ISC2 Governance Risk Compliance Certification

ISC2 CGRC certification exam guide exam help

A current guide to Certified in Governance, Risk and Compliance, including the June 15, 2024 exam outline, 3-hour timing, 125 multiple-choice and advanced items, 700 passing score, Pearson VUE delivery, seven domain weights, English-language availability, and two years of required work experience.

CGRC focuses on security and privacy authorization work: governance, risk, system scope, controls, assessment, compliance decisions, residual risk, ongoing monitoring, and evidence maintenance.

Study the CGRC guide

CGRC (Certified in Governance, Risk and Compliance) exam help coverage

May 13, 2026

Official ISC2-aligned guide focused on the current CGRC outline, item count, timing, passing grade, Pearson VUE delivery, language, and work-experience requirement.
Domain-weight checklist covering GRC Program 16%, Scope 10%, Controls Selection 14%, Controls Implementation 17%, Assessment/Audit 16%, System Compliance 14%, and Compliance Maintenance 13%.
Authorization lifecycle checklist covering system scope, framework selection, controls, implementation evidence, assessment, compliance decision, residual risk, and documentation.
Ongoing compliance checklist covering change management, monitoring, incident and contingency activities, security updates, risk remediation, evidence collection, awareness, training, and stakeholder communication.

CGRC (Certified in Governance, Risk and Compliance) exam help quick summary

Use these points before preparing for the ISC2 CGRC exam.

Exam Owner

CGRC is administered by ISC2.

Current Outline

The current CGRC exam outline is effective June 15, 2024.

Format

ISC2 lists 125 multiple-choice and advanced item types in a 3-hour exam.

Passing Grade

The passing grade is 700 out of 1000 points.

Delivery And Language

CGRC is delivered through Pearson VUE and listed in English.

Experience

ISC2 lists two years of required work experience for CGRC.

Use The Current Outline Date

ISC2 lists the current CGRC exam outline as effective June 15, 2024. Preparation should map to the seven-domain outline rather than older CAP-era materials.

Follow The Authorization Lifecycle

CGRC is built around system authorization and compliance evidence. Candidates should understand how governance, scope, controls, assessment, compliance, and maintenance fit together.

Balance Domain Weights

Implementation of Security and Privacy Controls is the largest single domain at 17%, but five domains sit between 14% and 16%, so broad coverage matters.

Prepare For Pearson VUE Delivery

CGRC is delivered through Pearson VUE. Candidates should confirm appointment details, ID, check-in rules, language, timing, and ISC2 candidate agreement expectations.

take my exam for me

Use this CGRC (Certified in Governance, Risk and Compliance) exam help page for exam-specific context, then compare the broader online exam help services page or contact HiraEdu if you need a direct handoff. This page stays focused on CGRC (Certified in Governance, Risk and Compliance) while the linked service pages cover broader exam support options.

Full guide

CGRC (Certified in Governance, Risk and Compliance) exam help guide

Category: Cybersecurity & IT Security

ISC2's Certified in Governance, Risk and Compliance (CGRC) credential is designed for information security practitioners who support security risk management and information system authorization in accordance with legal and regulatory requirements. The current CGRC exam outline is effective June 15, 2024. ISC2 lists a 3-hour exam with 125 multiple-choice and advanced item types, a passing grade of 700 out of 1000 points, English-language delivery, and two years of required work experience. The current seven domain weights are Security and Privacy Governance, Risk Management, and Compliance Program 16%, Scope of the System 10%, Selection and Approval of Framework, Security, and Privacy Controls 14%, Implementation of Security and Privacy Controls 17%, Assessment/Audit of Security and Privacy Controls 16%, System Compliance 14%, and Compliance Maintenance 13%. Preparation should cover GRC frameworks, system scope, control selection, implementation evidence, security and privacy assessment, system compliance decisions, residual risk, change management, ongoing monitoring, documentation, and stakeholder communication.

Common CGRC (Certified in Governance, Risk and Compliance) exam help questions

How many questions are on the ISC2 CGRC exam?

ISC2 lists 125 multiple-choice and advanced item types on the current CGRC exam.

How long is the ISC2 CGRC exam?

ISC2 lists the CGRC exam length as 3 hours.

What score do I need to pass CGRC?

ISC2 lists a passing grade of 700 out of 1000 points.

What are the current CGRC domain weights?

The current outline lists GRC Program 16%, Scope of the System 10%, Controls Selection 14%, Controls Implementation 17%, Assessment/Audit 16%, System Compliance 14%, and Compliance Maintenance 13%.

What work experience is required for CGRC?

ISC2 lists two years of required work experience for the CGRC credential.

Quick facts

Vendor / platform: Pearson VUE
Category: Cybersecurity & IT Security
Last updated: May 13, 2026

Start your CGRC (Certified in Governance, Risk and Compliance) exam help plan

Confirm Eligibility

Review ISC2 membership and experience requirements, including the listed two years of required CGRC work experience.

Map The Seven Domains

Build a study map for GRC Program, Scope, Controls Selection, Controls Implementation, Assessment/Audit, System Compliance, and Compliance Maintenance.

Drill Documentation Flow

Practice how authorization evidence moves from system scope through control selection, implementation, assessment, compliance decision, residual risk, and maintenance.

Drill Frameworks And Controls

Review NIST, ISO/IEC, COBIT, risk frameworks, privacy requirements, control baselines, assessment methods, and stakeholder responsibilities.

Run Exam-Day Checks

Confirm Pearson VUE appointment details, ID requirements, check-in timing, 3-hour pacing, ISC2 candidate rules, and the 700-point passing standard.

CGRC (Certified in Governance, Risk and Compliance) exam help next steps

Use the guide to self-serve, or talk to a coordinator if you need help mapping timelines, official requirements, or troubleshooting day-of logistics.

Call +1 (206) 821-1164 View all exam services

More exam help options

Related Cybersecurity & IT Security exam help

CISSP (Certified Information Systems Security Professional)
Pearson VUE
View service
CCSP (Certified Cloud Security Professional)
Pearson VUE
View service
SSCP (Systems Security Certified Practitioner)
Pearson VUE
View service
CC (Certified in Cybersecurity)
Pearson VUE
View service
CSSLP (Certified Secure Software Lifecycle Professional)
Pearson VUE
View service
CISM (Certified Information Security Manager)
PSI
View service

Loading exam details…