The CISM exam is set, conducted and marked by ISACA. All exams will be conducted online via computer-based testing centres around the world.
For more information please refer to the exams page on the ISACA website.
Click this link to check available exam dates.
You can book your exam with ALC or direct with ISACA (see above).
If you wish to book the exam with ALC and have both course and exam on the one invoice, please indicate “CISM Course + Exam” in the COMMENTS field when making your online registration and select the PAY BY INVOICE option (do not select the Pay By Card option). We will contact you with full details of what is involved.
Qualifying for CISM requires a combination of four “e’s”: experience, ethics, education and examination. Specifically, the requirements are:
- Successful completion of the CISM exam
- Adherence to a code of professional conduct
- Commitment to continuing professional education
- Submission of verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice areas. Waivers for general information security work experience are available, if certain education or certification requirements are met
For detailed information on if you have the relevant full-time work experience* in the CISM Job Practice Areas, please visit the following page: ISACA – “How to Become CISM Certified”.
The CISM certification program recognises the achievement of the CISSP credential as a baseline representation that an individual has gained general information security skill and knowledge, just as it does with individuals who have earned a CISA. As such, CISSPs receive a two-year general information security experience waiver. However, CISSPs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager.
Holders of other, more specialised credentials, such as the SANS Global Information Assurance Certification (GIAC), Microsoft Security Systems Engineer (MCSE), CompTIA Security + Credential and the Disaster Recovery Institute Certified Business Continuity Professional (CBCP) also can receive a one-year general information security experience waiver.