CISA Experience question

Hi,

I have the CISSP already but was thinking of doing the CISA, it says a "minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification."

But is that 5 years experience in all domains 2 domians or do you need it in just the one?

Thanks,

Find more posts tagged with

SAVE $250 on Your ISACA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View ISACA Boot Camps

Comments

AlexNguyen

From the ISACA web site: How to Become CISA Certified

I don't see where it says that you need to have a minimum of 5 years eperienced in 1 or 2 job practice domains.

If you take a look at the application form: http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Apply-for-Certification/Documents/Application-form-download.pdf

They don't mention it either.

CISPhD

You do need five years of experience to qualify for certification. Just like the CISM exam, you don't need 5 years experience to take sit the exam, but you will need it to become officially certified.

"Once a CISA candidate has passed the CISA certification exam and has met the work experience requirements, the final step is to complete and submit a CISA Application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification."

Answering[FONT=Arial, Helvetica, sans-serif] the OP, here is an example set of the required experience levels:

[/FONT]As an example, at a minimum (assuming a two-year waiver of experience by substituting 120 university credits) an applicant must have three years of actual work experience. This experience can be completed by:

three years information systems audit, control, or security experience; OR
two years information systems audit, control, or security experience and one full year non-IS audit or information systems experience or two years as a full-time university instructor.

AlexNguyen

I know that CISA requires a minimum of 5 years experience. But the OP was asking if those experiences must be in 1 or 2 of CISA job practice domains.

As I mentioned, in the ISACA web site, it doesn't specify how many domains in job practice are required.

CISPhD

AlexNguyen wrote: »

I know that CISA requires a minimum of 5 years experience. But the OP was asking if those experiences must be in 1 or 2 of CISA job practice domains.

As I mentioned, in the ISACA web site, it doesn't specify how many domains in job practice are required.

My apologies.

After calling ISACA, there isn't a requirement. They do however "prefer" your experience be in multiple areas.

rob1234

Thanks guys, I have it in one of them.

CISPhD

rob1234 wrote: »

Thanks guys, I have it in one of them.

You're best bet to be certain would be to call ISACA yourself and present your experience to receive feedback. The questions I provided were very generic. Furthermore, it wouldn't be the first time I've received inconsistent information from ISACA. Feel free to give them a call, they're very nice, and usually bend over backwards to ensure all your questions are answered.