3 - Post Exam Feedback ...................................................................................................... 16
4.4 - Certification ..................................................................................................................... 17

® 2022 ISACA. All Rights Reserved.

 ISACA Certification Exams
Candidate Guide

Candidate Guide Overview

Review this guide thoroughly, it contains important details ISACA Exam Candidates need to
know before exam day administration including scheduling information, exam eligibility and
exam day rules.
This guide provides candidates with everything required to prepare for and take an ISACA certification
exam and is separated into four (4) major sections outlined below.
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified in Governance of Enterprise IT (CGEIT)
• Certified Data Privacy Solutions Engineer (CDPSE)

1
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

Section I: Introduction
Section Topic Page
1.1 ISACA Overview and Code of Ethics 2
1.2 ISACA Certification Programs Summary 4

1.1 - ISACA Overview and Code of Ethics

ISACA is a pace-setting, global association helping individuals and
enterprises achieve the positive potential of technology.
ISACA equips professionals with the knowledge, credentials, education
and community to advance their careers and transform their organizations.
ISACA leverages the expertise of its 460,000 engaged professionals in information and cybersecurity,
governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI®
Institute, to help advance innovation through technology.
ISACA has a presence in 188 countries, including more than 220 chapters worldwide and offices in
both the United States and China.
ISACA Products and Services
Membership
Being an ISACA member gives you access to exclusive member benefits including savings on ISACA
products like Certification Exams, Conferences and Exam Prep materials.
Resources
Explore the latest research, guidance and expert thinking on standards, best practices and emerging
trends.
Training
ISACA's globally respected training and certification programs inspire confidence that enables
innovation in the workplace and career progression.
COBIT 2019®
ISACA’s legacy framework for customizing and right-sizing enterprise governance of information and
technology.

® 2022 ISACA. All Rights Reserved.

2
 ISACA Certification Exams
Candidate Guide
Certificate Programs
• COBIT Certificates
• IT Risk Fundamentals
• Certificate of Cloud Auditing Knowledge
• Cybersecurity Audit

Certification Programs

Code of Ethics
ISACA sets forth a Code of Professional Ethics to guide the professional and personal conduct of its
members and/or certification holders.
• Members and those certified are required to abide by ISACA’s Code of Professional
Ethics.
• Failure to comply can result in an investigation and disciplinary measures including but not
limited to exam score nullification or certification revocation.

3
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

1.2 - ISACA Certification Program Summary

The information below provides a summary of the five ISACA certifications addressed in this guide.

Designed for IT/IS Designed for those Designed for those Recognizes a wide Designed for those
auditors, control, experienced in the who manage, design, range of professionals experienced in the
assurance and management of IT risk oversee and assess an for their knowledge and governance,
information security and the design, enterprise’s application of enterprise architecture, and
Description
professionals. implementation, information security IT governance principles lifecycle of data privacy
monitoring and function. and practices. at a technical level.
maintenance of IS
controls.

Five (5) or more years of Three (3) or more years Five (5) or more years Five (5) or more years Three (3) or more years
experience in IS/IT audit, of experience in IT risk of experience in of experience in an of experience in data
control, assurance, or management and IS information security advisory or oversight privacy governance,
security. control. management. role supporting the privacy architecture,
Experience Experience waivers governance of the IT- and/or data lifecycle
Experience waivers are No experience waivers or related contribution to work.
Required are available for a
available for a maximum substitutions an enterprise.
of three (3) years. maximum of two (2) No experience waivers
years. Experience waivers are or substitutions.
available for a maximum
of one (1) year.

Domain 1 - Information Domain 1 – Domain 1 – Domain 1 – Domain 1 – Privacy

System Auditing Process Governance (26%) Information Security Governance of Governance (34%)
(21%) Domain 2 – IT Risk Governance (17%) Enterprise IT (40%) Domain 2 – Privacy
Domain 2 - Governance Assessment (20%) Domain 2 – Domain 2 – IT Architecture (36%)
and Management of IT Domain 3 – Risk Information Security Resources (15%) Domain 3 – Data
(17%) Response and Reporting Risk Management Domain 3 – Benefits Lifecycle (30%)
Domain 3 – Information (32%) (20%) Realization (26%)
Domain (%) Systems Acquisition, Domain 4 – Information Domain 3 – Domain 4 – Risk
Development and Technology and Security Information Security Optimization (19%)
implementation (12%) (22%) Program (33%)
Domain 4 - Information Domain 4 –
Systems Operation and Incident Management
Business Resilience (30%)
(23%)
Domain 5 – Protection of
Information Assets (27%)

Chinese Traditional Chinese Simplified Chinese Simplified Chinese Simplified Chinese Simplified
Chinese Simplified English English English English
English French Spanish Japanese Spanish
Exam
Languages German Hebrew Korean Spanish German
(Effective Nov 2022) (New for 2023)
Italian Japanese
Korean Portuguese
(New for 2023)

Spanish Turkish

Exam 4 hours (240 minutes), 4 hours (240 minutes), 4 hours (240 minutes), 4 hours (240 minutes), 3.5 hours (210 minutes),
Length 150 multiple choice 150 multiple choice 150 multiple choice 150 multiple choice 120 multiple choice
questions questions questions questions questions

4
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide
Exam Fees
Exam registration fees are based on membership status at the time of exam registration.
• ISACA Member: US $575
• ISACA Nonmember: US $760
Exam registration fees are non-refundable and non-transferrable.
Resources
Below are some useful links and resources to help exam candidates learn more about ISACA
Certification exams.
CISA Certification
• CISA Exam Content Outline
• Prepare for the CISA Exam
• CISA Exam Information
• CISA Application Requirements
• CISA Maintenance Requirements

CRISC Certification
• CRISC Exam Content Outline
• Prepare for the CRISC Exam
• CRISC Exam Information
• CRISC Application Requirements
• CRISC Maintenance Requirements
CISM Certification
• CISM Exam Content Outline
• Prepare for the CISM Exam
• CISM Exam Information
• CISM Application Requirements
• CISM Maintenance Requirements
CGEIT Certification
• CGEIT Exam Content Outline
• Prepare for the CGEIT Exam
• CGEIT Exam Information
• CGEIT Application Requirements
• CGEIT Maintenance Requirements
CDPSE Certification
• CDPSE Exam Content Outline
• Prepare for the CDPSE Exam
• CDPSE Exam Information
• CDPSE Application Requirements
• CDPSE Maintenance Requirements

5
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

Section II: Exam Registration and Scheduling

Section Topic Page
2.1 Before You Register 6
2.2 Registering for the Exam 6
2.3 Scheduling the Exam Appointment 9

2.1 - Before You Register

ISACA certification exams are computer-based and administered at authorized PSI testing centers
globally or as remotely proctored exams. Exam registration is continuous, meaning, candidates can
register any time, no restrictions. Candidates can schedule a testing appointment as early as 48 hours
after payment of exam registration fees.
Upon registration, exam candidates have a twelve (12) month eligibility period to take their exam. This
means that from the date you register, you have 12 months (365 days) to take your exam. It is
important to note that the exam registration fee must be paid in full before an exam candidate can
schedule and take an exam.

Please be aware that the exam eligibility and registration fees will be forfeited in the event the
candidate does not take the exam during the 12-month eligibility period if the testing
appointment is missed or if the candidate is more than 15 minutes late for a testing
appointment.
2.2 - Registering for the Exam
Exam registration must be completed online by following the steps below:
Step Action
1. Select your certification exam: CISA | CRISC | CISM | CGEIT | CDPSE
2. Log-in or create an account.
Note: If you are creating an account, please ensure your name is the same as what
appears on your government-issued identification that you will present on exam day. See
the Exam Day Rules section in this document for acceptable forms of ID.
Before you register for the exam, it is important to verify there is a PSI test site with
availability near you or have a compatible device for remote testing. To test your
device, complete this compatibility check. If you are using a company device to
take your exam, you may need your IT department’s assistance or approval.
3. Complete the registration process

Please note, during the exam registration process you will be required to accept ISACA’s Terms
of Use, section 16. Exams, including the conditions set forth in this Candidate Guide covering
exam administration, certification rules, and the release of test results.
For step-by-step instructions on completing your online registration, please refer to the How to
Register Guide.

Candidates cannot schedule a testing appointment until exam registration fees are paid in full.
Exam fees are non-refundable and non-transferrable.

6
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

Registration Acknowledgement
You will receive a Notification to Schedule email within one (1) business day following registration
and payment of the exam.
The Notification to Schedule email provides information on scheduling your exam appointment.
Registering for the Exam with Special Accommodations
Special testing accommodations must be requested during the registration process and approved by
ISACA before scheduling the exam.
To request special testing accommodations please follow the steps below:

Step Action
1. During the exam registration process, make sure to check the special accommodation
requirement field.

2. Print the Special Accommodation Request Form.

3. Complete the ISACA Special Accommodation Request Form.
Note: Form must be completed by you and your health care professional.
4. Submit form to ISACA at support.isaca.org.

Special accommodation requests will not be considered until exam registration fees are paid in
full. All requests must be submitted to ISACA no later than 4 weeks prior to your preferred exam
date and are only valid for that one exam administration.

7
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide
Registration Changes
There are three common registration changes that candidates request. Refer to the table below.
Type of Change Steps
Name The name on your ISACA account must match the name on the ID
used to check-in for your exam.

1. Log-in at www.isaca.org/myisaca.
2. Click on the red MY ISACA PROFILE button.
3. Make the necessary changes.
4. Click Save.
Exam 1. Log-in at https://www.isaca.org/myisaca/certifications.
Language 2. Click the “Re-Schedule or Cancel Exam” link to proceed to PSI’s
scheduling page
3. Follow the on-screen instructions to schedule your testing appointment.
The Scheduling Guide is available to help you schedule and reschedule.
Note: If you need to change your exam language, you also must
reschedule the testing appointment. See Rescheduling an Exam for
details.

Exam Type Contact ISACA Support immediately at support.isaca.org.

All change requests must be completed a minimum of 48 hours prior to your scheduled testing
appointment.

8
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

2.3 - Scheduling the Exam Appointment

Eligibility
Exam eligibility is required to schedule and take an exam. Eligibility is established at the time of exam
registration and is good for twelve (12) months (365 days).
Exam registration and payment are required before you can schedule and take an exam.
Exam fees are non-refundable and non-transferable.
You will forfeit your fees if you do not schedule and take the exam during your twelve-
month eligibility period. No eligibility extensions are allowed.
Exam Scheduling
There are 5 key steps to schedule an exam appointment. Please note that payment is required before
you can schedule an exam.
Step Action
1. Log-in to your ISACA account
2. Click Certification & CPE Management
3. Click Schedule Your Exam or Visit Exam Website, you will be taken to the PSI
dashboard to schedule your exam.
4. On the PSI dashboard, click Schedule Exam.
5. Follow the step by step instructions in the Scheduling Guide.

You will receive a scheduling confirmation email from no-reply@psiexams.com confirming your
exam appointment. Please view the Scheduling Guide for additional scheduling assistance.
Please note, exam appointments are only available 90 days in advance. If you do not see your exam
site or date available more than 90 days in advance, please check back when it is closer to your
desired exam date.
If you still do not see your desired exam site or date available, please verify that your exam eligibility
has not expired by logging into your ISACA Account, and clicking the Certification & CPE
Management tab.
Rescheduling an Exam
You can reschedule your exam anytime, without penalty, during your eligibility period if done a
minimum of 48 hours prior to your scheduled testing appointment.

If you are within 48 hours of your scheduled testing appointment, you must take the exam or
forfeit the registration fee. To reschedule an appointment: Log-in into your ISACA Account
and follow the rescheduling steps in the Scheduling Guide

Emergency Closing
Severe weather or an emergency could require canceling scheduled exams. If this occurs, PSI will
attempt to contact you by phone or email; however, ISACA suggests that you check for test
center closures by visiting www.psiexams.com. If the site is closed, the exam will be rescheduled
at no additional charge.

9
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

Section III - Exam Preparation

The Exam Preparation section covers the processes to get ready for the exam, the exam day rules and
how the exam is administered.
Section Topic Page
3.1 Getting Ready for the Exam 10
3.2 Exam Day Rules 12
3.3 Exam Administration 14

3.1 - Getting Ready for the Exam

Exam Preparation
ISACA offers a variety of exam preparation resources including group training, self-paced training and
study resources in various languages to help you prepare for your certification exam.
Exam Questions
Exam questions are developed with the intent of measuring and testing practical knowledge and the
application of general concepts and standards. All questions are designed with one best answer.
• Every question has a stem (question) and four options (answer choices).
• Choose the correct or best answer from the options.
• The stem may be in the form of a question or incomplete statement.
In some instances, a scenario may also be included. These questions normally include a description of
a situation and require you to answer two or more questions based on the information provided.
To learn more about the types of exam questions and how they are developed, review our Item
Writing Requirements and Resources.
Exam Tips
• Read each question carefully. An exam question may require you to choose the appropriate
answer based on a qualifier, such as MOST likely or BEST.
• Read the question carefully, eliminate known incorrect answers and then make the best choice
possible.
• A tutorial of the exam taking experience will be provided after logging onto the testing station
and prior to the start of the exam. Pay close attention to the tutorial so as not to miss important
information.
• All questions should be answered.
• There are no penalties for incorrect answers. Grades are based solely on the total number of
questions answered correctly, so do not leave any questions blank.
• Budget your time. Pace yourself to complete the entire exam. You have 4 hours to complete the
CISA/CRISC/CISM/CGEIT exams, and 3.5 hours to complete the CDPSE exam.

10
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

Exams scheduled at an in-person Exam Center

If your exam is scheduled for an Exam Center, make sure you are prepared before the day of the exam by
doing the following:
• Locate the test center address and confirm the start time.
• Map out your route to the testing center.
• Plan to arrive at least 30 minutes prior to the exam start time.
• Plan to store your personal belongings.
*See the Exam Day Rules for more information.

Remotely Proctored Exams

For additional information about remotely proctored exams, download the Remote Proctoring Guide.
To test your device, complete this compatibility check prior to your exam day.

If you are using a company device to take your exam, you may need your IT
department's assistance or approval to download the secure browser.
*See the Exam Day Rules for more information.

Identification Requirements
To enter the testing center or check-in for your online exam, you must present an acceptable form
of identification (ID). An acceptable form of ID must be a current, valid, and original government-
issued ID that contains:
• Candidate’s name (as it appears on the Notification to Schedule email from ISACA). Please note, the first
and last name shown on your ID must match the name with which you registered for the exam, or you
may not be permitted entry to your exam. Middle names are not required for registration.
• Candidate’s signature (Driver's Licenses issued in Japan without a signature will be accepted.)
• Candidate’s photograph
All information must be demonstrated by a single form of ID (cannot be a copy or handwritten).
Any candidate who does not provide an acceptable form of ID will not be allowed to sit for
the exam and will forfeit their registration fee.

Acceptable Forms of Identification

Acceptable forms of identification include:
• Driver’s license
• State identity card (non-driver’s license)
• Passport
• Passport card
• Green card
• Alien registration
• Permanent resident card
• National identification card

The testing center reserves the right to ask for additional forms of identification for verification
purposes. If there is any doubt surrounding your identity, you will be turned away from the test and
ISACA will be notified. This will be considered a no-show and you forfeit your exam fees. To take the
exam in the future, you will be required to re-register and pay the exam fee again. 11
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

3.2 - Exam Day Rules

The exam rules provide guidelines of what is acceptable during the exam. The exam rules apply for
tests administered at PSI Test Center locations and Remotely Proctored Exams. Upon registering for
any ISACA exam, candidates must accept the Terms of Use, section 16. Exams. Per these Terms,
ISACA has the right to nullify exam scores if any of these unacceptable behaviors are identified.
Prohibited Items

Your workspace must be completely cleared of all other items and materials during your exam. You will
be required to face toward the screen for the duration of your exam so the proctors can properly
monitor the exam session.

You are prohibited from having the following items with you during your exam:
• Reference materials, study materials, paper, notes, notepads, language dictionaries, or other aids
• Calculators
• Multiple monitors
• Any type of communication, surveillance or recording devices including but not limited to:
o Mobile phones, electronic devices, or recording devices
o Tablets
o Smart watches or glasses
o Headphones / earbuds
• Baggage of any kind including handbags, purses, or briefcases
• Weapons
• Tobacco products or vaping
• Food or beverages (this includes water, and applies to both on-site and remotely proctored exams)
• Visitors

If exam candidates are viewed with any such communication, surveillance or recording devices during
the exam administration, their exam will be voided, and they will be asked to immediately leave the exam
site if applicable. Candidates are not permitted to take screenshots or photos of any portion of the
exam, including the exam results screen.

Storing Personal Items

Plan to store your personal items brought to the testing center in a locker or other designated area. You
will not be able to access personal items until the exam is complete and submitted.
Unacceptable behavior
Per the Terms of Use, section 16. Exams, the following activities are prohibited.
• Creating a disturbance.
• Giving or receiving assistance during the exam; using notes, papers, or other aids; use of unauthorized study
materials
• Talking, reading the questions out loud, or moving your lips while reading silently
• Copy, photograph, record, memorize or otherwise attempt to retain or recreate any Exam content, or assisting
anyone to retain recreate or reconstruct Exam content for any purpose
• Attempting to take the exam for someone else or having someone else take the exam for you.
• Possession of communication, surveillance or recording device, including but not limited to cell phones, tablets,
smart glasses, smart watches, mobile devices, etc., during the exam administration.
• Attempting to sell, license, distribute, exchange, give away, share, comment on, disclose or discuss, either directly
or indirectly, any exam content to any person or entity before, during or after the Exam verbally, in writing, or through
any other method of communication including but not limited to the Internet, email, or through any online forum.
• Leaving the testing area without authorization. (These individuals will not be allowed to return to the testing
room). Two breaks, each no longer than ten minutes, are permitted with permission of your proctor. Your exam
will be paused, but the timer will not stop during your approved breaks.

• Accessing items stored in the personal belongings area before the completion of the exam. 12
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide
Personal Hardship Guidelines

If you fail to arrive for a testing appointment due to a personal hardship you may be able to reschedule
without forfeiting your exam registration fee.
Step Action
1. Contact PSI* no later than 72 hours following the scheduled appointment.

2. Provide documentation to PSI to confirm the reason for absence.

*PSI Contact Info:

Step Action
1. Visit https://www.psionline.com/test-takers/candidate-support-numbers/

2. Enter "ISACA" in the Search field.

3. Review and choose from the list of available contact numbers.

Personal Hardship Examples Documentation Required

Personal Illness Doctor’s note, emergency room admittance, etc.

• Must be signed by a licensed doctor and include the date
of medical visit.
• Must include contact information for the licensed doctor.
• Does not need to give details of the illness or emergency,
but the doctor should indicate that the candidate should
not test.

Death of an immediate family Must include the date of death and deceased name and
member including: relationship to the deceased.
• Spouse
• Child/dependent
• Parent
• Grandparent
• Sibling
Traffic Accidents Police report, receipt from the mechanic or towing company
which must include the date and contact information.

If the request is denied, you are required to register again and pay the full exam registration fee.

13
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

Leaving the Testing Area

You must gain authorization from the test proctor to leave the testing center or in the case of
online remotely proctored exams, to leave your designated testing area. Leaving your
testing center or testing area without authorization may result in your exam being terminated.
Two breaks are permitted with permission of your proctor. Your exam will be paused, but the
timer will not stop during your approved breaks.
Reason for leaving: Directions:
An emergency • The exam will be paused temporarily.
• Once it is confirmed as an emergency, the test will end.
To use the facilities • You will be required to check out and check back in.
• The exam time will not stop, and no extra time will be permitted.
• Each of your two breaks must be 10 minutes or less.

Consequences
If you violate the Terms of Use or Exam Day Rules or engage in any kind of misconduct you will
be subject to the following:
• Dismissal or disqualification
• Voiding of exam
• Revocation of ISACA membership and any certifications currently held
• Banned from taking any ISACA exam

3.3 - Exam Administration

The PSI testing location is either a testing center or online remoted proctored.

PSI Testing Center

Your exam may be administered in a room with other test takers. Please note that some noise should
be expected and is considered normal.
Here is a video of the PSI Test Center Experience.

Online Remote Proctoring

ISACA also offers the ability to take exams at home via online remote proctoring. Please review
the Remote Proctoring Guide prior to taking an exam using this delivery modality.
Here is a video of the PSI Online Remote Proctoring Experience.

® 2022 ISACA. All Rights Reserved. 14

 ISACA Certification Exams
Candidate Guide

Section IV - After the Exam

The After the Exam section covers the exam scoring and applying for certification.
Section Topic Page
4.1 Exam Scoring 15
4.2 Retake Policy 16
4.3 Post Exam Feedback 16
4.4 Certification 17
4.1 - Exam Scoring
Receiving Your Score
You will be able to view your preliminary passing status on screen immediately following the completion of
your exam. You are not permitted to take screenshots or photos of any portion of the exam, including the
exam results screen. Your official score will be emailed and available online within 10 working days. If you
have passed your exam you will receive details on how to apply for certification.
1. Email notification: sent to the email address listed on your profile.
2. Online results: available on MyISACA > Certifications & CPE Management page.
3. Exam scores will not be provided by telephone or fax.
4. Question-level results cannot be provided.
Scoring Criteria
Candidate scores are reported as a scaled score. A scaled score is a conversion of a candidate’s raw
score on an exam to a common scale. The purpose of a scaled score is to ensure that a standard way of
reporting outcomes is used across disparate versions of the exam so that different versions are
comparable and fair. ISACA uses and reports scores on a common scale from 200 to 800. ISACA exams
are comprised of scored items as well as pre-test items. Pre-test items are not used to calculate your
exam score. Review the points below to identify the lowest, passing, and perfect scores.
• A score of 800 represents a perfect score with all questions answered correctly.
• A score of 200 represents the lowest score possible and signifies only a small number of
questions were answered correctly.
• You must receive a score of 450 or higher to pass the exam which represents the minimum
standard of knowledge.
• Domain level results are provided for informational purposes only. Exam scores are based on the
total number of exam items answered correctly, regardless of domain. Domain percentages
indicate the portion of the exam that reflects that domain content, and are not used to calculate
exam scores.
• A candidate receiving a passing score can then apply for certification if all other requirements are
met (see section How to become Certified for more details).
Requests for Rescoring
While we are confident in the integrity and validity of our scoring procedures, you may request a
rescore if you do not pass the exam. Rescores are performed by PSI.
You must submit a rescore request in writing through our support page within 30 days following the
release of the exam results.
• Requests for a rescore after 30 days will not be processed.
• All requests must include a candidate’s name, ISACA ID number and mailing address.
• A fee of US $75 must accompany each request.
15
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

4.2 - Retake Policy

To protect the integrity of ISACA’s certification exams, ISACA has implemented the following retake
policy:
1. Individuals have 4 attempts within a rolling twelve-month period to pass the exam. Those that
do not pass on their first attempt are allowed to retake the exam a total of 3 more times within
12 months from the date of the first attempt. Please note that candidates must pay the
registration fee in full for each exam attempt.
To illustrate:
After taking and not passing the exam (attempt 1):
• Retake 1 (attempt 2): Customers must wait 30 days from the date of the first attempt
• Retake 2 (attempt 3): Customers must wait 90 days after the date of the second attempt
• Retake 3 (attempt 4): Customers must wait 90 days after the date of the third attempt
2. Individuals who pass the exam are restricted from taking the same exam within the application
time period of 5 years.
3. Certification holders are restricted from taking the same certification exam while they are
certified.

4.3 - Post Exam Feedback

You will have the opportunity to provide feedback after completing the exam via a post-exam survey.
Your feedback is used to improve the testing experience and the quality of the exam questions.
Concerns about Exam Administration
You can provide comments and concerns about the examination administration, including exam day
issues, site conditions or the content of the exam by contacting ISACA at support.isaca.org within 48
hours of the conclusion of the test.
Step Action
1. Contact ISACA support.
2. Provide the following information in your comments:
• ISACA ID number
• Testing center location
• Date and time tested
• Any relevant details on the specific issue
3. ISACA will review comments regarding exam day issues and
site concerns prior to the release of the official score report.

ISACA does not reissue scores based on question updates. Our subject matter experts use
these comments to improve future examinations.

16
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide

4.4 - Certification
How to become Certified
Taking and passing an ISACA certification exam is just the first step in becoming certified.
To become certified, an individual must first meet the following requirements:
Step Action
1. Successfully pass the Certification Exam.
2. Pay the $50 application processing fee.
3. Submit an application to demonstrate the experience requirements.
4. Adhere to the Code of Professional Ethics.
5. Adhere to the Continuing Professional Education Policy.
Candidates have (5) five years from passing the exam to apply for certification.
Additional resources are included below for more information about becoming certified.

1. Pass the Examination: CISA | CISM | CGEIT | CRISC | CDPSE

2. Pay the $50 Application Processing Fee: CISA | CISM | CGEIT | CRISC | CDPSE

3. Submit the Application for Certification: CISA | CISM | CGEIT | CRISC | CDPSE

4. Adhere to ISACA’s Code of Professional Ethics, Terms of Use, and Privacy Policy

5. Adhere to the Continuing Professional Education (CPE) Policy: CISA | CISM | CGEIT | CRISC
|CDPSE

6. Compliance with the Information Systems Auditing Standards (CISA only)

17
® 2022 ISACA. All Rights Reserved.
 ISACA Certification Exams
Candidate Guide
Why certify?
ISACA certifications are globally accepted and recognized. They combine the achievement of passing
an exam with credit for your work and educational experience, giving you the credibility, you need to
move ahead in your career. Certification proves to employers that you have what it takes to add value
to their enterprise. In fact, many organizations and governmental agencies around the world require or
recognize ISACA’s certifications.
Independent studies consistently rate ISACA’s designations among the highest paying IT and impactful
certifications that an IT professional can earn. Earning and maintaining an ISACA certification:
• Boosts your earning potential.
• Counts in the hiring process.
• Enhances your professional credibility and recognition.
ISO/IEC 17024:2012 Compliant
• The American National Standards Institute (ANSI) has accredited the CISA, CRISC, CISM and
CGEIT certifications under ISO/IEC 17024:2012, General Requirements for Bodies Operating
Certification Systems of Persons.
• Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for
openness, balance, consensus, and due process.
• With this accreditation, ISACA anticipates that significant opportunities for CISAs, CRISCs,
CISMs and CGEITs will continue to present themselves around the world.
ANSI Accredited Program
PERSONNEL CERTIFICATION #0694
ISO/IEC 17024
CISA, CISM, CGEIT and CRISC Program Accreditation
Renewed Under ISO/IEC 17024:2012
• ANSI is a private, nonprofit organization that accredits other organizations to serve as third-
party product, system, and personnel certifiers.
• ISO/IEC 17024 specifies the requirements to be followed by organizations certifying individuals
against specific requirements.
ANSI describes ISO/IEC 17024 as “expected to play a prominent role in facilitating global
standardization of the certification community, increasing mobility among countries, enhancing
public safety and protecting consumers.”

18
® 2022 ISACA. All Rights Reserved.