Certified Information Systems Risk and Compliance Professional (CISRCP), distance learning and online certification program


Which is one of the biggest mistakes companies and organizations make in the areas of risk, compliance, IT, information security and privacy? They rely on expert opinion and technical advice that is not based on laws and regulations.

To minimize liability and reduce risks, including losses from legal action, managers and experts must understand the current legal environment.

The CISRCP program deals with the interaction of US and EU executive orders, directives and regulations that shape international standards and best practices. It covers the General Data Protection Regulation (GDPR) of the EU, and the extraterritorial application of EU law, including the data protection "by design" and "by default".


The CISRCP program has been designed to provide with the knowledge and skills needed to understand the legal and regulatory obligations that shape international standards and best practices in risk, compliance, IT, information security and privacy protection. The course provides with the skills needed to pass the Certified Information Systems Risk and Compliance Professional (CISRCP) exam.

Target Audience

The CISRCP certification program is beneficial to:
- Managers and employees involved in the design and implementation of risk, compliance, IT, information security and privacy protection strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring and reporting.
- Vendors, suppliers and service providers.

This course is intended for employers demanding qualified professionals that meet the fit and proper requirements.

Course Synopsis

Part 1: US Executive Orders and federal government regulation that shape cybercrime laws, regulations and international standards.

Executive orders.
National Security Decision Directive 145 (NSDD 145).
National Security Presidential Directive 38 (NSPD 38).
The National Strategy to Secure Cyberspace.
National Security Presidential Directive 54 (NSPD 54).
Homeland Security Presidential Directive 23, (HSPD 23).
Einstein 1, 2 , E3A.
Executive Order 13587.
Executive Order (EO) 13636.
PPD 21.
Executive Order 13636.
Executive Order 13691.
PPD 41.
Executive Order 13794.
Executive Order 13800.

US federal government regulation.
Health Insurance Portability and Accountability Act (HIPAA).
Gramm-Leach-Bliley Act.

Part 2: The European Union's directives and regulations that shape international standards.

The Budapest Convention on Cybercrime, 2001.
The EU Cybersecurity Strategy, 2013.
Directive 2013/40/EU.
The Digital Single Market Strategy, 2015.

The European Agenda on Security, 2015.

The EU Computer Emergency Response Team (CERT-EU).
Europol’s Cybercrime Centre (EC3).
The EC3 Programme Board.

The directive on security of network and information systems (NIS Directive), 2016.
The NIS Directive, important parts.

Critical infrastructure protection in the EU.
Directive 2008/114/EC.
COM (2006) 786.
JOIN (2017) 450.
Reform of cyber security in Europe.

Part 3: The General Data Protection Regulation (GDPR) of the EU, and the extraterritorial application of EU law.

Important sections of the GDPR.
Principles relating to processing of personal data.
Data protection "by design" and "by default".
Representatives of controllers or processors not established in the Union.
Information security.
Security of processing.
Appropriate level of security, "taking into account the state of the art".
The "data protection impact assessment ".
Transfers of personal data to third countries.
GDPR practical steps, from ENISA.

Closing remarks.
World Economic Forum, Global Centre for Cybersecurity.

For secure payment we work with PayPal, the faster and safer way to make online payments. With PayPal we minimize the cost of administration and compliance with national and international laws, so we can keep the cost of our programs and services so low.

Only PayPal receives your credit card number and your financial information. We receive your full name, your email, and your mail address. According to the PayPal rules, you have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email and we will refund the payment, no questions asked.

When you click "Buy Now" below, you will be redirected to the PayPal web site. Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Rebackerstrasse 7, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

We will send the program up to 24 hours after the payment. Please remember to check the spam folder of your email client too, as emails with attachments or heavier than 100KB are often landed in the spam folder.

The all-inclusive cost is $297. There is no additional cost, now or in the future, for this program.

What is included in this price:

A. The official presentations (1,154 slides)

The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.

B. Up to 3 online exam attempts per year

Candidates must pass only one exam to become CISRCPs. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.

If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.

If they do not achieve a passing score the second time, they can retake the exam a third time.

If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for any additional exam attempts.

To learn more you may visit:


C. The certificate

Processing and posting via registered mail with tracking number.

Frequently Asked Questions

1. How comprehensive are the presentations? Are they just bullet points?

Answer: The presentations are not bullet points. They are effective and appropriate to study online or offline.

2. Do I need to buy books to pass the exam?

Answer: No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations.

If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, to know where to find the answer of a question.

3. Is it an open book exam? Why?

Answer: Yes, it is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

4. Do I have to sit for the exam soon after receiving the presentations?

Answer: No. You can sit for the exam from your office or home, any time in the future. Your account never expires and there is no restriction of any kind.

5. Do I have to spend more money in the future to remain certified?

Answer: No. Your certificate never expires. It will be valid, without the need to spend money or to sit for another exam in the future.

6. Ok, the certificate never expires, but things change.

Answer: Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.

Things change, and this is the reason you need to become (at no cost) a member of the association. You will receive our newsletter every Monday, with updates, alerts and opportunities, to stay current.

7. How many hours do I need to study to pass the exam?

Answer: You must study the presentations at least twice, to ensure you have learned the details. The average time needed is about 35 hours, but there are important differences.

8. I want to learn more about the online exam.

Answer: You will be given 90 minutes to complete a 35-question multiple-choice exam. You must score 70% or higher.

We do not send sample questions. If you study the presentations, you can score 100%.

9. Why should I get certified?

Answer: Firms and organizations hire and promote "fit and proper" professionals who can provide evidence that they are qualified.

Employers need assurance that employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities.

It is important to get certified and to belong to professional associations. You prove that you are somebody who cares, learns, and belongs to a global community of professionals.

10. Why should I choose your certification program?

Answer: We strongly believe that we offer very good value for money:

1. The all-inclusive cost of the program ($297) is very low. There is no additional cost for this program, now or in the future, for any reason.

2. There are 3 exam attempts per year that are included in the cost of the program, so you do not have to spend money again if you fail.

3. No recertification is required. Your certificate never expires.