As the novel coronavirus (COVID-19) continues to cause uncertainties, our focus is clear: It’s you—our members, partners, volunteers and staff. You are our priority. We have made several decisions and are working to provide valuable resources to help protect your health and guide you through the professional challenges COVID-19 poses in our organizations.
View ISACA CEO David Samuelson’s message here and view ISACA resources below.
What’s the latest on events, conferences, volunteering, meetings and more.
ISACA Certification Exams
In light of the current circumstances and in order to enable you to get the certifications you need for your career, we have quickly convened a team to put together a live remote proctoring option for our CISA, CISM, CGEIT and CRISC certification exams. We hope to make this available to you mid to end of April 2020. Those of you who wish to take the certification exam in person will be able to do that if you prefer, provided your local exam center is open. Please remember that you have 12 months from the time your register to take the exam, and extensions will be made if your eligibility is expiring soon. Stay tuned for further details on remote proctored exams!
Due to the COVID-19 pandemic there will be possible delays in physical shipments. We apologize for the inconvenience and appreciate your understanding in this unprecedented situation. Please note that most of the physical items we offer are also available in digital format, so please consider that delivery option so your access to ISACA resources will not be interrupted.
If you have any questions, please contact the Customer Experience Center.
Conference, Training Weeks and other In-person Training
ISACA has postponed select events taking place in the next 30 days, including the North America CACS, CMMI Partner Workshop, Capability Counts conference and select Training Week events. All participants will be refunded. Registrants, speakers and other participants have been contacted with more detailed information.
We continue to monitor the situation as we look toward events planned for later this year. If any changes need to be made, participants will be notified and conference web pages will be updated immediately.
Additionally, ISACA committee and working group meetings scheduled to meet at ISACA Global have been postponed, or arrangements have been made for virtual gatherings.
As professionals with pivotal roles in business continuity, resiliency and security, your work in these challenging times is critical. We’ve compiled some resources to help you navigate business technology issues arising from COVID-19.
ISACA staff are fully equipped to seamlessly work from home so we have closed the office, with only absolutely essential duties performed onsite. Work travel has been completely restricted for the time being.
Over the next few weeks, as in-person events continue to be impacted, virtual learning offers a great opportunity to get the knowledge—and the CPEs—you need from the comfort of your home. See what ISACA offers, from free webinars to virtual instructor-led training and more.
Looking for content on business continuity, resiliency and remote work during this challenging time? See a number of ISACA resources below:
A Message from David: Navigating COVID-19
As a global community, we immediately feel the effects of a global crisis because it affects our families, our communities, our jobs and our professions everywhere. So I first want to share my concern for your well-being and talk about steps we are taking to help.16 March 2020
Engage Online Forums
Discuss security, business continuity, and other best practices with colleagues around the world.
Business Continuity – Pandemic Preparation
The recent outbreak of a new virus, COVID-19, or the coronavirus, has many businesses scrambling to develop or review their business continuity plans. While there is much unknown about COVID-19 and whether it will turn into a pandemic, there are many things business can do today to ensure their businesses continue to operate if it does occur.3 March 2020
Business Continuity Management: Emerging Trends
As the pace of change in information technology accelerates, business continuity management (BCM) continues to evolve rapidly within enterprises to meet increased market and regulatory demands. Significant business and technology changes need to be assessed by the enterprise from many perspectives, including impact on existing processes, associated risk, and how technology changes can be leveraged to improve continuity capabilities. This white paper provides an overview of the impacts, benefits and opportunities of four emerging technologies (virtualization, cloud computing, mobile devices and social networks) as they relate to BCM.
Business Continuity Management Audit Program
IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed. Format: Word
FREE to ISACA Members
Not a Member? Join Now
IT Continuity Planning Audit Program
Objective—The IT continuity plan audit/assurance review will: Provide management with an evaluation of the IT function’s preparedness in the event of a process disruption Identify issues that may limit the interim business processing and restoration of same Provide management with an independent assessment relating to the effectiveness of the IT continuity plan and its alignment with the business continuity plan and IT security policy Format: Word
FREE to ISACA Members
Not a Member? Join Now
Security Incident Management Audit Program
Unplanned incident preparation for many enterprises includes business continuity programs, disaster recovery plans and information security strategies. While looking at some of the same elements as these incident preparation tactics – namely the security triad of confidentiality, integrity, and availability – security incident management differs in that it poises enterprises for the identification and analysis of threats or incidents. In the current landscape, the combined focus on security incidents from both regulatory and operational perspectives put enterprises in positions where the effectiveness of their Security Incident Management programs is not optional.
Crisis Management Audit Program
Objective—The crisis management audit review will: Provide management with an assessment of the plan’s effectiveness addressing scope, completeness, team membership, and state of readiness of the crisis management plan and team Identify internal control and regulatory deficiencies that could affect the enterprise during the implementation of the plan Format: Word
FREE to ISACA Members
Not a Member? Join Now
Here’s How Leading Organizations Keep Remote Workers Safe and Secure
For all of the benefits remote working offers businesses, it’s hard to ignore the security risks and threats.
Network Security Policies Your Organization Needs To Adopt Today
Plenty of tech companies allow their workers to work remotely from home.
I Left My Security in the Office
Remote work is growing increasingly more common, and with good reason; it offers numerous benefits to enterprises that leverage it. But this new way of working also presents new security challenges. In this podcast, we discuss some of those challenges and how to combat them.30 August 2018
We want to help you meet your CPE requirements and advance your knowledge while you stay healthy.
Get state-of-the-art online training created by experts and delivered the way you want it. Check back often as we add more information.
Meeting The Board’s Security, Audit and Compliance Demands
Informative session on the state of corporate audit and compliance and how to establish consistent best practices.Archived: 3 March 2020
Robotic Process Automation (RPA) and Audit
Identifying RPA risk opportunities, audit execution and control automation.Archived: 19 March 2020
Managing the Insider Threat - Why Visibility Is Critical
Only with full visibility into employee or third-party activity across a company network can even the earliest indicators of an insider threat be detected. By monitoring both user and file activity, security and compliance professionals can be alerted to risky, out-of-policy activities and any unexplained changes in user behavior in real-time; successfully stopping and investigating any activity before it becomes a full-blown breach.Archived: 2 May 2019
Improve Your Third-Party Risk Management Program
Most organizations’ risk management programs have room for improvement, especially when it comes to third-party risk. Understanding third-party risk management best practices can help organizations improve their risk program and reduce their overall risk.19 February 2020
Cybersecurity Audit Certificate
Cybersecurity is at the forefront for most organizations today, with boards increasingly interested in understanding the enterprise’s risk and related controls. A strong cybersecurity audit program with qualified, capable auditors and controls implemented as part of an overall strategy is essential. During this course, we will explore concepts related to evaluating the risk and auditing the cybersecurity controls for an organization.23-24 March 2020
COBIT 2019 Foundations
This Foundation Course is intended for current COBIT 5 Foundation Certificate holders as well as those new to COBIT who are interested in achieving the latest foundation certificate.27-28 April 2020
CRISC Exam Prep Course
Join fellow CRISC exam candidates along with a CRISC-certified trainer for a unique exam prep experience. The CRISC Exam Prep Course is an intensive, cram-style course that will cover some of the more challenging topics from the CRISC job practice. Drill through sample exam items, ask your most pressing questions and get the answers to build your confidence as you prepare for exam day.4-7 May 2020
CPE on Demand: All Access
The CPE on Demand: All Access collection provides timely, valuable insights for GRC, audit, and security and cybersecurity professionals and enables you to learn on your schedule while earning up to 25 ISACA CPEs. Access to the entire collection of recordings • each recorded at ISACA’s North America CACS 2019 Conference - is unlimited for a 90-day period and includes downloadable presentation decks.
IT Risk Management Essentials
ISACA’s new introductory-level IT Risk video, is a high production quality instructional video featuring an engaging industry expert, and visual support aids. The video content focuses on IT Risk Management essentials, best practices and basics of performing an IT Risk assessment.
CPE on Demand: Technical Security Insights
The CPE on Demand: Technical Security Insights collection provides timely, valuable insights for Information Security, Cybersecurity, and IT Audit professionals, and enables you to learn on your schedule while earning up to 5 ISACA CPEs. Access to the entire collection of recordings - each recorded at ISACA’s North America CACS 2019 Conference - is unlimited for a 90-day period and includes downloadable presentation decks.
CPE on Demand: Third-Party Services
The CPE on Demand: Third-Party Services collection provides timely, valuable insights for GRC, audit, and security professionals and enables you to learn on your schedule while earning up to 6 ISACA CPEs. Access to the entire collection of recordings - each recorded at ISACA’s North America CACS 2019 Conference - is unlimited for a 90-day period and includes downloadable presentation decks.
Cybersecurity Fundamentals Online Course
Gain new expertise and prepare to start or advance your role in the increasingly important and in-demand field of cybersecurity. Leverage the power of our Cybersecurity Fundamentals Online Course to enhance your understanding of the principles that frame and define cybersecurity and the integral role of cybersecurity professionals in protecting enterprise data and infrastructure.
Cybersecurity Audit Certificate Online Course Bundle with eBook
This Cybersecurity Audit Certificate bundle includes the Cybersecurity Audit Certificate Online Course, the Companion Study Guide (eBook version) and the Cybersecurity Audit Certificate Exam. With the increasing number of cyberthreats, it is becoming critical for audit plans to include cybersecurity. ISACA’s new Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.With Included eBook
Cybersecurity Audit Certificate Online Course Bundle with Print Book
This Cybersecurity Audit Certificate bundle includes the Cybersecurity Audit Certificate Online Course, the Companion Study Guide (print version) and the Cybersecurity Audit Certificate Exam. With the increasing number of cyberthreats, it is becoming critical for audit plans to include cybersecurity. ISACA’s new Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.With Included Print Book
CISA Online Review Course
Prepare to obtain the Certified Information Systems Auditor® (CISA) certification and be recognized among the world’s most-qualified information systems professionals. The CISA Online Review Course provides online, on-demand instruction and is ideal for preparing you and fellow audit, assurance, control, security and cyber security professionals for the CISA certification exam.