iso 27001, iso 19011, internal audit, iso27001, iso 27005, iso certification, iso 27000iso 27001, iso 19011, internal audit, iso27001, iso certification, iso 27000

Get trained and certified in ISO 27001 Information Security management and iso 27005 Risk Management

Information is a valuable asset in any organization, whether it's printed or written on paper, stored electronically or sent by mail or electronic means. Organizations now have the duty to consider how information is regulated, how it is used and protected by vendors, and how the expectations of its customers and trading partners affect its current information management processes. In short, managing information security has become much, much more than keeping hackers out of an IT network. It has grown from a departmental management issue to become a corporate governance issue that requires professional management and oversight according to international standards. How do you know if the organization's information security is good enough to hold up to all of these expectations?

To effectively manage the threats and risks to your organization's information you should establish an Information Security Management System (ISMS). An ISMS based on the international standards ISO/IEC 27001: 2005 will help you to implement an effective framework to establish, manage and continually improve the security of your information.The organization can then even get proof of its adherence to best practices by getting a respected ISO/IEC 27001 certification.

CICRA™ and CICA™ Certification

The CICRA and CICA credentials by Certified Information Security certify your understanding of how ISO/IEC 27001, 27002, 27003, and 27005 standards can be used to develop a custom fit-for-purpose risk management methodology and Information Security Management System that fulfills the requirements of ISO/IEC 27001. It also helps fulfil the organizational competence requirements of the ISO/IEC 27001 standard itself!

Get trained. Get certified. Be recognized as an ISO 27001 information security architect.

  • CICRA
  • CICA
  • CICRA_180
    This is the risk management certification supporting a career in risk management, information security management, or business continuity/disaster recovery management. It is appropriate for all members of the BCMS or ISMS committee.
    This certification credentials your competence and understanding for developing and managing a custom risk-management methodology based upon the ISO/IEC 27005 Risk Management Framework.

    CICRA™ Certification

    The ISO/IEC 27001 certification of an organization's Information Security Management System (ISMS) requires that all security methods and controls must be driven by risk assessment as defined in an organization's formal documented risk management methodology. BS 25999-2 certification of an organization's Business Continuity Management System (BCMS) requires the same.

    Because all information security analysis, controls, and processes are essentially a product of risk management, ISO/IEC 27005 provides the framework for how to apply proper risk management within the ISO/IEC 27001/27002 ISMS, or within the BS 25999 BCMS.

    The CICRA credential by Certified Information Security certifies your understanding of ISO/IEC 27005, and how the 27005 framework can be used to develop a custom risk management methodology that fulfills the requirements of both ISO/IEC 27001, and BS 25999-2. It also helps fulfil the competence requirements of the certifications themselves.

    Getting Certified as a CICRA™

    The CICRA™ certification is available to qualified candidates who:

    1. Are a member of CIS in good standing.
      If you are not already an Associate member of the CIS certification student body, you must first become a member to pursue the CICRA credential.
    2. Attend one  of the following the required CIS approved curriculum courses:
      • Option 1: Instructor-led training:If you attend either of the following live instructor-led seminars, you will fulfill the training requirement for CICRA certification.
        • Establishing a Business Continuity Management System
        • Using ISO 27005 to Develop & Deploy Enterprise Risk Management
      • Option 2: Online training: Our online students have the alternative to attend our risk management training as a free-standing course. Successfully completing the following online course fulfills the training requirement for CICRA certification.
    3. Pass the CICRA Exam.
      For CICRA certification by CIS, candidates must pass CIS exam RM101. CIS exams are administered on-line and can be taken at your convenience at your home or work through the CIS eLearning Center, where your progress and score are monitored and recorded centrally. Your exam results are provided automatically upon completion of your exam.
    4. Submit your professional endorsements.
      CICRA is an entry-level credential and has no experience requirements.
      Complete your CIS exam RM101and submit three CIS Candidate Endorsement Forms to the Certification Department at CIS Headquarters. Your completed application and documentation can be mailed, transmitted by facsimile, or e-mailed to:

      Certified Information Security
      ATTN: Certification Department
      1004 Green Pine Circle
      Orange Park, FL 32065 USA
      Fax: +1(786) 522-9063
      E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

    5. Gain final approval from the certification committee and become certified by CIS.
      You will officially become certified once your exam and credentials are approved by the certification committee. Your certification kit will be mailed to the address you provided for your membership account. Those who have attained a CIS credential will be invoiced for certification renewal upon annual membership renewal. 
    Upgrade Path: Certified Business Continuity Strategist (CBCS™) or Certified Internal Controls Architect (CICA™)
  • CICA_180
    CICA™ is the expert-level certification for information security professionals with at least two years of qualified experience. This certification maps to and fulfills all ISO/IEC 27001 competence requirements.

    CICA™ Certification

    Building upon the foundation understanding of the ISO 27005 risk management framework validated by the Certified Internal Controls Risk Analyst credential , the Certified Internal Controls Architect (CICA) certification by CIS certifies your ability to develop the formal structure, governance, and policy of an ISO 27001 conforming Information Security Management System (ISMS). Furthermore, the CICA certification ensures that you are qualified to develop strategic objectives according to core ISO 27001, 27002, 27003, and 27005 best practices.

    Getting Certified as a CICA™

    The CICA™ certification is available to qualified candidates who:

      1. Are a member of CIS in good standing.
        If you are not already an Associate member of the CIS certification student body, you must first become a member to pursue the CICA credential.
      2. Attend the required CIS approved curriculum course(s):
      3. Gain the required experience.
        CICA certification requires at least two years of experience in two or more of the domains of the ISO 27001 and 27002 standards as tested in CIS exams RM101, ISMS101, and ISMS102.
      4. Pass the CICA Exams.
        Once you have successfully completed all of the steps above, you can attempt your certification exams #RM101, #ISMS101, and #ISMS102. CIS exams are administered online and can be taken at your convenience at your home or work through the CIS eLearning Center, where your progress and score are monitored and recorded centrally. Your exam results are provided automatically upon completion of your exam.

      5. Submit your professional endorsements.

        Complete your CIS exams RM101, ISMS101, and ISMS102 and submit three CIS Candidate Endorsement Forms to the Certification Department at CIS Headquarters. Your completed application and documentation can be mailed, transmitted by facsimile, or e-mailed to:

        Certified Information Security
        ATTN: Certification Department
        1004 Green Pine Circle
        Orange Park, FL 32065 USA
        Fax: +1(786) 522-9063
        E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

      6. Gain final approval from the certification committee and become certified by CIS.
        You will officially become certified once your exam and credentials are approved by the certification committee. Those who have attained a CIS credential will be invoiced for certification renewal upon annual membership renewal.