Posted by: Ed Tittel
Like so many other successful trade associations, the former Information Systems Audit and Control Association is now known only by its acronym, ISACA. This is a trade group that offers a number of successful and well-respected IT certifications, including the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM), among others (including the CGEIT and CRISC; see the ISACA Certification page for a complete list).
The ISACA also takes a somewhat old-fashioned approach to cert exam delivery: much as the (ISC)2 (home to the CISSP and numerour other infosec certifications) did until last year, ISACA still books its own exam locations, hires its own proctors, and delivers its certification exams on a periodic basis. Why? Because they haven’t yet concluded that forming a relationship with a company like Prometric or VUE for exam delivery is worth the potential loss of complete control over exam delivery and security that they currently maintain.
Until next year, ISACA exams have usually been delivered on a twice-a-year basis. For 2013, the number of exam dates goes up to three. Thus, instead of dates in June and December, 2013 ISACA adds dates in September for that year. A complete list of locations is available online (June/December, September). While I understand why ISACA still does things this way, I hope they’re investigating a relationship with either or both of Prometric and VUE. As a major purveyor of infosec, risk management, and IT governance credentials, ISACA should start emulating other major programs — like those from Apple, Cisco, CompTIA, and Microsoft, among many others — and make their exams available in testing centers worldwide. That would have to a win for cert candidates, employers, and ISACA alike.