Hubbry Logo
ISACAISACAMain
Open search
ISACA
Community hub
ISACA
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
ISACA
ISACA
ISACA
View on Wikipedia
from Wikipedia

ISACA (formally the Information Systems Audit and Control Association) is an international professional association focused on IT (information technology) governance.[1][5][6]

Key Information

ISACA currently offers 8 certification programs, as well as other micro-certificates.

History

[edit]

ISACA originated in United States in 1967,[5] when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations. They identified a need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, an employee of the (later) Douglas Aircraft Company, incorporated the group as the EDP Auditors Association (EDPAA).[7] Tyrnauer served as the body's founding chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge of and value accorded to the fields of governance and control of information technology.

The association became the Information Systems Audit and Control Association in 1994.[8]

By 2008 the organization had dropped its long title and branded itself as ISACA.[9]

In March 2016, ISACA bought the CMMI Institute, which is behind the Capability Maturity Model Integration.[10]

In January 2020, ISACA updated and refreshed its look and digital presence, introducing a new logo.[11]

Current status

[edit]

ISACA currently serves more than 185,000 constituents (members and professionals holding ISACA certifications) in more than 180 countries.[12] The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer, chief information security officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with more than 225 chapters established in over 180 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.[13]

Major publications

[edit]

Certifications

[edit]
  • Certified Information Systems Auditor (CISA,1978)[14]
  • Certified Information Security Manager (CISM, 2002)[14]
  • Certified in the Governance of Enterprise IT (CGEIT, 2007)[14]
  • Certified in Risk and Information Systems Control (CRISC, 2010)[14]
  • Cybersecurity Practitioner Certification (CSX-P, 2015)[15]
  • Certified Data Privacy Solutions Engineer (CDPSE, 2020)[16]
  • Information Technology Certified Associate (ITCA, 2021)[17][18]
  • Certified in Emerging Technology (CET, 2021)[19][20]
  • Certified Cybersecurity Operations Analyst (CCOA, 2025)
  • Advanced in AI Audit (AAIA, 2025)
  • Advanced in AI Security Management (AAISM, 2025 Beta)

The CSX-P, ISACA's first cybersecurity certification, was introduced in the summer of 2015. It is one of the few certifications that require the individual to work in a live environment, with real problems, to obtain a certification. Specifically, the exam puts test takers in a live network with a real incident taking place. The student's efforts to respond to the incident and fix the problem results in the type of score awarded.[21]

Certificates

[edit]
  • IT Audit Fundamentals Certificate
  • IT Risk Fundamentals Certificate
  • Certificate of Cloud Auditing Knowledge
  • Cybersecurity Audit Certificate
  • Computing Fundamentals Certificate
  • Networks and Infrastructure Fundamentals Certificate
  • Cybersecurity Fundamentals Certificate
  • Software Development Fundamentals Certificate
  • Data Science Fundamentals Certificate
  • Cloud Fundamentals Certificate
  • Blockchain Fundamentals Certificate
  • IoT Fundamentals Certificate
  • Artificial Intelligence Fundamentals Certificate
  • COBIT Design and Implementation
  • Implementing the NIST Cybersecurity Framework Using COBIT 2019
  • COBIT Foundation
  • COBIT 5 Certificates

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

ISACA

View on Grokipedia
from Grokipedia
ISACA (Information Systems Audit and Control Association) is a global and standards body founded in 1969 as the Electronic Data Processing Auditors Association (EDPAA), dedicated to empowering professionals with knowledge, skills, credentials, and a global community to advance trust in technology. With over 185,000 members (as of 2025) across more than 190 countries and more than 230 local chapters worldwide, ISACA empowers professionals through industry-leading certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in the Governance of Enterprise IT), and CDPSE (Certified Data Privacy Solutions Engineer), as well as , research, frameworks like , advocacy, and networking opportunities to foster digital trust and career development. The organization plays a pivotal role in shaping global standards and policies for IT professionals, supporting enterprises in addressing challenges in cybersecurity, , compliance, and innovation through resources, tools, and .

History

Founding and Early Development

ISACA traces its origins to 1969, when seven professionals in the area, including Stuart Tyrnauer of the , incorporated the Electronic Data Processing Auditors Association (EDPAA) on October 23 to address the growing need for specialized auditing in computerized business environments. This formation occurred amid the rapid adoption of mainframe computers in the late 1960s, where traditional auditing methods struggled to evaluate electronic (EDP) systems for accuracy, , and control. Tyrnauer served as the founding chairman for the first three years, guiding the association's initial efforts to develop standards and practices for IT auditing during this transformative era. The association's first formal activities centered on its incorporation in the United States as a dedicated to advancing EDP auditing. Early operations were modest, beginning with the seven founders and expanding through local networking among IT auditors facing challenges in verifying automated financial and operational processes. By the early 1970s, membership had grown to a few hundred professionals, reflecting increasing recognition of the need for dedicated expertise in auditing emerging computer technologies. In 1970, EDPAA launched its first newsletter to facilitate knowledge sharing among members on auditing techniques and control issues in mainframe systems. This publication evolved, leading to the inaugural issue of The EDP Auditor in 1973, which became a key resource for disseminating best practices and case studies in information systems auditing. These early communications helped solidify the association's role in professionalizing IT audit amid the shift from manual to automated data processing.

Key Milestones

In 1978, ISACA introduced the Certified Information Systems Auditor (CISA) certification, establishing the first globally recognized credential for professionals in IT auditing, control, and assurance, which has since been earned by over 219,000 individuals worldwide as of 2025. This milestone solidified ISACA's role in standardizing expertise amid the rapid growth of information systems during the late 1970s. To better encompass its evolving focus on controls and broader information systems management, the association changed its name in 1994 from the Electronic Data Processing Auditors Association (EDPAA) to the Information Systems Audit and Control Association (ISACA). This rebranding, coinciding with the organization's 25th anniversary, reflected a shift from a narrow emphasis on auditing to comprehensive IT and risk practices. In 2008, the organization further rebranded to use only the acronym ISACA, dropping the full name while maintaining its mission. A pivotal advancement came in 1996 with the release of the first framework, which provided a foundational model for aligning IT processes with goals and became a for global IT standards. Building on this, ISACA addressed emerging security challenges by launching the certification in 2002, enabling professionals to demonstrate leadership in and strategy. Further expansion into risk management occurred in 2010 with the introduction of the certification, which has certified over 45,000 experts in identifying and mitigating IT-related risks as of 2025. In , ISACA marked its 50th anniversary—stemming from its 1969 founding—with a year-long series of global events, publications, and reflections that highlighted the organization's transformation from IT audit origins to a leader in digital trust and technology assurance. These celebrations included special journal issues, video retrospectives on evolution, and strategic discussions on future initiatives in cybersecurity and . In 2024, ISACA celebrated its 55th anniversary with reflections on its evolution, highlighting key achievements such as the growth of its certifications, frameworks like COBIT, and global impact in advancing digital trust.

Organizational Structure

Governance and Leadership

ISACA operates under a volunteer-led governance model, with its Board of Directors serving as the primary decision-making body. The board consists of 13 members, including elected directors and the CEO, who collectively define organizational strategy, provide oversight, ensure fiscal responsibility, and align activities with member needs. Key roles include the Chair, who leads board meetings and represents ISACA externally; the Vice Chair, who supports the Chair and assumes duties in their absence; and other directors who contribute to committees focused on audit, finance, and global engagement. Board members are nominated through an open process that begins after the Annual General Meeting (AGM), with candidates submitting applications for review by a nominations committee; elections occur via member vote, and new directors are installed at the following AGM to serve two-year terms. For the 2025-2026 term, the board is chaired by John De Santis, CISA, with Jamie Norton, CISA, serving as Vice Chair; other directors include Tracey Dedrick, Stephen Gilfus, Niel Harper, Gabriela Hernández-Cardoso, Jason Lau, Asaf Weisberg, Dr. Tim Sattler, and CEO Erik Prusch, among others, bringing diverse expertise in cybersecurity, IT governance, and global business. ISACA's global headquarters is located at 1700 E. Golf Road, Suite 400, in , USA, facilitating central operations and coordination. To support its international reach, the organization maintains regional offices in (via ISACA Europe Limited) and (including ), enabling localized engagement and resource delivery. As of 2025, Erik Prusch serves as , leading the executive team in executing board directives; Prusch, who joined in 2023, oversees operations with a focus on innovation and growth. Key executives include Ajay Barot as , Djenne Clayton as , and Chris Dimitriadis as Chief Global Strategy and Innovation Officer, who manage areas such as certification programs, educational resources, and advocacy efforts. ISACA upholds ethical standards through its Code of Professional Ethics, which requires members and certified professionals to act with objectivity, , and integrity while avoiding conflicts of interest. The organization prioritizes diversity and inclusion in , as evidenced by the board's composition representing varied geographic, professional, and cultural backgrounds to foster innovative decision-making. is guided by a multi-year framework emphasizing digital trust, with 2025 updates to the mission and vision reinforcing commitments to cybersecurity, , and global collaboration.

Membership and Global Presence

ISACA offers several membership categories tailored to different stages of . Student membership is available to full-time students enrolled in degree programs, providing access to educational resources and networking opportunities at a reduced rate. Professional membership serves as the core category for working individuals in information systems , control, , and fields, with tiered recognition based on tenure: Bronze for 3-4 years of continuous membership, Silver for 5-9 years, for 10-14 years, and for 15 or more years, each unlocking escalating perks such as exclusive offers and priority access to events. Retired membership accommodates former professionals who have retired from active practice, maintaining their connection to the community with voting rights in chapters and continued resource access at no or minimal cost. As of late 2025, ISACA boasts over 185,000 members across more than 190 countries, fostering a vast global network for knowledge sharing and career advancement. Members enjoy key benefits including unlimited access to an extensive library of research reports, templates, and tools; discounts of up to 25% on exam registrations; and more than 70 free continuing (CPE) credits annually through webinars, on-demand videos, and self-study options. These advantages support ongoing professional growth while emphasizing digital trust in technology professions. ISACA maintains nearly 230 chapters worldwide, enabling localized engagement and support for members in diverse regions. These chapters organize networking meetups, educational seminars, and sessions to address region-specific challenges in IT governance and cybersecurity. In , the organization expanded its footprint with new chapters in Jackson, Mississippi (USA), Doha (Qatar), and Bosnia and Herzegovina, each starting with dozens of initial members to bolster local communities. Chapters play a pivotal role in recruitment through programs like Member Get a Member, an annual initiative running from August to December that incentivizes existing members to refer new professionals, thereby strengthening the global network.

Mission and Core Activities

Focus Areas and Initiatives

ISACA's primary focus areas encompass a range of interconnected domains critical to advancing trust in , including IT and assurance, , , , , and emerging technologies such as (AI) and cybersecurity. These pillars guide the association's efforts to equip professionals with the tools and knowledge needed to navigate complex digital landscapes, ensuring that organizations can effectively manage technological risks while fostering innovation. For instance, in and , ISACA emphasizes aligning IT strategies with business objectives to mitigate potential disruptions. A key initiative in these areas is the Digital Trust Ecosystem Framework (DTEF), which provides a comprehensive structure for integrating trust-based strategies across technology and business operations, addressing challenges in cybersecurity, , and ethical technology deployment. The DTEF supports professionals in building resilient systems by incorporating elements like and compliance into digital ecosystems. Complementing this, ISACA advocates for ethical AI use in enterprises, promoting models that balance innovation with safeguards against biases, data violations, and security threats, as highlighted in discussions on the "new triad" of AI governance involving , cybersecurity, and legal compliance. ISACA's annual reports, such as the State of Cybersecurity 2025, offer insights into global trends in digital risks, revealing priorities like AI-driven threats and the need for enhanced workforce skills in cybersecurity. This report underscores how organizations are grappling with evolving regulations and technology adoption, with AI-driven cyber threats identified as the biggest concern for professionals. Through these resources, ISACA helps align cybersecurity strategies with broader business goals. To amplify its impact, ISACA engages in partnerships with global organizations to develop standards and influence policy on , , and cybersecurity. These collaborations enhance digital skills enhancement and promote unified approaches to , ensuring that efforts translate into practical advancements for members worldwide.

Conferences and Events

ISACA organizes a range of major conferences and events designed to advance in information systems , , , and . The flagship events include the annual ISACA North America Conference, ISACA Europe Conference, ISACA Virtual Conference, and the Governance, Risk, and Control (GRC) Conference, supplemented by regional chapter gatherings and specialized summits. These events typically adopt hybrid formats, combining in-person sessions with virtual access to broaden participation across global audiences. The conferences emphasize critical and evolving topics, including AI governance, cybersecurity threats, IT risk management, and emerging technologies such as post-quantum cryptography. For example, the 2025 GRC Conference addressed AI, cloud risk, blockchain, third-party risk, and cybersecurity best practices, while the 2025 ISACA Conference in explored AI implementation, quantum risks, digital trust, and cybersecurity strategies. Similarly, the 2025 Conference in Orlando covered digital trust, , , and emerging tech challenges. These sessions feature expert-led keynotes, workshops, and panels to equip attendees with practical insights. Global events like the and conferences attract several thousand attendees, fostering extensive networking opportunities among IT professionals, auditors, and executives. Participants earn continuing professional education (CPE) credits essential for , with full attendance providing up to 32 CPE hours through interactive sessions and workshops. ISACA members benefit from discounted registration fees for these events. To extend learning beyond live attendance, ISACA provides post-event resources such as on-demand session recordings and digital materials, enabling virtual participants and absentees to access content at their convenience. Regional events and virtual options, including the 2025 Virtual Student Summit on November 7, further support targeted professional growth and community engagement.

Standards and Frameworks

COBIT Framework

The (Control Objectives for Information and Related Technologies) framework, developed by ISACA, provides a comprehensive approach to IT and , enabling organizations to align IT with business goals, manage risks, and optimize resources. Initially released in 1996 as a set of control objectives to support financial auditors in evaluating IT controls, has evolved into a flexible, business-focused model for enterprise-wide of and technology. Significant milestones include the launch of 5 in 2012, which introduced seven enablers—such as principles, policies, frameworks, processes, organizational structures, , and people, skills, and competencies—to support holistic IT . This edition emphasized end-to-end coverage of the enterprise and integration with other standards. In 2019, 2019 built on this foundation by expanding the definition of to include both governance and management perspectives, organizing content around 40 objectives grouped into five domains: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA). These domains facilitate the evaluation of IT's contribution to business objectives, risk optimization, and resource management. In 2025, ISACA extended through the "Leveraging for Effective AI System ," which adapts the framework to address ethical AI implementation, including , transparency, and alignment with organizational values in AI deployments. This extension maps AI-specific governance needs to 's core objectives and enablers, helping organizations mitigate biases, ensure accountability, and comply with emerging regulations. To support practical application, ISACA provides the 2019 Design Guide and Implementation Guide, along with toolkits that allow enterprises to tailor the framework based on factors like organizational size, industry, and risk profile. These resources outline steps for designing systems, selecting relevant objectives, and implementing processes to achieve measurable outcomes in IT .

Other Guidelines and Resources

ISACA's Risk IT Framework, released in 2009, provides a structured approach to managing IT-related business risks by bridging the gap between general practices and specific considerations. It outlines three core domains—Risk , Risk Evaluation, and Risk Response—offering guiding principles, processes, and practices to help organizations identify, analyze, and respond to IT risks that impact business objectives. This framework complements broader tools by focusing on IT-specific elements such as dependencies and operational disruptions, enabling enterprises to align with overall strategic goals. The IT Audit Framework (ITAF™), a professional practices framework for IT auditing, establishes standards and guidance to ensure consistent, high-quality IT assurance engagements. Updated in 2020 to its fourth edition, ITAF emphasizes risk-based auditing, , and evidence gathering tailored to IT environments, including controls over and system security. It serves as a foundational resource for IT auditors, promoting adherence to generally accepted auditing principles while addressing evolving technology risks like and digital transformations. ISACA's Cybersecurity Fundamentals guidelines, delivered through its certificate program, offer essential principles and practices for building foundational knowledge in protecting organizational assets from cyber threats. These guidelines cover key domains such as threat identification, , , and incident response, providing practical strategies for non-specialists to contribute to cybersecurity efforts in business and IT settings. They emphasize proactive measures like policy development and awareness training to mitigate common attack vectors, helping professionals apply cybersecurity concepts in real-world scenarios without requiring advanced technical expertise. Introduced in 2024, the Digital Trust Ecosystem Framework (DTEF) addresses the need for holistic in digital ecosystems by integrating trust principles across , processes, and people. This framework applies to evaluate and enhance digital trust through domains like culture, architecture, operations, and assurance, enabling organizations to manage risks in interconnected environments such as AI and services. It supports enterprise-wide strategies for building stakeholder confidence by aligning practices with emerging digital challenges, including data privacy and ethical use. In addition to these frameworks, ISACA provides free resources such as white papers and case studies to support practical implementation in IT assurance and . For instance, white papers on AI auditing explore techniques and controls for AI deployments, offering step-by-step guidance for auditors. Case studies illustrate real-world applications, such as applying risk frameworks to cybersecurity incidents, helping professionals translate theoretical guidelines into actionable strategies without cost barriers. These materials are accessible via ISACA's resource library, promoting knowledge sharing and continuous in evolving IT landscapes.

Publications

Journals and Periodicals

ISACA's flagship periodical, the ISACA Journal, has been published bimonthly since 1973, originally under the title The EDP Auditor, and serves as a key resource for professionals in information systems , control, and . The journal features peer-reviewed, in-depth articles on topics such as IT auditing, cybersecurity, , emerging technologies like , and , drawing contributions from global experts to provide practical guidance and forward-looking insights. In 2022, the publication marked its 50th anniversary, highlighting its evolution from a foundational newsletter-style outlet in ISACA's early years to a comprehensive digital resource that has influenced the profession over five decades. The journal is organized into volume-based archives, offering members access to decades of content, including specialized issues on contemporary challenges such as cybersecurity threats in 2025, with articles exploring adaptive strategies and proactive defenses. ISACA members receive free exclusive digital access to current and archived editions, including through a dedicated that supports offline reading, ensuring professionals can stay informed on high-impact developments without barriers. This accessibility underscores the journal's role in fostering continuous , with authoring opportunities allowing certified practitioners and thought leaders to share expertise and earn continuing professional education credits. Complementing the journal, the ISACA Now blog provides frequent updates on industry news, member success stories, and emerging trends, delivering real-time perspectives on topics like AI governance, cyber defense innovations, and digital trust in a global context. Published regularly throughout the year, the blog features contributions from ISACA leaders, staff, and community members, emphasizing practical applications and organizational impacts to support professionals navigating rapid technological shifts. Like the journal, it is freely available to members via the ISACA website, promoting an ongoing dialogue on the evolving landscape of information systems and security.

Books and Technical Guides

ISACA publishes a comprehensive collection of books and technical guides that serve as professional references for IT , , , and cybersecurity professionals. These resources are designed to provide in-depth guidance on implementing best practices and frameworks, with a strong emphasis on practical application. The organization's library encompasses over 190 titles covering topics such as , assurance, control, , cybersecurity , , and , available through the ISACA online store where members receive exclusive discounts on purchases. Central to ISACA's offerings are its COBIT-related publications, which form the backbone of its resources. The 2019 Framework: Introduction and Methodology outlines the core structure of the framework, including an expanded definition of and principles for aligning IT with business objectives. Complementing this, the COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Solution provides step-by-step methodologies for designing and deploying systems tailored to organizational needs. Additionally, the for AI : Leveraging for Effective AI System guide, released in 2025, adapts the framework to address AI-specific challenges, offering strategies for risk management and ethical implementation in AI systems. Beyond , ISACA's technical guides include foundational texts like Cybersecurity Fundamentals Study Guide (2020), which introduces key concepts in cybersecurity for professionals entering the field, covering threat landscapes, controls, and compliance essentials. The IT Governance Implementation Guide, integrated within resources, details processes for establishing effective IT governance structures, emphasizing alignment with enterprise strategy and risk mitigation. These guides are regularly updated to incorporate emerging trends, such as risks; for instance, recent ISACA resources integrate quantum risk assessments into governance practices, using frameworks like Risk IT to evaluate threats to and in a post-quantum era. Members benefit from free access to select digital versions of core publications and discounted pricing on print and e-book formats via the ISACA store, ensuring broad accessibility for ongoing . This extensive library supports ISACA's mission by equipping practitioners with authoritative, up-to-date tools for navigating complex IT environments.

Certifications

Professional Certifications

ISACA's professional certifications are advanced credentials designed to validate expertise in key areas of information systems auditing, , , , , and . These certifications require candidates to pass a comprehensive , demonstrate relevant professional , and commit to ongoing continuing professional (CPE) to maintain their status. Globally recognized, they support career advancement for IT professionals and have been awarded to over 500,000 individuals across various domains. The foundational certification, Certified Information Systems Auditor (CISA), launched in 1978, focuses on auditing, control, and assurance of information systems. It covers five job practice areas: the information systems auditing process; and management of IT; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets. The CISA exam consists of 150 multiple-choice questions over four hours. Introduced in 2002, the Certified Information Security Manager (CISM) certification emphasizes the management of information security programs, including , , program development, and . The exam format mirrors CISA's, with 150 questions in four hours. In 2025, CISM was named the Best Program by the SC Awards. The Certified in Risk and Information Systems Control (CRISC), established in 2006, targets professionals in IT risk identification, assessment, and mitigation. It includes four domains: ; IT assessment; risk response and reporting; and and . Domain 3, Risk Response and Reporting, encompasses key practices such as defining and establishing key risk indicators (KRIs), monitoring and analyzing KRIs along with key performance indicators (KPIs) and key control indicators (KCIs), and employing reporting techniques like heatmaps, scorecards, and dashboards to communicate risk status to stakeholders. The is also 150 questions over four hours. Launched in 2007, the Certified in the Governance of Enterprise IT (CGEIT) addresses enterprise IT , covering framework for , , benefits realization, optimization, and resource optimization. Like other core s, it requires a four-hour, 150-question . The Certified Data Privacy Solutions Engineer (CDPSE), introduced in 2021, focuses on privacy program governance, privacy architecture, technology management, and operations. Its exam is 120 questions over 3.5 hours. Among newer offerings, the Advanced in AI Audit (AAIA) certification, launched in 2025, equips auditors to evaluate AI systems for compliance, , and ethical considerations. It builds on foundational knowledge with AI-specific domains. In 2025, ISACA introduced the Certified Cybersecurity Operations Analyst (CCOA) certification, which concentrates on implementing and managing cybersecurity controls and operations. This credential was named Professional Certification Program of the Year in the 2025 Cybersecurity Breakthrough Awards and also a finalist in the 2025 SC Awards Europe. The Certified in Emerging Technology (CET) certification addresses skills in such as , , and IoT, with domains tailored to , , and implementation in these areas. ISACA also introduced the Advanced in AI Security Management (AAISM) certification in 2025, focusing on implementing AI solutions and managing AI-related security s. To earn these certifications, candidates must pass the respective exam and provide evidence of at least five years of relevant work experience, with possible waivers for education or other certifications reducing this to as few as three years. All certified professionals must adhere to ISACA's and maintain their credential through CPE, requiring a minimum of 20 hours annually and 120 hours over a three-year reporting cycle.

Certificate Programs

ISACA offers a suite of entry-level certificate programs designed to provide foundational knowledge in key areas of information systems, , cybersecurity, and , targeting professionals seeking quick skill acquisition without prior experience requirements. These programs emphasize practical, performance-based learning to build competencies that support entry or transitions into specialized roles. The IT Fundamentals Certificate introduces core principles of IT auditing, including planning, evidence collection, and reporting, through interactive modules that cover six key domains such as internal controls and . Similarly, the Cybersecurity Fundamentals Certificate focuses on essential cybersecurity concepts like identification, , and basic incident response, equipping learners with baseline skills for protecting assets. The Foundation Certificate provides an overview of the COBIT framework for IT and management, highlighting processes for aligning IT with business objectives. The Digital Trust Ecosystem Framework Foundation Certificate explores the components of digital trust, including identity verification, data privacy, and ecosystem , to foster secure digital environments. In 2025, ISACA introduced the Fundamentals Certificate as an addition, offering interactive training on AI principles, models, , and applications to address emerging technology needs. These certificates are delivered as self-paced online courses combining video lectures, interactive eLearning modules, and knowledge-based assessments, culminating in a remotely proctored typically lasting two hours with multiple-choice and performance-based questions. No professional experience is required for enrollment in most programs, allowing completion within a few weeks depending on the learner's pace, though official estimates suggest 20-40 hours of study time. Upon successful completion, participants earn continuing professional education (CPE) credits—ranging from 10 to 20 per program—to maintain professional credentials, and receive a via Credly (Acclaim) for verifiable online sharing on professional profiles. These certificates serve as preparatory stepping stones toward advanced professional certifications like CISA, enhancing eligibility and foundational understanding without the rigorous experience validation of full certifications. Verification of certificate status is available through ISACA's public registry, ensuring transparency for employers. Integration with ISACA membership provides additional perks, such as discounted course fees (up to 20% off for members), access to exclusive study resources, and bundled CPE tracking tools within the MyISACA portal, facilitating ongoing .

References

  1. https://www.isaca.org/about-us/newsroom/press-releases/2024/isaca-celebrates-55-years-of-impact
  2. https://www.isaca.org/about-us/who-we-are
  3. https://www.isaca.org/about-us
  4. https://www.isaca.org/credentialing
  5. https://www.isaca.org/about-us/advocacy
  6. https://www.isaca.org/resources/cobit
  7. https://engage.isaca.org/dhakachapter/aboutdhakachapter/aboutchapter/ourchapterhistory
  8. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-3/isaca-50-years-of-keeping-pace-with-changing-technology
  9. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2019/coincidence-or-history
  10. https://www.isaca.org/credentialing/cisa/cisa-exam-content-outline
  11. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-introduces-the-cisa-associate
  12. https://www.isaca.org/resources/news-and-trends/industry-news/2020/cobit-2019-and-cobit-5-comparison
  13. https://www.isaca.org/credentialing/cism/cism-exam-content-outline
  14. https://www.isaca.org/credentialing/crisc/crisc-exam-content-outline
  15. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-updates-cdpse-and-crisc-exams-to-reflect-latest-risk-and-privacy-priorities
  16. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2019/50th-anniversary-year-provides-inspiration-to-look-to-isacas-future
  17. https://www.isaca.org/about-us/leadership-and-governance/board-of-directors/role
  18. https://www.isaca.org/about-us/leadership-and-governance/board-of-directors/nominations
  19. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-welcomes-2025-2026-board-of-directors
  20. https://www.isaca.org/about-us/leadership-and-governance/board-of-directors
  21. https://www.isaca.org/about-us/contact-us
  22. https://www.isaca.org/about-us/leadership-and-governance/executive-team
  23. https://www.isaca.org/about-us/newsroom/press-releases/2023/isaca-welcomes-new-ceo-erik-prusch
  24. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/kicking-off-2025-with-a-new-mission-and-vision
  25. https://www.isaca.org/resources/isaca-journal/issues/2024/volume-2/the-ethical-challenge-of-it-silos
  26. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/elevating-isacas-impact-building-a-high-performing-board-for-the-future
  27. https://www.isaca.org/membership/member-levels
  28. https://support.isaca.org/s/article/What-does-my-Member-level-mean-1597877230134
  29. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-introduces-new-chapter-in-doha
  30. https://www.isaca.org/membership/become-a-member/member-benefits
  31. https://www.isaca.org/membership/local-chapters
  32. https://www.isaca.org/campaigns/member-get-a-member
  33. https://www.isaca.org/digital-trust
  34. https://www.isaca.org/resources/news-and-trends/industry-news/2025/collaboration-and-the-new-triad-of-ai-governance
  35. https://www.isaca.org/resources/state-of-cybersecurity
  36. https://www.isaca.org/about-us/newsroom/press-releases/2025/ai-driven-cyber-threats-are-the-biggest-concern-for-professionals-finds-new-isaca-research
  37. https://www.isaca.org/training-and-events/conferences
  38. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-announces-2025-global-event-lineup-advancing-digital-trust-in-an-evolving-tech-landscape
  39. https://www.isaca.org/about-us/newsroom/press-releases/2025/2025-governance-risk-and-control-conference-examines-key-cyber-ai-emerging-tech-topics
  40. https://www.silicon.co.uk/workspace/isaca-europe-2025-building-trust-in-technology-amid-a-new-era-of-digital-risk-627196
  41. https://vendelux.com/insights/isaca-conference-north-america-2025-attendee-list/
  42. https://www.isaca.org/credentialing/how-to-earn-cpe
  43. https://www.isaca.org/training-and-events/online-training/session-recordings
  44. https://www.bmc.com/blogs/cobit/
  45. https://www.isaca.org/resources/news-and-trends/industry-news/2019/employing-cobit-2019-for-enterprise-governance-strategy
  46. https://www.isaca.org/resources/white-papers/2025/leveraging-cobit-for-effective-ai-system-governance
  47. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/cobit-a-practical-guide-for-ai-governance
  48. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/the-optimal-risk-management-framework-identifying-the-requirements-and-selecting-the-framework
  49. https://www.isaca.org/resources/it-risk
  50. https://www.isaca.org/resources/isaca-journal/past-issues/2011/it-scenario-analysis-in-enterprise-risk-management
  51. https://www.isaca.org/resources/frameworks-standards-and-models
  52. https://www.isaca.org/about-us/newsroom/press-releases/2020/isaca-updates-it-audit-framework-itaf
  53. https://www.isaca.org/resources/it-audit
  54. https://www.isaca.org/credentialing/cybersecurity-fundamentals-certificate
  55. https://www.isaca.org/credentialing/cybersecurity-fundamentals-certificate/resources
  56. https://www.isaca.org/resources/cybersecurity
  57. https://www.isaca.org/resources/isaca-journal/issues/2023/volume-1/defining-establishing-and-measuring-digital-trust
  58. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/digital-trust-ecosystem-framework-a-valuable-complement-to-cobit-other-frameworks
  59. https://www.isaca.org/resources/white-papers/2024/using-dtef-to-achieve-trustworthy-ai
  60. https://www.isaca.org/resources/isaca-journal
  61. https://www.isaca.org/resources
  62. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/celebrating-five-decades-of-the-isaca-journal
  63. https://www.isaca.org/resources/isaca-journal/issues
  64. https://www.isaca.org/resources/isaca-journal/submit-an-article
  65. https://www.isaca.org/resources/news-and-trends/isaca-now-blog
  66. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/six-practical-steps-for-faster-smarter-cyber-defense
  67. https://www.isaca.org/resources/news-and-trends
  68. https://www.isaca.org/resources/insights-and-expertise/publications
  69. https://www.isaca.org/store
  70. https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2025/volume-10/how-to-conduct-a-quantum-risk-assessment-using-isacas-risk-it-framework
  71. https://support.isaca.org/s/article/Is-the-new-COBIT-guidance-free-to-members-1597877240373
  72. https://www.isaca.org/credentialing/cisa
  73. https://www.isaca.org/credentialing/cisa/get-cisa-certified
  74. https://www.isaca.org/about-us/newsroom/press-releases/2025/isacas-cism-named-best-professional-certification-program-in-2025-sc-awards
  75. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-launches-groundbreaking-advanced-in-ai-audit-aaia-certification
  76. https://www.isaca.org/about-us/newsroom/press-releases/2025/ccoa-named-professional-certification-program-of-the-year-in-2025-cybersecurity-breakthrough-awards
  77. https://www.isaca.org/resources/infographics/which-isaca-certification-is-right-for-you
  78. https://www.isaca.org/about-us/newsroom/press-releases/2025/isaca-introduces-first-and-only-ai-centric-security-management-certification
  79. https://www.isaca.org/credentialing/cisa/maintain-cisa-certification
  80. https://www.isaca.org/credentialing/certificates
  81. https://www.isaca.org/credentialing/it-audit-fundamentals-certificate
  82. https://www.isaca.org/credentialing/artificial-intelligence-fundamentals-certificate
  83. https://www.isaca.org/credentialing/verify-a-certification
Add your contribution
Related Hubs
User Avatar
No comments yet.