What Is CISA?
Security standards and certification body ISACA launched the Certified Information Systems Auditor (CISA) certification in 1978 to recognize information systems (IS) audit, control and security executives. According to ISACA, there are more than 60,000 CISA professionals around the world in such jobs roles as internal auditor, security consultant and information systems auditor.
-
Work Experience
-
To become a CISA, candidates must have at least five years of relevant experience. According to ISACA, CISA candidates should have experience in the audit process, assigning best practices to protect a company's IT and business systems; help companies develop structures and accountability of corporate governance of IT; and provide assurance that businesses have recovery measures in place for IT in the event of a disaster.
CISA exam
-
Candidates must pass a four-hour exam consisting of 200 multiple-choice questions. Exams are offered twice a year, in June and December. ISACA provides a list of reference materials to help candidates prepare for the exam. The examining body also provides a range of courses that lead to the exam, including online courses, webcasts and meetings with industry experts (see Resources).
Code of Professional Ethics
-
CISAs, along with other members of ISACA, are required to comply with ISACA's Code of Professional Ethics. The code requires members to perform their duties with objectivity, and to maintain the privacy of information they receive.
Ongoing Education
-
Certification holders are required to take part in ongoing education. ISACA's Continuing Professional Education Policy requires CISAs to take no less than 20 hours of relevant education each year.
Auditing Standards
-
CISA professionals must also follow ISACA's Information Systems Auditing Standards, which provide a framework for IT assurance.
-
