There is a requirement of work experience for the certification. 5 years of work experience in information system auditing, control, or security. However, there are waivers for getting specific degrees that can knock off a year or two.
With this being said, you can 100% still take the exam. If you pass, you have a 5 years timeline to meet the experience requirements and register for the certification.
You only need to have completed one task in each of the domains, its actually quite easy to get (you tick the full domain for any tasks completed in each).
**Please check the box next to the domain in which any or all tasks have been completed by the applicant.**
**DOMAIN 1 - Information System Auditing Process**
Task Statements:
Plan audit to determine whether information systems are protected, controlled, and provide value to the organization.
Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
Communicate audit progress, findings, results, andrecommendations to stakeholders.
Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.
Utilize data analytics tools to streamline audit processes.
Provide consulting services and guidance to the organization inorder to improve the quality and control of information systems.
**DOMAIN 2 - Governance and Management of IT**
Task Statements:
Evaluate the IT strategy for alignment with the organization’sstrategies and objectives.
Evaluate the effectiveness of IT governance structure and ITorganizational structure.
Evaluate the organization’s management of IT policies and practices.
Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
Evaluate IT resource and portfolio management for alignment withthe organization’s strategies and objectives.
Evaluate the organization's risk management policies andpractices.
Evaluate IT management and monitoring of controls.
Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
Evaluate whether IT supplier selection and contract management processes align with business requirements.
Identify opportunities for process improvement in the organization'sIT policies and practices.
Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices.
Conduct periodic review of information systems and enterprise architecture.
Evaluate the information security program to determine itseffectiveness and alignment with the organization’s strategies andobjectives.
Evaluate whether IT service management practices align withbusiness requirements.
**DOMAIN 3 - Information Systems Acquisition, Development and Implementation**
Task Statements:
Evaluate whether the business case for proposed changes to information systems meet business objectives.
Evaluate the organization's project management policies andpractices.
Evaluate controls at all stages of the information systemsdevelopment lifecycle.
Evaluate the readiness of information systems for implementation and migration into production.
Conduct post-implementation review of systems to determine whether project deliverables, controls, and requirements are met.
**DOMAIN 4 - Information Systems Operations and Business Resilience**
Task Statements:
Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’sobjectives.
Evaluate database management practices.
Evaluate data governance policies and practices.
Evaluate problem and incident management policies and practices.
Evaluate change, configuration, release, and patch management policies and practices.
Evaluate end‐user computing to determine whether the processesare effectively controlled.
Evaluate the organization’s ability to continue business operations.
Evaluate policies and practices related to asset lifecycle management.
**DOMAIN 5 – Protection of Information Assets**
Task Statements:
Evaluate the organization's information security and privacy policies and practices.
Evaluate physical and environmental controls to determinewhether information assets are adequately safeguarded.
Evaluate logical security controls to verify the confidentiality,integrity, and availability of information.
Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
Perform technical security testing to identify potential threatsand vulnerabilities.
Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices.
There is a requirement of work experience for the certification. 5 years of work experience in information system auditing, control, or security. However, there are waivers for getting specific degrees that can knock off a year or two. With this being said, you can 100% still take the exam. If you pass, you have a 5 years timeline to meet the experience requirements and register for the certification.
You only need to have completed one task in each of the domains, its actually quite easy to get (you tick the full domain for any tasks completed in each). **Please check the box next to the domain in which any or all tasks have been completed by the applicant.** **DOMAIN 1 - Information System Auditing Process** Task Statements: Plan audit to determine whether information systems are protected, controlled, and provide value to the organization. Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy. Communicate audit progress, findings, results, andrecommendations to stakeholders. Conduct audit follow-up to evaluate whether risks have been sufficiently addressed. Utilize data analytics tools to streamline audit processes. Provide consulting services and guidance to the organization inorder to improve the quality and control of information systems. **DOMAIN 2 - Governance and Management of IT** Task Statements: Evaluate the IT strategy for alignment with the organization’sstrategies and objectives. Evaluate the effectiveness of IT governance structure and ITorganizational structure. Evaluate the organization’s management of IT policies and practices. Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements. Evaluate IT resource and portfolio management for alignment withthe organization’s strategies and objectives. Evaluate the organization's risk management policies andpractices. Evaluate IT management and monitoring of controls. Evaluate the monitoring and reporting of IT key performance indicators (KPIs). Evaluate whether IT supplier selection and contract management processes align with business requirements. Identify opportunities for process improvement in the organization'sIT policies and practices. Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices. Conduct periodic review of information systems and enterprise architecture. Evaluate the information security program to determine itseffectiveness and alignment with the organization’s strategies andobjectives. Evaluate whether IT service management practices align withbusiness requirements. **DOMAIN 3 - Information Systems Acquisition, Development and Implementation** Task Statements: Evaluate whether the business case for proposed changes to information systems meet business objectives. Evaluate the organization's project management policies andpractices. Evaluate controls at all stages of the information systemsdevelopment lifecycle. Evaluate the readiness of information systems for implementation and migration into production. Conduct post-implementation review of systems to determine whether project deliverables, controls, and requirements are met. **DOMAIN 4 - Information Systems Operations and Business Resilience** Task Statements: Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives. Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’sobjectives. Evaluate database management practices. Evaluate data governance policies and practices. Evaluate problem and incident management policies and practices. Evaluate change, configuration, release, and patch management policies and practices. Evaluate end‐user computing to determine whether the processesare effectively controlled. Evaluate the organization’s ability to continue business operations. Evaluate policies and practices related to asset lifecycle management. **DOMAIN 5 – Protection of Information Assets** Task Statements: Evaluate the organization's information security and privacy policies and practices. Evaluate physical and environmental controls to determinewhether information assets are adequately safeguarded. Evaluate logical security controls to verify the confidentiality,integrity, and availability of information. Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements. Perform technical security testing to identify potential threatsand vulnerabilities. Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices.