Earn Your GRC Certification – Be a Governance, Risk and Compliance Leader! Capitalize on the rising demand for Governance, Risk and Compliance (GRC) expertise by earning the CGRC certification. The CGRC is a proven way to demonstrate your knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within your organization. CGRC professionals utilize frameworks to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management and more.
The CGRC is ideal for IT, information security and information assurance practitioners who work in Governance, Risk and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization, including positions like:
To qualify for the ISC(2) CGRC certification, you must:
Learn more about CGRC Experience Requirements.
Don’t have enough experience yet? You can still pass the CGRC exam and become an Associate of ISC2 while you earn the required work experience.
In this CGRC Certification and Training, you will learn how to:
Domain 1: Information Security Risk Management Programme
1.1 Understand the foundation of an organisation's information security risk management programme » Principles of information security
1.2 Understand risk management programme processes
Domain 2: Scope of the Information System
2.1 Define the information system
2.2 Determine categorisation of the information system
Domain 3: Selection and Approval of Security and Privacy Controls
3.1 Identify and document baseline and inherited controls
3.2 Select and tailor controls to the system
3.3 Develop a continuous control monitoring strategy (e.g., implementation, timeline, effectiveness)
3.4 Review and approve security plan/Information Security Management System (ISMS)
Domain 4: Implementation of Security and Privacy Controls
4.1 Implement selected controls
Domain 5: Assessment/Audit of Security and Privacy Controls
5.1 Prepare for assessment/audit
5.2 Conduct assessment/audit
5.3 Prepare the initial assessment/audit report
5.4 Review initial assessment/audit report and perform remediation actions
5.5 Develop final assessment/audit report
5.6 Develop a remediation plan
Domain 6: Authorisation/Approval of Information System
6.1 Compile security and privacy authorisation/approval documents
6.2 Determine information system risk
6.3 Authorise/approve information system
Domain 7: Continuous Monitoring
7.1 Determine the impact of changes to information systems and the environment
7.2 Perform ongoing assessments/audits based on organisational requirements
7.3 Review supply chain risk analysis monitoring activities (e.g., cyber threat reports, agency reports, news reports)
7.4 Actively participate in response planning and communication of a cyber event
7.5 Revise monitoring strategies based on changes to industry developments introduced through legal, regulatory, supplier, security, and privacy updates
7.6 Keep designated officials updated about the risk posture for continuous authorisation/approval
7.7 Decommission information system
This course and materials will help prepare you to take the CGRC – Governance, Risk and Compliance Certification
IMPORTANT! The CGRC exam voucher is NOT included in this CC training.