crisc

Cer ed R is k a n d n fo r a t o n CRISC S y s t e m s Controt' TM

A n I S A C A ® C e r t f ic ic a t o n

T ru r u st st i n a n

v a u e o m , n fo fo rm rm a t o n s ys y s te te m s 7/2011

C e rt if ie d

R is k

!_ a n d I n fo r m a ti o n Sy em

C on t

p p c a t o n o r C R IS C C e n ic a t o n

AnSA~Cerllflcatlon

at

an

ar

ed (3 CRIS

at

ce

omains

e me n

en

re uire

co

fo ce tifica on er

en

ec

ca ef

er

ai

www.isaca.org/crisccpepolicy.

ISAC

Code of Professional Ethics es

co

ed

www.isaca.org/ethics.

CRIS

Continuing Professional Educatio

(CPE Policy

ce

cu ch ea

ch

ai co

ed

ed

ar

www.isaca.org/crisccpepolicy.

Instructions fo Completing an aref ll

ol ow

inst uc ions to co plet

le

li

ap

ca

CRISC Certification ISACA ad Fax

+1.847.253.1755

E-mail:

Submitting Your Applicatio

[email protected]

io

il

ce

ou ap lication cc

an su

Documentatio comple

al appropriat

sect on

an

sign your appl ca ion. ca

ed

an

ex

ce

C e rt if ie d i n R i s a n d I n fo r m a ti o n S y s te m s C o n tr o l

Appl ca on or CR SC Cer

AnlSACAOCertlllcallon

cat on

Applicant Information

ctio

-E pl ym nt

or each em loye

istory

(s arti

with he most curren ), en er th fo lowing

nformation MM

ch To al th

earlmo th

ea

ex erie ce fo al ob it es at th

ex er

ce

at

ai

em

empl yer. ai

at

ar

ea

en er

12/09

1/09

at

ctio

2-Employ

um ar

en

ctio

3-Verifi

erso

ho

sectio

(pag

-I), en er th em oyer name verifier ame,

er fy his/he

is also acceptab ab

erifie

ob ti le emai address, an

il at es to ou work ex er ence at ha em loyer. Th em oyer name yp ca ly er

ve ifie

ac

Informatio

Fo each em oyer is ed of th

al

wn

fo

en

ork. Th

erifie should

nowled ea le clie no acce ta le fo

It

de tica

ac e ma i

of

or

Experi nc

your im ed at

co leag

ve if

ou as he ap licant

Form (Pag

er

V-

ca es

ame) IS CA ID

an an

er fier name

si es

on

am

is ed

an

also

ou

superv so or

or

ex er ence

verifier

erso

of higher

ositio

ou ar se f-em loye

ou ow ap lication

e. rification

he employer

an

V-

am

ithi

he organization

or

ou supe viso

It

is

C e rt if ie d

R is k

!_ a n d I n fo r m a ti o n Sy em

C on t

p p c a t o n o r C R IS C C e n ic a t o n

AnSA~Cerllflcatlon

Sect on

-R ques

or Work

xp rien

er fica io er at

ce

ea

er

ex er

er

ce

ar

en

It

el

erifie (s

needed to ve if

prev ou

sectio

an sign an

at

at

here indica ed (a applican

ev

performe

Sect on

ex

signat re an da e) ca

your specific work experience

cannot an

ex er ence

eq es erificatio

ag

It

on your application.

-Ver fication

of Work Experi nc

co As

em If he sh

will

also

If

at

ad it onal

It is

ed

each verifier to comp et

he

er fier name professi na

itle compan

ame, address,

erifie e-mail an ve if er elephone

number. ec

er

co

an

en er

record #1

#2.

If

cl ct ce

at

ca

ag

ec

er

ed

VERY IMPORTANT:

llec an se

al comple ed

er fica on form

et

SEPARATELY.

Certificatio

en em

ge he

it

ou signed application.

ax

Coordinator

ISACA ad E-mail:

[email protected]

Telephone: Fax ea

1.847.660.5660

+1.847.253.1443 at

verification of he

If se ec ed

or

experience

ha wa

er fied

er fier

il be contacte

conf rm he

comple on an

ce

C e rt if ie d i n R i s a n d I n fo r m a ti o n S y s te m s C o n tr o l

A p p l ic a t o n o r C R IS C C e r

AnlSACAOCertlllcallon

Applican

cat on A-

Informatio

Applicant Name

= = : : : : : : : : : : c = : : : : : : c : : : : : : : : : : -

Box 1. EMPLOYER NAME Dates of Employmen

Wor

Experienc I.

~~ 2. "';::

3.

Fo eachjob titl held ente your jo title(s) th period of time (i From MMIY an To MMIY boxes) yo worked in each position an th years/ month of experienc that your ar claimin wit this employer. Total the year/month of experience

TOTAL

CRIS

Domain Work Experience

Domain Domain Domain

(RI) (RR) (RM)

Domain Domain

(CD) (CM)

Fo each domain in whic yo earned experience in C RI s d om ai n( s) , e nt e t h p er io d o f t i m ( i t h From MMIYY an To MMIY boxes) yo performe th task in each domain (see V- fo domain an task statements), an th years/month of experienc that yo ar claiming with this employer Se instructions for an example.

Ente th TOTA number ofyears/month ofwor experience that yo have performing th CRIs task (V-2 in each domain with this employer Note that th tota years/months of experience cannot exceed th tota length of employment with this employer Se instructions fo an example.

Experienc in Domain 1YEARS

MONTHS

Bo 2. EM LO ER NA Dates of Employmen

IT or Business Work Experience ~;j

"'~

FromMMfYY

I.

2. 3.

Fo eachjob titl held ente your jo title(s) th period of time (i From MMIY an To MMIY boxes) yo worked in each position an th years/ month of experienc that your ar claimin wit this employer. Total the year/month of experience

TOTAL

eR Se

omai

Domain Domain

(RI) (RR)

Domain Domain Domain

(RM) (CD) (CM)

Work Ex er ence

Fo each domain in whic yo earned experience in C RI s d om ai n( s) , e nt e t h p er io d o f t i m ( i t h From MMIYY an To MMIY boxes) yo performe th task in each domain (see V- fo domain an task statements), an th years/month of experienc that yo ar claiming with this employer Se instructions for an example.

Ente th TOTA number ofyears/month ofwor experience that yo have performing th CRIS task (V-2 in each domain with this employer Note that th tota years/months of experience cannot exceed th tota length of employment with this employer Se instructions fo an example.

ection TOTA

-Emp oy en eRIS

Experienc in Domain 1YEARS

MONTHS

um ar

overal domain relate experience Must be

or more year of cumulativeexperienceacros

CRIS domains

C e r ti fi e d i n R i s !_ and Information "" S ys te m s Co n o l

CR SC Cert~ication

App ca

P ag e A -

AnSA~Cerllflcatlon

Applican

Informatio

y N

Sectio

3-Verifier

n N

e I

Informatio

person listed below)

a n S AC A m e mb e

Acknowledgement h e re b y a p pl y t o I S AC A f o c e rt if ic a ti on , a s C e rt if ie d i n R is k a n d I nf or ma ti o ( CR IS G )

a cc o d an c

r ea d a n d a g re e

wi

an

s ub je c

h e p ro ce du re s a n

S y st em s C on tr o

eguaton

o f S A CA . I h av e

t h c on di ti on s s e t f o rt h i n t h e A p p li ca ti o f o C R IS C C e r i fi ca ti o

C o n i nu in g E d uc a ti o P o li c i n e ff ec t a t t h t im e o f m y a p p li ca ti on , c ov e ri n p ro ce s s a n c on ti nu in g e d uc a ti o p ol ic ie s . a g re e t o d e ni a o f C e rt if ic a ti o m y e n i r a pp li ca t o n f e I SA C A i

an

e de l v e

o f a n c e i fi ca t

a n d C R IS C

h e c e rt if ic a ti o

a n t o f or fe it ur e o f

o r o th e c re de n a l g ra n e d m e b y

h e e ve n h a a n o f h e s ta te m en t o r a n sw e r m a d b y m e i n t hi s a p p c a o n a r

f a ls e o r i n t h e e v e n t h a I v i o la t e a n y o f t h e r u le s o r r e gu l at io n g o v er ni n t h C R I S Cc e rt if ic a ti o p ro g ra m .

u n de rs ta n d t ha t a l c e rt if ic a te s a r o w ne d b y I S AC A a n d i f m y c e rt if ic a t

i s g ra n te d

a n d t h e r e vo k ed , w i l d e s tr o t h e c e rt if ic a te . au ho ze ve

S AC A t o m ak e w ha te ve r

m y c re de n a l

an

ma

be

an

Sy em

e d b y S AC A

u nd e s ta n

ha

n fo rm a t o n w i

v es t g a o n

m y p ro fe ss io na l s ta nd i g . Co

y ou r c e

hi

ca

pa es wh

am ab

B y s ig n n g b e o w y o

qu es an

qu e.

a pp ea l h e d e s i

a u th o z e

b e u se d

SAC

yo

s ta tu s w i

be w, yo

be

an

n um b e

e re s e d yo

p ro mo t o na l c om m un ic a i on s y ou r a n

a cc u a te . T o e a

o n h i f o m , p le a s

B y s ig n

h av e p ro v d ed , n c u di n Yo mo

ur he

e p re se n

a b ou t h o

o r p u c ha s

o th e

S AC A

yo at hat

time. h e e b y a g re e h a m le s

ho

I SA C A

o ff ic e s , d i e c o rs , e xa m in e s , e m p o ye es , a n

f ro m a n c om p la in t c la im , o r d a m ag e a ri s n g o u o f a n y a c i o o r o m is si o

of hem

c on ne c o n w i

hi

a pp l c a o n

h e a pp l c a o n p ro ce ss ; h e f ai lu r

a n y c e rt if ic a te ; o r a n y d e m a n f o f or fe i tu r e o r r e de l iv e r he ab e,

un er an

an

a p p c a o n m u s b e b ro ug h g ov e n e

ag ee ha

an

ac

by an s su e m e

o f s u c h c e rt if ic a te . N o tW i t hs ta n d in g ar

ut

pe ai

h e C i c ui t C ou r o f C oo k C ou n y , I l i no is , U S A a n

b y h e a w s o f t h e S ta t o f

a g en ts ,

hi s ha l b e

nos, USA

R is k ma

S O L E LY A N D E X C LU S IV E L YW I T H I SA C A A N D T H A T T H E D E C IS IO N O F I S AC A I S F IN A L . I H A V E R EA D A N D U ND ER ST AN D T H ES E S TA TE M EN T A N

N TE N

T O B E L EG AL L B OU N D B Y

THEM.

T h e c on ta c

o th e r n fo rm a t o n

au ho ze

ha

w h ic h w e

S AC A t o c o a c y o

p ro v d e y o w i

we us

e a d o u P r v ac y P o c y a va i a b

u r e ve n

m a y a ls o b e u se d b y I SA C A t s en d y o

be ev

ma

ed

a pp r e d

y ou r c e i f c a o n s ta tu s

s e v ic es , a n

yo

Ce

b ec om e p ub l c , a n

aten

U N D E RS T A N DT H A T T H E D E C IS IO N A S T O W H E T H E R I Q U A L IF Y F O R C E R T IF IC A T IO NR E S T S

n ec es sa r

m y a pp l a t

n fo rm a t o n a b ou t e la te d I SA C A g o od s a n h e a dd re s

b ec om e

y o e le c

b y c on ta c n g [email protected].

d is c o s

u l i l y ou r e qu es t a n

d ee m

a nd /

p ro g a m s o r s e v ic es , n fo rm a t o n y o s ub m i m a y a ls o b e u se d a s d es c b e

h e i nf o m a ti o

at

m a rk e n g a n yo

p ro v d e

h e i n o rm a t o n y o h av e p ro v d e

a t www.isaca.org.

If y o

a r a lr ea d y

( Fo r y ou r a p p c a o n

b e c om p le t

yo mus ncud

y ou r n am e , s ig na tu r

an da

above.)

A-2

C e rt if ie d i n R i s a n d I n fo r m a ti o n S y s te m s C o n tr o l

A p p l ic a t o n o r C R IS C C e r

er ficati

cat on P ag e V -

AnlSACAOCertlllcallon

Work

Se tion 4-Requ st

or

xper ence

or

xper ence

rm

ag

2)

er fication

I, ---,-,----,,------;-;;-c-;-;-;-;-----;-------------------------------(ApplicantPrintedName)

am applying fo th Certifie in Risk an Informatio System Contro (CRISC

certification. As such, my wor experienc in identifying, assessing evaluating, respondin to, and monitorin ris and/or designing implementing monitoring, and maintaining information system controls mus be independentl verified by individuals knowledgeable of my wor experienc (current or previous employer). Th individual verifyin th work experience must be an independen verifier an no of an relation to th applican no ca th verifier verify hislhe ow work If currentl or once worked as an independen consultant can us knowledgeabl client or colleague to perfor thi role. Please verify my risk and/or IS control-relate experience as note on my attached applicatio form an as describe by th CRIS jo practice domain an task statements (see page V-2) Please return th complete form to me fo my submission to ISACA. If yo have an question concerning this form pleas direct them to [email protected] or cal 1.847.660.5660 Thank you

pplicantSignature

Se tion 5-Veri ic tion Verifier Name:

Date

of Work

xp rien

-------~L-as~tIF~IDm~•y~N~am--e-----------------------F~ir~s~1JGi~.v-en~N~am--e----------------------------~M~i~ddl

..e-I.n"m~al.--------

Street

am attestin to th employment experience listed in Sectio I-Employment History. rb xn r( x1 x 2, e ) or e rn .L ta t a y to t s v 1.I have functioned in supervisor or othe relate position to th applican an ca verify hislhe work experience (Section of th application) 2. ca attest to th duration of th applicant' work experience on this applicatio with my organization , I a t to e ef 3. ca attest to th duration of th applicant' work experience on this applicatio prio to hislhe affiliatio wit my organization 4. ca attest that th task performe by th applicant, as checke ar correc to th best of my knowledge.

DN/A

DN/A

DN/A

on th verification form page V-2,

5. ca attest to th fact that th applican is competen in performing th task as checke fo ag -2

on th verification

6. Is ther an reason yo believ this applican should no be certifie in Risk an Informatio System Contro byISACA?

V-1

C e rt if ie d

R is k

Sy em

CR SC Cert~ication

App ca

!_ a n d I n fo r m a ti o n C on t

P ag e V -

AnSA~Cerllflcatlon

rifi

io

ri

rm (p

y N

CRIS

jo

( A p li ca nt s

practice do

in

n N

nd ta

a r r eq ui re d t o c he ck ma r if at

st te

e I

ts

( 1 Y i or 1 8 1 ) ss en

an

al

ti

(RI)

C ol le c i nf or ma ti o a n r ev ie w d oc um en ta ti o t o e ns ur e t ha t r is k a r i d n ti fi e a n e va lu at ed . I de nt if y l e a l r eg ul at or y a n c on tr ac tu a r eq ui re me nt s a n o rg an iz at io na l o li ci e a n s ta nd ar d r el at e t o I S t o d et er mi n t he i p ot en ti a i m a c o n t h business objectives. I de nt if y p ot en ti a t hr ea t a n v ul ne ra bi li ti e f o b us in es s p ro ce ss es , a ss oc ia t d at a a n s up p r ti n c ap ab il it ie s t o a ss is t i n t h v al ua ti o o f e nt er pr is e r is k te is is th ll fi A ss em bl e r is k s c n ar i t o e st im at e l ik el ih oo d a n i m a c o f s ig ni fi ca n r is k t o t h o rg an iz at i n . A na ly z r is ks , i nc id en t a n i nt er de pe nd en ci e t o d et er mi n t h i r i m a c o n u si ne s o bj ec ti ve s is ss tr to ld rs tr ri risk-aware culture. C or re la t i de nt if ie d r is k t o r el ev an t b us in es s p ro c s se s t o a ss is t i n i de nt if yi n r is k o wn er sh ip . V al id at e r is k a pp et it e a n t ol er an c w it h s e i o l ea de rs hi p a n k e s ta ke ho l e r t o e ns ur e a li gn me nt .

ti

is

is is th A ss is t i n t h

it is

te e ve lo pm en t

le

rs

it fi

io le

io

to ti

le ri

si s. my

lo me is io to is fi iz ti b us in es s c as e s up po rt in g t h i nv es tm e p la n t o e ns ur e r is k r es po ns e a r a li gn e

le li th it it in I de nt if y a n r ep or t o n c om pl ia nc e

ss

ta

is in r is k

ie

t or s

in KR

t or s

RI to

le w it h t h i de nt if ie d b us in es s

st

in

in ie tl

in ro id

i ci e tr

io ma in ff ti

th

je

ti

ig ti it re ig me th in it ti ic ti re (e io te ir to level. it tr ig im io is l em e t e ly t hi n t i id ts im io IS in ld ia e s I S c on tr ol s t o v er if y e ff ec ti ve ne s a n e ff ic ie nc y r io r t o i mp le me nt at io n ls to ti it ti ic ti me KP le tr fo ma in ti t om at e ro r ov i d oc um en t t io n a n t ra i i n t o e ns ur e I S c on tr ol s a r e ff ec ti ve l p er fo rm ed . n su r a l c on tr ol s a r a ss ig ne d c on tr o o wn er s t o e st a l is h a cc ou nt ab il it y s ta bl is h c on tr o c ri te ri a t o e na bl e c on tr o l if e c yc l m an ag em e t .

la su C ol le c i nf or ma ti o li

b je ct iv es .

tu

iv ie is re st is ws re t o i ni ti at e c or re ct iv e a ct io n a n m ee t r e u l t or y r eq ui re me nt s

ta ig to r as t

te

te ir ti ic a n r ev ie w d oc um en ta ti o t o i de nt if y I S c on tr o d ef ic ie nc ie s rd ro ri th is to ls te tr ic ti ro m at u mo id if tr ic ie it to su th te ta re ti t o r el e ta to le in me

tr

ti

m pt l

in

je ti

r ol s i nt e

t er n

s.

we th

ie ie in ff

ro ia IS

ty r em e i at e

s.

io

V-2

I S A C A " C e r t if ic a t i o n

Telephone

+1.847.253.1545

Fax +1.847.253.1443 E-mail: We

[email protected] s it e

www.isaca.org