Cer ed R is k a n d n fo r a t o n CRISC S y s t e m s Controt' TM
A n I S A C A ® C e r t f ic ic a t o n
T ru r u st st i n a n
v a u e o m , n fo fo rm rm a t o n s ys y s te te m s 7/2011
C e rt if ie d
R is k
!_ a n d I n fo r m a ti o n Sy em
C on t
p p c a t o n o r C R IS C C e n ic a t o n
AnSA~Cerllflcatlon
at
an
ar
ed (3 CRIS
at
ce
omains
e me n
en
re uire
co
fo ce tifica on er
en
ec
ca ef
er
ai
www.isaca.org/crisccpepolicy.
ISAC
Code of Professional Ethics es
co
ed
www.isaca.org/ethics.
CRIS
Continuing Professional Educatio
(CPE Policy
ce
cu ch ea
ch
ai co
ed
ed
ar
www.isaca.org/crisccpepolicy.
Instructions fo Completing an aref ll
ol ow
inst uc ions to co plet
le
li
ap
ca
CRISC Certification ISACA ad Fax
+1.847.253.1755
E-mail:
Submitting Your Applicatio
[email protected]
io
il
ce
ou ap lication cc
an su
Documentatio comple
al appropriat
sect on
an
sign your appl ca ion. ca
ed
an
ex
ce
C e rt if ie d i n R i s a n d I n fo r m a ti o n S y s te m s C o n tr o l
Appl ca on or CR SC Cer
AnlSACAOCertlllcallon
cat on
Applicant Information
ctio
-E pl ym nt
or each em loye
istory
(s arti
with he most curren ), en er th fo lowing
nformation MM
ch To al th
earlmo th
ea
ex erie ce fo al ob it es at th
ex er
ce
at
ai
em
empl yer. ai
at
ar
ea
en er
12/09
1/09
at
ctio
2-Employ
um ar
en
ctio
3-Verifi
erso
ho
sectio
(pag
-I), en er th em oyer name verifier ame,
er fy his/he
is also acceptab ab
erifie
ob ti le emai address, an
il at es to ou work ex er ence at ha em loyer. Th em oyer name yp ca ly er
ve ifie
ac
Informatio
Fo each em oyer is ed of th
al
wn
fo
en
ork. Th
erifie should
nowled ea le clie no acce ta le fo
It
de tica
ac e ma i
of
or
Experi nc
your im ed at
co leag
ve if
ou as he ap licant
Form (Pag
er
V-
ca es
ame) IS CA ID
an an
er fier name
si es
on
am
is ed
an
also
ou
superv so or
or
ex er ence
verifier
erso
of higher
ositio
ou ar se f-em loye
ou ow ap lication
e. rification
he employer
an
V-
am
ithi
he organization
or
ou supe viso
It
is
C e rt if ie d
R is k
!_ a n d I n fo r m a ti o n Sy em
C on t
p p c a t o n o r C R IS C C e n ic a t o n
AnSA~Cerllflcatlon
Sect on
-R ques
or Work
xp rien
er fica io er at
ce
ea
er
ex er
er
ce
ar
en
It
el
erifie (s
needed to ve if
prev ou
sectio
an sign an
at
at
here indica ed (a applican
ev
performe
Sect on
ex
signat re an da e) ca
your specific work experience
cannot an
ex er ence
eq es erificatio
ag
It
on your application.
-Ver fication
of Work Experi nc
co As
em If he sh
will
also
If
at
ad it onal
It is
ed
each verifier to comp et
he
er fier name professi na
itle compan
ame, address,
erifie e-mail an ve if er elephone
number. ec
er
co
an
en er
record #1
#2.
If
cl ct ce
at
ca
ag
ec
er
ed
VERY IMPORTANT:
llec an se
al comple ed
er fica on form
et
SEPARATELY.
Certificatio
en em
ge he
it
ou signed application.
ax
Coordinator
ISACA ad E-mail:
[email protected]
Telephone: Fax ea
1.847.660.5660
+1.847.253.1443 at
verification of he
If se ec ed
or
experience
ha wa
er fied
er fier
il be contacte
conf rm he
comple on an
ce
C e rt if ie d i n R i s a n d I n fo r m a ti o n S y s te m s C o n tr o l
A p p l ic a t o n o r C R IS C C e r
AnlSACAOCertlllcallon
Applican
cat on A-
Informatio
Applicant Name
= = : : : : : : : : : : c = : : : : : : c : : : : : : : : : : -
Box 1. EMPLOYER NAME Dates of Employmen
Wor
Experienc I.
~~ 2. "';::
3.
Fo eachjob titl held ente your jo title(s) th period of time (i From MMIY an To MMIY boxes) yo worked in each position an th years/ month of experienc that your ar claimin wit this employer. Total the year/month of experience
TOTAL
CRIS
Domain Work Experience
Domain Domain Domain
(RI) (RR) (RM)
Domain Domain
(CD) (CM)
Fo each domain in whic yo earned experience in C RI s d om ai n( s) , e nt e t h p er io d o f t i m ( i t h From MMIYY an To MMIY boxes) yo performe th task in each domain (see V- fo domain an task statements), an th years/month of experienc that yo ar claiming with this employer Se instructions for an example.
Ente th TOTA number ofyears/month ofwor experience that yo have performing th CRIs task (V-2 in each domain with this employer Note that th tota years/months of experience cannot exceed th tota length of employment with this employer Se instructions fo an example.
Experienc in Domain 1YEARS
MONTHS
Bo 2. EM LO ER NA Dates of Employmen
IT or Business Work Experience ~;j
"'~
FromMMfYY
I.
2. 3.
Fo eachjob titl held ente your jo title(s) th period of time (i From MMIY an To MMIY boxes) yo worked in each position an th years/ month of experienc that your ar claimin wit this employer. Total the year/month of experience
TOTAL
eR Se
omai
Domain Domain
(RI) (RR)
Domain Domain Domain
(RM) (CD) (CM)
Work Ex er ence
Fo each domain in whic yo earned experience in C RI s d om ai n( s) , e nt e t h p er io d o f t i m ( i t h From MMIYY an To MMIY boxes) yo performe th task in each domain (see V- fo domain an task statements), an th years/month of experienc that yo ar claiming with this employer Se instructions for an example.
Ente th TOTA number ofyears/month ofwor experience that yo have performing th CRIS task (V-2 in each domain with this employer Note that th tota years/months of experience cannot exceed th tota length of employment with this employer Se instructions fo an example.
ection TOTA
-Emp oy en eRIS
Experienc in Domain 1YEARS
MONTHS
um ar
overal domain relate experience Must be
or more year of cumulativeexperienceacros
CRIS domains
C e r ti fi e d i n R i s !_ and Information "" S ys te m s Co n o l
CR SC Cert~ication
App ca
P ag e A -
AnSA~Cerllflcatlon
Applican
Informatio
y N
Sectio
3-Verifier
n N
e I
Informatio
person listed below)
a n S AC A m e mb e
Acknowledgement h e re b y a p pl y t o I S AC A f o c e rt if ic a ti on , a s C e rt if ie d i n R is k a n d I nf or ma ti o ( CR IS G )
a cc o d an c
r ea d a n d a g re e
wi
an
s ub je c
h e p ro ce du re s a n
S y st em s C on tr o
eguaton
o f S A CA . I h av e
t h c on di ti on s s e t f o rt h i n t h e A p p li ca ti o f o C R IS C C e r i fi ca ti o
C o n i nu in g E d uc a ti o P o li c i n e ff ec t a t t h t im e o f m y a p p li ca ti on , c ov e ri n p ro ce s s a n c on ti nu in g e d uc a ti o p ol ic ie s . a g re e t o d e ni a o f C e rt if ic a ti o m y e n i r a pp li ca t o n f e I SA C A i
an
e de l v e
o f a n c e i fi ca t
a n d C R IS C
h e c e rt if ic a ti o
a n t o f or fe it ur e o f
o r o th e c re de n a l g ra n e d m e b y
h e e ve n h a a n o f h e s ta te m en t o r a n sw e r m a d b y m e i n t hi s a p p c a o n a r
f a ls e o r i n t h e e v e n t h a I v i o la t e a n y o f t h e r u le s o r r e gu l at io n g o v er ni n t h C R I S Cc e rt if ic a ti o p ro g ra m .
u n de rs ta n d t ha t a l c e rt if ic a te s a r o w ne d b y I S AC A a n d i f m y c e rt if ic a t
i s g ra n te d
a n d t h e r e vo k ed , w i l d e s tr o t h e c e rt if ic a te . au ho ze ve
S AC A t o m ak e w ha te ve r
m y c re de n a l
an
ma
be
an
Sy em
e d b y S AC A
u nd e s ta n
ha
n fo rm a t o n w i
v es t g a o n
m y p ro fe ss io na l s ta nd i g . Co
y ou r c e
hi
ca
pa es wh
am ab
B y s ig n n g b e o w y o
qu es an
qu e.
a pp ea l h e d e s i
a u th o z e
b e u se d
SAC
yo
s ta tu s w i
be w, yo
be
an
n um b e
e re s e d yo
p ro mo t o na l c om m un ic a i on s y ou r a n
a cc u a te . T o e a
o n h i f o m , p le a s
B y s ig n
h av e p ro v d ed , n c u di n Yo mo
ur he
e p re se n
a b ou t h o
o r p u c ha s
o th e
S AC A
yo at hat
time. h e e b y a g re e h a m le s
ho
I SA C A
o ff ic e s , d i e c o rs , e xa m in e s , e m p o ye es , a n
f ro m a n c om p la in t c la im , o r d a m ag e a ri s n g o u o f a n y a c i o o r o m is si o
of hem
c on ne c o n w i
hi
a pp l c a o n
h e a pp l c a o n p ro ce ss ; h e f ai lu r
a n y c e rt if ic a te ; o r a n y d e m a n f o f or fe i tu r e o r r e de l iv e r he ab e,
un er an
an
a p p c a o n m u s b e b ro ug h g ov e n e
ag ee ha
an
ac
by an s su e m e
o f s u c h c e rt if ic a te . N o tW i t hs ta n d in g ar
ut
pe ai
h e C i c ui t C ou r o f C oo k C ou n y , I l i no is , U S A a n
b y h e a w s o f t h e S ta t o f
a g en ts ,
hi s ha l b e
nos, USA
R is k ma
S O L E LY A N D E X C LU S IV E L YW I T H I SA C A A N D T H A T T H E D E C IS IO N O F I S AC A I S F IN A L . I H A V E R EA D A N D U ND ER ST AN D T H ES E S TA TE M EN T A N
N TE N
T O B E L EG AL L B OU N D B Y
THEM.
T h e c on ta c
o th e r n fo rm a t o n
au ho ze
ha
w h ic h w e
S AC A t o c o a c y o
p ro v d e y o w i
we us
e a d o u P r v ac y P o c y a va i a b
u r e ve n
m a y a ls o b e u se d b y I SA C A t s en d y o
be ev
ma
ed
a pp r e d
y ou r c e i f c a o n s ta tu s
s e v ic es , a n
yo
Ce
b ec om e p ub l c , a n
aten
U N D E RS T A N DT H A T T H E D E C IS IO N A S T O W H E T H E R I Q U A L IF Y F O R C E R T IF IC A T IO NR E S T S
n ec es sa r
m y a pp l a t
n fo rm a t o n a b ou t e la te d I SA C A g o od s a n h e a dd re s
b ec om e
y o e le c
b y c on ta c n g
[email protected].
d is c o s
u l i l y ou r e qu es t a n
d ee m
a nd /
p ro g a m s o r s e v ic es , n fo rm a t o n y o s ub m i m a y a ls o b e u se d a s d es c b e
h e i nf o m a ti o
at
m a rk e n g a n yo
p ro v d e
h e i n o rm a t o n y o h av e p ro v d e
a t www.isaca.org.
If y o
a r a lr ea d y
( Fo r y ou r a p p c a o n
b e c om p le t
yo mus ncud
y ou r n am e , s ig na tu r
an da
above.)
A-2
C e rt if ie d i n R i s a n d I n fo r m a ti o n S y s te m s C o n tr o l
A p p l ic a t o n o r C R IS C C e r
er ficati
cat on P ag e V -
AnlSACAOCertlllcallon
Work
Se tion 4-Requ st
or
xper ence
or
xper ence
rm
ag
2)
er fication
I, ---,-,----,,------;-;;-c-;-;-;-;-----;-------------------------------(ApplicantPrintedName)
am applying fo th Certifie in Risk an Informatio System Contro (CRISC
certification. As such, my wor experienc in identifying, assessing evaluating, respondin to, and monitorin ris and/or designing implementing monitoring, and maintaining information system controls mus be independentl verified by individuals knowledgeable of my wor experienc (current or previous employer). Th individual verifyin th work experience must be an independen verifier an no of an relation to th applican no ca th verifier verify hislhe ow work If currentl or once worked as an independen consultant can us knowledgeabl client or colleague to perfor thi role. Please verify my risk and/or IS control-relate experience as note on my attached applicatio form an as describe by th CRIS jo practice domain an task statements (see page V-2) Please return th complete form to me fo my submission to ISACA. If yo have an question concerning this form pleas direct them to
[email protected] or cal 1.847.660.5660 Thank you
pplicantSignature
Se tion 5-Veri ic tion Verifier Name:
Date
of Work
xp rien
-------~L-as~tIF~IDm~•y~N~am--e-----------------------F~ir~s~1JGi~.v-en~N~am--e----------------------------~M~i~ddl
..e-I.n"m~al.--------
Street
am attestin to th employment experience listed in Sectio I-Employment History. rb xn r( x1 x 2, e ) or e rn .L ta t a y to t s v 1.I have functioned in supervisor or othe relate position to th applican an ca verify hislhe work experience (Section of th application) 2. ca attest to th duration of th applicant' work experience on this applicatio with my organization , I a t to e ef 3. ca attest to th duration of th applicant' work experience on this applicatio prio to hislhe affiliatio wit my organization 4. ca attest that th task performe by th applicant, as checke ar correc to th best of my knowledge.
DN/A
DN/A
DN/A
on th verification form page V-2,
5. ca attest to th fact that th applican is competen in performing th task as checke fo ag -2
on th verification
6. Is ther an reason yo believ this applican should no be certifie in Risk an Informatio System Contro byISACA?
V-1
C e rt if ie d
R is k
Sy em
CR SC Cert~ication
App ca
!_ a n d I n fo r m a ti o n C on t
P ag e V -
AnSA~Cerllflcatlon
rifi
io
ri
rm (p
y N
CRIS
jo
( A p li ca nt s
practice do
in
n N
nd ta
a r r eq ui re d t o c he ck ma r if at
st te
e I
ts
( 1 Y i or 1 8 1 ) ss en
an
al
ti
(RI)
C ol le c i nf or ma ti o a n r ev ie w d oc um en ta ti o t o e ns ur e t ha t r is k a r i d n ti fi e a n e va lu at ed . I de nt if y l e a l r eg ul at or y a n c on tr ac tu a r eq ui re me nt s a n o rg an iz at io na l o li ci e a n s ta nd ar d r el at e t o I S t o d et er mi n t he i p ot en ti a i m a c o n t h business objectives. I de nt if y p ot en ti a t hr ea t a n v ul ne ra bi li ti e f o b us in es s p ro ce ss es , a ss oc ia t d at a a n s up p r ti n c ap ab il it ie s t o a ss is t i n t h v al ua ti o o f e nt er pr is e r is k te is is th ll fi A ss em bl e r is k s c n ar i t o e st im at e l ik el ih oo d a n i m a c o f s ig ni fi ca n r is k t o t h o rg an iz at i n . A na ly z r is ks , i nc id en t a n i nt er de pe nd en ci e t o d et er mi n t h i r i m a c o n u si ne s o bj ec ti ve s is ss tr to ld rs tr ri risk-aware culture. C or re la t i de nt if ie d r is k t o r el ev an t b us in es s p ro c s se s t o a ss is t i n i de nt if yi n r is k o wn er sh ip . V al id at e r is k a pp et it e a n t ol er an c w it h s e i o l ea de rs hi p a n k e s ta ke ho l e r t o e ns ur e a li gn me nt .
ti
is
is is th A ss is t i n t h
it is
te e ve lo pm en t
le
rs
it fi
io le
io
to ti
le ri
si s. my
lo me is io to is fi iz ti b us in es s c as e s up po rt in g t h i nv es tm e p la n t o e ns ur e r is k r es po ns e a r a li gn e
le li th it it in I de nt if y a n r ep or t o n c om pl ia nc e
ss
ta
is in r is k
ie
t or s
in KR
t or s
RI to
le w it h t h i de nt if ie d b us in es s
st
in
in ie tl
in ro id
i ci e tr
io ma in ff ti
th
je
ti
ig ti it re ig me th in it ti ic ti re (e io te ir to level. it tr ig im io is l em e t e ly t hi n t i id ts im io IS in ld ia e s I S c on tr ol s t o v er if y e ff ec ti ve ne s a n e ff ic ie nc y r io r t o i mp le me nt at io n ls to ti it ti ic ti me KP le tr fo ma in ti t om at e ro r ov i d oc um en t t io n a n t ra i i n t o e ns ur e I S c on tr ol s a r e ff ec ti ve l p er fo rm ed . n su r a l c on tr ol s a r a ss ig ne d c on tr o o wn er s t o e st a l is h a cc ou nt ab il it y s ta bl is h c on tr o c ri te ri a t o e na bl e c on tr o l if e c yc l m an ag em e t .
la su C ol le c i nf or ma ti o li
b je ct iv es .
tu
iv ie is re st is ws re t o i ni ti at e c or re ct iv e a ct io n a n m ee t r e u l t or y r eq ui re me nt s
ta ig to r as t
te
te ir ti ic a n r ev ie w d oc um en ta ti o t o i de nt if y I S c on tr o d ef ic ie nc ie s rd ro ri th is to ls te tr ic ti ro m at u mo id if tr ic ie it to su th te ta re ti t o r el e ta to le in me
tr
ti
m pt l
in
je ti
r ol s i nt e
t er n
s.
we th
ie ie in ff
ro ia IS
ty r em e i at e
s.
io
V-2
I S A C A " C e r t if ic a t i o n
Telephone
+1.847.253.1545
Fax +1.847.253.1443 E-mail: We
[email protected] s it e
www.isaca.org