CGRC – Governance, Risk and Compliance Certification
Capitalize on the rising demand for Governance, Risk and Compliance (GRC) expertise by earning the CGRC certification. The CGRC is a proven way to demonstrate your knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within your organization.
CGRC professionals utilize frameworks to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management and more.
Exam format
- Exam duration: 3 hours
- Number of questions: 125
- Format: Multiple choice & advanced question types
- Pass rate: 70% (700/1'000 points)
- Language: English
- Exam content: The 7 domains
- Domain 1: Security- und Datenschutz-Governance, Risiko- und Compliance-Management-Programm - 16%
- Domain 2:Systemumfang und Systemabgrenzung - 10%
- Domain 3:Auswahl und Freigabe von Frameworks sowie Sicherheits- und Datenschutzkontrollen - 14%
- Domain 4: Implementierung von Sicherheits- und Datenschutzkontrollen - 17`%
- Domain 5: Bewertung und Auditierung von Sicherheits- und Datenschutzkontrollen - 16%
- Domain 6: System Compliance - 14%
- Domain 7: Aufrechterhaltung der Compliance - 13%
Applying for certification
Once you have passed the CGRC® exam, you can apply for the official ISC2 certificate. To do so, you must sign the ISC2 Code of Ethics, and your professional experience must be verified by an actively certified ISC2 professional. Certification must be completed within nine months of the exam date. If you are unable to find a suitable person, ISC2 will assist you in validating your application.
Recertification
The CISSP® certificate is valid for three years. To maintain your certification, you must provide proof of continuing professional education (CPE) and pay the annual maintenance fee (AMF) to ISC2. This ensures that your expertise remains up to date and your status as a Certified Professional remains active.