The CISM examination is a four-hour (240 minutes) exam consisting of 150 multiple choice questions.

• Computer-Based Testing Locations
• CISM exams are administered at 1,300 PSI locations across the world and in ten languages.

Please visit https://www.isaca.org/credentialing/cism/cism-exam to search the suitable exam site. ISACA keeps adding the new PSI locations.

Yes. Answers can reviewed.
Flag questions you want to review before your exam time is over.

• Preliminary result (pass or not pass) is available on the screen immediately after the completion of your exam.
• Official score will be emailed and available online within 10 business days from the date that candidates take the exam.
• Successful candidates receive details on how to apply for certification.
• Result is not available on phone or fax to maintain the privacy.

Yes, but candidates do not need to go through the eligibility application process again.

• Pass the CISM Exam within the last 5 years.
• Work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the exam.
• Three of the five years of work experience must be gained performing the role of an information security manager.
• Submit the CISM Certification Application including Application Processing Fee.

• Pass the CISM examination
• Submit an application for CISM certification
• Adherence to the Code of Professional Ethics
• Adherence to the Continuing Professional Education Program
• Compliance with the Information Systems Auditing Standards

• CISM certification is a unique management-focused certification.
• It has been designed is for the individual who manages, designs, oversees and assesses an enterprise’s information security.
• it validates your managerial, designing, overseeing skills and expertise.
• It brings the best opportunities for anyone in the infosec with an interest in the managerial aspects of information security, in contrast to the technical aspects.
• Any professional with the required experience can apply for the certification.

• Member: US$575
• Non Member Fee: US$760

On 200-800 point scale, ISACA has set 450 as the passing mark for the exams.

• A scaled score is a conversion of the raw score on an exam to a common scale.
• Please note that the exam score is not based on an arithmetic or percent average. For example, if all 150 questions are answered correctly, the scaled score is 800, a perfect score; a scaled score of 200 is the lowest score possible when only a small number of questions are answered correctly.
• A score of 450 represents a minimum consistent standard of knowledge as established for the exam by the respective ISACA Certification Committee.
• Scaled score of 450 or higher must be achieved to pass the exam.

• A US$50 application processing fee is required for all
• submissions.
• The application fee is a one-time, non-refundable payment.

• Yes, candidates are allowed to take one each of CISM, CRISC, CISM and CGEIT within the same window.
• Candidates may NOT take the same certification exam more than one time within a window

CISM application is available on ISACA website

• Maintaining your CISM Certification means maintaining an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
• The CISM CPE policy requires the attainment of CPE hours over an annual and three-year certification period. CISMs must comply with the following requirements to retain certification:
• Earn and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISM’s knowledge or ability to perform CISM-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
• Earn and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting cycle period.
• Pay the CISM annual maintenance fee
• Comply with the annual CPE audit if selected
• Comply with ISACA’s Code of Professional Ethics
• Abide by ISACA’s IT auditing standards

Failure to comply with these certification requirements will result in the revocation of an individual’s CISM designation. In addition, as all certificates are owned by ISACA, if revoked, the certificate must be destroyed immediately.

• Candidates can register online anytime for the CISM certification exam.
• Registration and payment will be valid for 365days/12 months from the date of online registration.
• Payment is mandatory before scheduling the exam.
• Candidates can schedule their exam for any available date/time/location within their 365-day eligibility period.
• Exam can be rescheduled within 365 days eligibility period. But it must be done more than 48 hours prior to the original scheduled testing appointment.
• Candidates must take the exam if they are within 48 hours of scheduled testing appointment or their registration fee will be forfeited.

To earn CISM certification, candidates need to:

• Submit the complete application within five years from the date of initially passing the examination
• Get all the listed experience verified by the employers.
• The experience should have been gained within the 10-year period preceding the date of application, or within five years of passing the examination.
• A minimum of 5-years of professional information systems auditing, control or security work experience – as described in the CISM job practice areas – is required for certification.

To help candidates meet the CISM work experience requirements, ISACA allows candidates to substitute up to 2years of the CISM work experience requirement of 5 years with various options.

Yes, CISSPs receive a two-year general information security experience waiver. Other security credential holders are also considered as professionals with knowledge and experience in information security management.

• CISM Review Manual offered by ISACA, has all the relevant course content good enough to help the aspirants to crack CISM exam. Make a habit to read it religiously. This Manual is treated as the best guide for self study.
• Practice questions can easily be picked up from ISACA’s Review Questions Database. It is an online source which not only has questions but also answers and explanation of those answers.
• In addition to these candidates can join boot camps/ online training offered by Infosec Train for CISM Certification exam