Who is it for?

Anyone who is involved in the areas of information security and information assurance.

Entry requirements

There are no formal entry requirements however, the candidate will require an understanding of information assurance. It is recommended that candidates attend an accredited training course.

What will I learn?

Candidates should be able to demonstrate:

  • How the management of information risk will bring about significant business benefits.
  • How to explain and make full use of information risk management terminology.
  • How to conduct threat and vulnerability assessments, business impact analyses and risk assessments.
  • The principles of controls and risk treatment.
  • How to present the results in a format which will form the basis of a risk treatment plan.
  • The use of information classification schemes.

The syllabus includes training objectives, details of modules and learning hours, plus a recommended reading list:

Download our latest syllabus (PDF)

Please note: We are currently refreshing this syllabus and exam. The new exam will be ready to be sat in September. The syllabus will be refreshed to reflect more modern practices and the latest thinking. The exam will be refreshed to a digital exam that can be sat on demand.

How do I get this qualification?

Training and exam (recommended)

Take this course with one of our accredited training providers.

How long will it take?

Classroom courses normally last five days.

Where can I study?

At a BCS accredited training provider near you.

How much does it cost?

Course prices vary depending on your chosen training provider and course format.

Find a provider

Exam only (self study)

Ideal if you’re self-motivated and already know something about information risk management.

How long will it take?

It usually takes a minimum of 36 hours to prepare for the exam.

Where do I sit my exam?

At the BCS London office. NB. we are not offering any exam sittings via our London office at the moment.

How much does it cost?

Exam price: £222 (£185.00 + VAT)

Contact us online

What format is the exam?

  • Three hour scenario based ‘closed book’ written exam:

    • Part A: ten multiple choice questions (1 mark each)
    • Part B: six short answer questions (5 marks each)
    • Part C: three essay style questions (20 marks each)
  • Pass mark is 65% (65/100)

What's next?

CCP scheme

If you work or are considering working in a cyber security / information assurance role, we run a Certified Cyber Professional (CCP) Scheme.

This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualifications Wales, CCEA Regulation or SQA.