The CISA designation is awarded to those individuals with an interest in Information Systems auditing, control, and security who have met and continue to meet the following requirements regarding:

1. Successful Completion of the CISA Examination
The examination is open to all individuals who have an interest in Information Systems audit, control, and security. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all documents required to apply for certification with their notification of a passing score. For a more detailed description of the exam see the Description of the Examination. Also, CISA exam study materials are available through the Association bookstore and many chapters host CISA Exam Review Courses.

The 2003 CISA examination will be offered on Saturday, 14 June 2003. The 2003 Bulletin of Information is available online, or you may request a BOI by completing the online Request for Information form, or by emailing the certification department with your complete mailing address at certification@isaca.org.

2. Experience as an Information Systems Auditor
A minimum of five years professional Information Systems auditing, control, or security work experience (as described in the job content areas) is required for certification. Substitutions and waivers of such experience may be obtained as follows:

Experience must have been gained within the 10 year period preceding the application date for certification or within 5 years from the date of initially passing the examination. Retaking and successfully passing the examination will be required if the application for certification is not submitted within 5 years from the passing date of the examination. All experience will be verified independently with employers.

3. The Code of Professional Ethics
Members of ISACA and/or holders of the Certified Information Systems Auditor designation agree to a Code of Professional Ethics to guide professional and personal conduct.

4. Continuing Education Policy
The objectives of the continuing education program are to:

Maintenance fees and a minimum of 20 contact hours of continuing education are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period. Upon completing the requirements for initial certification, the CISA will be provided with the Continuing Education Policy booklet for detailed criteria to be used in developing a personal continuing education program.

5. Information Systems Auditing Standards
Individuals holding the Certified Information Systems Auditor designation agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.