CISA - Frequently Asked Questions
Below are some of the more frequent questions we receive regarding CISA (Certified Information Systems Auditor). A more comprehensive FAQ, covering Exam Registration as well as Certification information, is available on the ISACA CISA web site.
1. What are the qualifications to earn the CISA credential?
Qualifying for CISA requires a combination of four "e's": experience, ethics, education and exam. Specifically, the requirements are:
- Successful completion of the CISA exam
- Adherence to a code of professional conduct
- Commitment to continuing professional education
- A minimum of five years of professional information systems auditing, control or security work experience (as described in the job practice areas) is required for certification. Substitutions and waivers of such experience may be obtained if certain education and general IS or audit experience requirements are met.
2. Will CISAs qualify for CISM?
The CISM certification program recognizes the achievement of the CISA credential as a baseline representation that an individual has gained general information security skill and knowledge. As such, CISAs receive a two-year general information security waiver. However, CISAs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager.
