Menu Close Menu

Menu

Account

Information
Technology GRC (IT GRC™) Certification

Become a professional who ensures your organization can benefit from IT while staying protected from its risks. The IT GRC Professional (IT GRCP™) certification demonstrates that you have the understanding and skills to integrate IT governance, risk management, cybersecurity, and compliance across your organization.

Become a versatile professional who integrates governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Principled Performance. The GRC Professional (GRCP) certification demonstrates that you have the understanding and skills to apply GRC in your organization.

Get an all access pass Log in
Read more

This certification is your current focus. If you want to change your focus, remove your focus from this certification and pick another one to focus on.

More info about this certification

Information
Technology GRC (IT GRC™) Certification is your current focus. Go to your program dashboard for more information on resources and examination.

Go to program dashboard
My certifications
Loading...
Loading...
CPE and maintenance information

Become a versatile professional who integrates governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Principled Performance. The GRC Professional (GRCP) certification demonstrates that you have the understanding and skills to apply GRC in your organization.

Show me alternatives

Become a versatile professional who integrates governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Principled Performance. The GRC Professional (GRCP) certification demonstrates that you have the understanding and skills to apply GRC in your organization.

Show me alternatives

Back

Back

Globally Recognized IT GRC Certification

Get certified by the global nonprofit that invented GRC 20 years ago

What is the IT GRCP?

The IT GRC Professional (IT GRCP™) certification validates that you understand and can apply IT GRC in your organization. It ensures that you have the versatile skill set to integrate and advise on IT governance, technology risk management, cybersecurity, compliance, data protection, internal control, and audit activities.

IT GRC Workbook

The IT GRC Workbook gives the slides on which the course is based. The workbook serves as an essential resource for candidates preparing to demonstrate their expertise in IT GRC methodologies through examination and ongoing professional development.

Download the Workbook Today

What does the IT GRC Cover?

The IT GRC is based on the essential body of knowledge used daily by IT GRC Professionals. With the help of hundreds of experts, this body of knowledge was identified, analyzed, and documented in the IT GRC Capability Model.

We recommend using these resources to prepare for the IT GRC Exam (all of these are available on the IT GRC Focus page that helps guide you through the process of getting certified):

  • IT GRC Capability Model contains the essential body of knowledge
  • IT GRC Fundamentals is a self-study online course provided to deepen your understanding of the IT GRC Capability Model
  • IT GRC Fundamentals LIVE is offered by our global training partners to provide localized language, more context, and implementation examples.

While the exam does not require course attendance, 94% of people who pass on the first attempt report that a course helped them pass

Benefits of certification from the creators of GRC

IT GRC comes from the organization and community that created GRC over 20 years ago. You are learning from and getting certified by THE authoritative source!

Unique Benefits of IT GRC

Rather than just focusing on a single discipline, IT GRC integrates multiple disciplines and helps you become a versatile professional. IT GRC allows you to integrate IT governance, technology risk management, cybersecurity, compliance, data protection, internal controls, and audit.

  1. Integration. Integrate IT governance, risk, and compliance across all functions of your organization.
  2. Versatility. Cut across cybersecurity, data protection, compliance, and audit to be more effective.
  3. Communication. Communicate IT risk and governance priorities to diverse stakeholders and leadership.
  4. Compensation. Demonstrate expertise in one of the fastest-growing fields and accelerate your career.
Learn how to get IT GRC

Is IT GRC right for me?

IT GRC is perfect for anyone who works in IT governance, technology risk management, cybersecurity, compliance, data protection, internal control, internal audit, business continuity, or any function that implements or uses IT systems. IT GRC helps integrate what you do with other departments and disciplines, including mainline business operations.

Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.

When should I get IT GRC?

IT GRC is a versatile certification aimed to serve versatile needs for professionals in all stages of their careers. Professionals can use IT GRC in several scenarios:

  • Starter. Some professionals use IT GRC as a starting point for their careers. By understanding and applying IT GRC capabilities, you get the full breadth of IT governance, technology risk, cybersecurity, compliance, and audit in any organization. You will gain traction ahead of your peers no matter what role you are in today and it gives you a well-rounded foundation to grow into other roles across disciplines over time.
  • Enhancer. Some professionals use IT GRC to enhance an existing certification in risk, compliance, cybersecurity, or audit. For example, a cybersecurity professional may have an existing security certification. IT GRC helps integrate those concepts with business operations, governance, compliance, and audit. An audit manager may hold an internal audit certification. IT GRC helps connect audit with IT governance, risk, and cybersecurity. All of this makes you well-rounded and versatile.
  • Capstone. Some professionals use IT GRC as a capstone "on top of" a collection of existing certifications. IT GRC uniquely integrates IT governance, technology risk, cybersecurity, compliance, data protection, and audit. Professionals with one or more certifications in those disciplines find value in how IT GRC cohesively pulls everything together into a framework and methodology.

IT GRC is for new and experienced professionals

  1. New Professionals

    GRCP is the perfect way to start your career. By understanding and applying all critical disciplines, you have a broad foundation to build a career in any GRC role. GRCP helps you understand the inner workings within and between other departments, including how they operate, think, and what they need to succeed.

  2. Experienced Professionals

    GRCP is the perfect way to enhance existing certifications and to upgrade skills in areas where you lack experience. You may already have a certification from one of the many associations. However, most of these associations focus on a SINGLE discipline. GRCP helps to make you more VERSATILE and well-rounded.

What are you waiting for?

Purchase an All Access Pass to access the IT GRC and all of our other certifications.

Purchase All Access Pass

100 questions over 120 minutes

What is on the IT GRC Exam?

Correctly answer 70 of the 100 questions to pass!

The IT GRC certification exam assesses your knowledge and ability to apply the GRC Capability Model. The exam content is weighted as follows:

30% GRC Key Concepts

  • Understand key concepts associated with Reliably Achieving Objectives, Reliably Addressing Uncertainty, Reliably Acting with Integrity
  • Understand key concepts associated with the Lines of Accountability™ and Integrated Action & Control Model™
  • Understand key concepts associated with measuring the GRC Capability Model

70% GRC Capability Model Details

  • Understand components, elements, and practices
  • Understand key actions and controls
  • Understand design and implementation considerations

Details are grouped by components (adds up to 70%):

  • Learn Component: 15%
  • Align Component: 20%
  • Perform Component: 25%
  • Review Component: 10%

Note: The GRCP certification exam is based on a blueprint that serves as a competency model for GRC professionals. This blueprint was developed through an extensive job analysis and research involving over 1,000 GRC professionals who analyzed over 200 skills to determine their significance in the field of GRC. Additionally, certified GRC professionals (holders of the GRCP™ credential) periodically update the GRC Capability Model and the GRC Professional Exam to reflect relevant changes in GRC disciplines and practices.

  1. Principles, outcomes, and key terms. Prove that you can communicate across disciplines using a common and unambiguous vocabulary.
  2. Core components, practices, and activities. Demonstrate understanding of the components and elements of the GRC Capability model.
  3. Relationship of GRC to disciplines. Discuss how GRC incorporates the governance, management, and audit of strategy, performance, risk, and compliance.
Learn how to get IT GRC

How do I get the IT GRC Certification?

All of our certifications use a similar streamlined process. We pride ourselves on simplicity and accessibility. All of our exams are online and available at any time. No need to schedule! We include everything you need as part of your All Access Pass. To be clear, everything is included for no additional fees.

  1. 1. Get All Access Pass

    Our All Access Pass provides everything you need to prepare for the GRCP and all of our other certification exams. One fee for education, preparation, certification, and maintenance.

    Everything is included for no additional fees.

  2. 2. Prepare for IT GRC

    Study the essential body of knowledge contained in the IT GRC Capability Model and attend IT GRC Fundamentals to learn how to apply it.

    We offer IT GRC Fundamentals via self-study or by attending an in-person course delivered by one of our authorized partners (a great choice if you want localized language and additional examples).

    Our self-study programs are delivered in English and often subtitled in English, Spanish, Arabic, and Bahasa. Need another language? Let us know. The essential body of knowledge and self-study are included for no additional fees.

  3. 3. Apply for IT GRC

    Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds.

    We do not require specific experience or educational degrees to apply.

    Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.

    Application is included for no additional fees.

  4. 4. Earn the IT GRC (Pass!)

    Access the online IT GRC exam anywhere and anytime.

    The exam is limited to two hours (120 minutes) to answer 100 questions. Correctly answer 70 questions to pass. Exams are "open book," which means that you may use Google and other resources while taking an exam.

    You can retake an exam up to six times per year to pass it.

    All retakes are included for no additional fees.

  5. 5. Maintain the IT GRC

    Participate in the streamlined Unified Certification Maintenance program to maintain your certification. All continuing education is automatically tracked and administered under this unified program. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your certifications as appropriate.

    DOUBLE CREDIT! One CPE credit may track to multiple certifications. For example, a course on “Risk Assessments” counts toward all certifications that use Risk Assessment skills.

    All maintenance and CPEs are included for no additional fees.

  6. 6. BONUS! Add More Certifications

    Apply to gain additional certifications. We add new certifications regularly.

    All certifications are included for no additional fees.

How long is my certificate valid?

A streamlined approach to gain and maintain your certification.

We use continuing education requirements to ensure that you stay current with new developments in GRC. You can review the other requirements to maintain your GRCP certification.

  1. When a certificate is awarded, it is awarded from the day you passed the exam to the date of your next Pro membership renewal.
  2. Until your first renewal, your certificate has no CPE requirement (because you spent at least 8 hours preparing for and taking the exam).
  3. Starting your second year, you must earn at least eight (8) credits of continuing education related to the certification topic annuall
  4. When a certificate renews, it renews for a full year until your next Pro membership renewal. Automatic renewal on the day of certificate expiration happens if both of these conditions are true: a) Member has an active AAP and b) CPE requirement has been met (if applicable).
  5. If the expiration date passes and you do not meet both conditions, you have a grace period of 90 days to fulfill both requirements. After the grace period is over, your certification gets deleted from our records, and certificates are no longer available for display.
How to get the GRCP

What are you waiting for?

Purchase an All Access Pass to get access to the IT GRC and all of our other certifications.

Purchase All Access Pass

FAQ about Preparing for GRCP

How long does it take to prepare for IT GRC?

Preparation time varies based on your experience. People who pass the exam report anywhere from 2 hours to 40 hours of preparation before the exam.

This wide range is explained by the differences in background. If you are more experienced in governance, strategy, risk, compliance, ethics, security, or audit, then less time may be required to prepare vs. someone who is new to GRC.

What is the best way to prepare for IT GRC?

The essential body of knowledge for the IT GRC is within the IT GRC workbook. We recommend that you:

  • Carefully study the GRC Capability Model
  • Attend online self-study GRC Fundamentals course
  • (optionally) Attend in-person GRC Fundamentals LIVE! course
  • Practice exam questions
How do I get IT GRC Training?

We offer IT GRC Fundamentals via self-study or by attending an in-person course delivered by one of our authorized partners. Training partners are a great choice if you want the training delivered in your native language and want additional context and examples for applying the concepts. Our self-study programs are delivered in English and subtitled in English, Spanish, Arabic, and Bahasa.

What does it cost to get IT GRC training?

All of our self-study preparation courses are included for no additional fees. This means that GRC Fundamentals is part of your All Access Pass.

Our global training partners charge separate fees for in-person experiences delivered in the localized language. These experiences also provide additional context and examples so that you understand how to implement solutions.

FAQ about the IT GRC Exam

How do I schedule the IT GRC Exam?

All of our exams are online and available at any time. No need to schedule!

How do I apply for the IT GRC exam?

Applying for IT GRC is simple! If you are already an OCEG member, we have most of the information necessary. Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.

As a reminder, our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.

How difficult is the IT GRC Exam?

Most people who pass the exam report that they carefully studied the course materials and completed the IT GRC Fundamentals course.

Those who fail tend to pass on a subsequent attempt if they study and complete GRC Fundamentals or attend a training course with an OCEG training partner.

In other words ... STUDY and WATCH the videos or attend a class if you want to pass the exam.

What is on the IT GRC Exam?

The GRCP certification exam covers both awareness (definitions, terms, and lists) and the application of concepts and knowledge of the GRC Capability Model. The exam breaks out as follows:

15% General Knowledge

  • Understand key terms and definitions related to GRC
  • Understand key principles and business drivers behind GRC
  • Understand the benefits of integrating GRC
  • Understand how GRC relates to other disciplines/professions

85% GRC Capability Model Details

  • Understand components, elements, and practices
  • Understand key actions and controls
  • Understand design and implementation considerations
  • Learn – 20%, Align – 30%, Perform – 30%, Review – 5%
How was the IT GRC Exam developed?

IT GRC topics and questions were determined by conducting an extensive job analysis of over 500 GRC Professionals. Participants in the job analysis were asked to analyze over 200 skills and determine their significance to a GRC professional, executive, or auditor. The job analysis and other research yielded a blueprint that serves as a competency model for the GRCP.

We update the IT GRC coursework and IT GRC Professional Exam periodically to reflect important and relevant changes in GRC disciplines and practices.

How many questions are on the IT GRC Exam?

There are 100 scored questions and up to 15 unscored questions on the exam. We calculate your final score on the 100 scored questions. Scored questions have gone through a rigorous validation process.

The unscored questions are used to introduce and validate new questions without affecting your score. However, the unscored items are not labeled – so make sure you answer each question as if it counts!

All questions are multiple choice.

How do I pass the IT GRC Exam?

You have 2 hours to complete the exam. You must correctly answer 70 of the 100 scored items.

Is the IT GRC Exam "open book" like the real world?

Yes! The IT GRC Exam is open-book, which means that you may use Google and other resources while taking the exam.

We believe that the exam process should reflect modern reality and user experiences. In your job, you use Google and online resources daily. You should be able to use these resources when you learn and when you take the exam.

However, don't be fooled! The exam is challenging even with the help of these resources.

When do I find out if I passed the IT GRC?

You get your result immediately after taking the exam. If you pass, your certificate is immediately available for sharing and printing.

What happens if I fail the IT GRC and how many times can I take the exam?

You may retake the exam up to six (6) times per year. Almost everyone is able to accomplish this goal. We believe that certification should be part of the learning process and help reinforce understanding and not just be a point-in-time proof of memorized knowledge.

Consider being fully prepared each time that you attempt the exam. Our database of questions is extensive, so it is unlikely that you will see the same questions each time that you attempt the exam.

FAQ about Maintaining IT GRC

How long is my certificate valid?
  1. When a certificate is awarded, it is awarded from the day you passed the exam until your next Pro membership renewal date.
  2. There is no CPE requirement until your first renewal (because you spent at least 8 hours preparing for and taking the exam).
  3. Starting your second year, you must earn at least eight (8) credits of continuing education related to the certification topic annually.
  4. Automatic renewal on the day of certificate expiration happens if both of these conditions are true: a) Member has an active AAP and b) CPE requirement has been met (if applicable).
  5. If the expiration date passes and you do not meet both conditions, you have a grace period of 90 days to fulfill the requirements (renewing your AAP and/or getting enough credits). After the grace period is over, your certification gets deleted from our records, and certificates are no longer available for display.
Do I need to recertify every year?

NO! You only need to pass the exam once every five (5) years. We use continuing education requirements to ensure that you stay current with new developments.

How do I maintain the IT GRC?

Maintaining ALL of your certifications is simple and straightforward. We use a Unified Certification Maintenance program on our website. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your certification.

You can see all of your current CPE credits on your Certification Dashboard and CPE Transcript.

The unified program allows you to track one CPE credit to multiple certifications. So, for example, a course on “Risk Assessments” would count toward not only THIS certification but also ALL other certifications that rely on Risk Assessment skills.

How do I submit CPEs for the IT GRC?

You don’t have to!

All continuing education for OCEG certifications is automatically tracked and administered under a unified program on our website.

Whenever you watch a video or attend an event, such as a webinar on our website, it is automatically tracked and counted toward your GRCP (or other OCEG certifications as appropriate).

You may also manually submit CPEs from other pre-approved continuing education experiences.

You can check your CPE progress at any time on your CPE Dashboard.

Do I get "double credit" for CPEs?

Yes! Many of our continuing education experiences count toward multiple OCEG certifications. The unified program also allows you to track one CPE credit to multiple certifications. This means that a single webinar or course can count toward one or more of your certifications.

One experience. Multiple credits.

So, for example, a course on “Risk Assessments” would count toward not only GRCP but also several other certifications that rely on Risk Assessment skills.

Because GRCP is one of our core certifications, almost every CPE experience on our website counts toward your GRCP.

What are you waiting for?

Purchase an All Access Pass to get access to the IT GRC and all of our other certifications.

Purchase All Access Pass
OCEG © 2002 - 2026 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

2942 N 24th St Ste 115 PMB 85352, Phoenix, AZ, 85016-7849, USA

Information & Billing
+1 (602) 234-9278

Principled Performance®, Driving Principled Performance®, Putting Principles Into Practice®, OCEG®, GRC360°®, ActiveLearning®, EventDay® and LeanGRC® are registered trademarks of OCEG®.

Protector Skillset™, Protector Mindset™, Protector Code™, Lines of Accountability™, GRC Professional™, GRCP™, GRC Fundamentals™, GRC Auditor™, GRCA™, GRC Audit Fundamentals™, Data Privacy Fundamentals™, Integrated Data Privacy Professional™, IDPP™, Policy Management Fundamentals™, Integrated Policy Management Professional™, IPMP™, Integrated Audit & Assurance Professional™, IAAP™, Integrated Governance & Oversight Professional™, IGOP™, Integrated Strategy & Performance Professional™, ISPP™, Integrated Risk Management Professional™, IRMP™, Integrated Decision Management Professional™, IDMP™, Integrated Compliance & Ethics Professional™, ICEP™, Integrated Business Continuity Professional™, IBCP™, Integrated Information Security Professional™, IISP™ are trademarks of OCEG®.