How to book a CISM exam?
1. Admission Ticket
Admission tickets for the exam will be released approximately 2-3 weeks prior to the exam date via email to the email address in the candidate profile. Once released, exam candidates can also download a copy of the admission ticket at the MyISACA page of the web site. Candidates must bring either a print out of the eTicket or download version on exam day for entry into the exam.
The ticket will indicate the date, registration time and location of the exam, as well as a schedule of events for that day and a list of materials that candidates must bring with them to take the exam. Candidates are not to write on the admission ticket.
Candidates must locate and note the specific registration and exam time on their admission ticket. No candidate will be admitted to the test center once the chief examiner begins reading the oral instructions, approximately 30 minutes before the exam begins. Any candidate who arrives after the oral instructions have begun will not be allowed to sit for the exam and will forfeit their registration fee. Candidates can use his/her admission ticket only at the designated test center on his/her admission ticket.
Candidates will be admitted to the test center only if they have a valid admission ticket and an acceptable form of identification (ID). This photo ID must be a current and original government-issued identification that contains both candidate’s name as it appears on the admission ticket and the candidate’s photograph. The information on the ID cannot be handwritten. All of these characteristics must be demonstrated by the single piece of ID provided. Examples include, but are not limited to, a passport, driver’s license, military ID, state ID, green card and national ID. Any candidate who does not provide an acceptable form of ID will not be allowed to sit for the exam and will forfeit his/her registration fee. IDs will be checked during the exam.
No food or drinks are allowed at any exam site, unless special arrangements have been made in advance by set deadline. Please refer to “Special Accommodations” in the ISACA Exam Candidate Information Guide.
Candidates who are discovered engaging in any kind of misconduct, such as giving or receiving help; using notes, papers, note pads or other aids; attempting to take the exam for someone else; using any type of communication device including cell phones during the exam administration; or removing the exam booklet, answer sheet or notes from the testing room will be disqualified. Candidates who leave the testing area without authorization or accompaniment by a test proctor will not be allowed to return to the testing room and will be subject to disqualification. Candidates who continue to write the exam after the proctor signals the end of the examination time may have their examination voided. The testing agency will report such irregularities to the respective ISACA Certification Committee.
Candidates must record their answers on their answer sheet. No additional time will be allowed after the exam time has elapsed to transfer or record answers should candidates mark their answers in the question booklet. The exam will be scored based on the answer sheet recordings only.
Observe the Test Center’s Rules
- Candidates will not be admitted to a test center after the oral instructions have begun.
- Candidates should bring several sharpened No. 2 or HB (soft lead) pencils and a good eraser. Pencils and erasers will not be available at the test center
- Candidates are not allowed to bring reference materials, blank paper, notes or note pads or language dictionaries into the test center.
- Candidates are not allowed to bring or use a calculator in the test center.
- Candidates are not allowed to bring any type of communication devices (i.e. cell phones, tablets, smart watches, mobile devices, etc.) into the test center.
- Visitors are not permitted in the test center.
- No food or drinks are allowed in the test center (without advanced authorization from ISACA).
- Candidates are not allowed to leave the testing area without accompaniment by a test proctor. Exam candidates that do not adhere to this rule will not be allowed to return to the testing room and will be subject to disqualification.
Reasons for Dismissal or Disqualification
- Unauthorized admission to the test center.
- Candidate creates a disturbance, or gives or receives help.
- Candidate attempts to remove test materials or notes from the test center.
- Candidate impersonates another candidate.
- Candidate brings items into the test center that are not permitted.
- Candidate possession of any communication device (i.e. cell phones, tablets, smart watches, mobile devices, etc.) during the exam administration. If a candidate is observed with any communication device during the exam administration, their exam will be voided and they will be asked to immediately leave the test site.
- Candidate unauthorized leave of the test area.
3. Exam Day Comments/Issues
4. Personal Belongings and Security
Candidates are not allowed to bring any type of communication devices into the test center. If an exam candidate is observed with any communication device (i.e. cell phones, tablets, smart watches, mobile devices, etc.) during the exam administration, their exam will be voided and they will be asked to immediately leave the test site. ISACA will not assume responsibility for stolen, lost or damaged personal property of candidates.
Personal items brought to the exam site and stored in the belongings area of the testing center may not be accessed until the exam candidate has completed his/her exam.
The following guidelines have been established for the security of the exam, as well as the safety of your personal belongings. These guidelines will be enforced at each testing center.
The following items must be kept on your desk during the exam:
- Exam admission ticket
- Current government-issued photo identification
- Writing instruments (Pencils)
The following items may be kept on your desk, if needed:
- Pencil sharpeners
- Other ISACA approved medical items
The following items are permitted in the testing room but must remain in your pockets or in the designated area of the testing room when not in use:
- Wallet (money purse)
- Tissues and other approved personal items
The following items are not permitted in the testing room:
- Cell phones, tablets, smart watches, mobile devices
- Computers, electronic organizers, personal data assistants
- any other remote communication or photographic devices
The following items must not be brought in the testing room. If it is necessary to bring any of these items with you, they cannot be kept on or under your desk and will be stored in a designated area of the testing room. However, please note that these items will not be guarded:
- Food or drinks, unless special accommodations have been arranged and approved in advance by ISACA
- Baggage of any kind including transparent bags, backpacks, handbags/purses, tote bags, briefcases, luggage, carrying cases, or pencil cases
- Study materials including notes, papers, textbooks, or study guides
- Scratch paper
- Wristwatches with engaged audible alarms/timers or any type of desk clock/time
Please comply with all of these requests. ISACA will not assume responsibility or liability for stolen, lost, or damaged personal property. Neither ISACA or its testing vendor takes responsibility for personal belongings of candidates.
Additional information can be found in the ISACA Exam Candidate Information Guide.
5. Receiving Your Score Report
6. Reporting of Your Test Results
Candidate scores are reported as a scaled scored. A scaled score is a conversion of a candidate’s raw score on an exam to a common scale. ISACA uses and reports scores on a common scale from 200 to 800. For example, the scaled score of 800 represents a perfect score with all questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly. A candidate must receive a score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established by the respective ISACA Certification Committee. A candidate receiving a passing score may then apply for certification if all other requirements are met.
The CISM exam contains some questions which are included for research and analysis purposes only. These questions are not separately identified and not used to calculate your final score.
Passing the exam does not grant the CISM designation. To become a CISM, you must earn the required job experience and submit a CISM application. The application is available at Code of Professional Ethics Until your application is received and approved, you are not CISM certified and cannot use the designation.
7. Retaking the Exam
A candidate receiving a score of less than 450 has not passed and can retake the exam by registering and paying the appropriate exam fee for any future exam administration. To assist with future study, the results letter each candidate receives will include a score analysis by content area. There are no limits to the number of times a candidate can take the exam
What to do when you have Passed?
1. Successfully Pass the CISM Exam
Score a passing grade on the CISM exam. A passing score on the CISM examination, without completing the required work experience as outlined below, will only be valid for 5 years. If the applicant does not meet the CISM certification requirements within the five year period, the passing score will be voided.
2. The Code of Professional Ethics
Members of ISACA and/or holders of the CISM designation agree to a Code of Professional Ethics to guide professional and personal conduct.
3. Continuing Education Policy
The objectives of the continuing education program are to:
- Maintain an individual's competency to ensure that all CISMs maintain an adequate level of current knowledge and proficiency. CISMs who successfully comply with the CISM CPE policy will be better equipped to manage, design, oversee and assess an enterprise's information security.
- Provide a means to differentiate between qualified CISMs and those who have not met the requirements for continuation of their certification.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.
View the complete CISM Continuing Education Policy, available in English, Spanish, Japanese and Korean.
4. Work Experience
Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.
The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.
- Certified Information Systems Auditor (CISA) in good standing
- Certified Information Systems Security Professional (CISSP) in good standing
- Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
- One full year of information systems management experience
- One full year of general security management experience
- Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
- Completion of an information security management program at an institution aligned with the Model Curriculum
The experience substitutions will not satisfy any portion of the 3-year information security management work experience requirement.
Exception: Two years as a full-time university instructor teaching the management of information security can be substituted for every 1 year of information security experience.
5. Submit an Application for CISM Certification
Once a CISM candidate has passed the CISM certification exam and has met the work experience requirements, the final step is to complete the CISM Application for Certification. There are three ways to obtain the CISM application:
- Complete and print an online application;
- Download application in PDF format (150K); or