Standardized training and professional certification

A strategic objective of IRMCB's mission is to assure the integrity and validity of standardized professional development training and certification programs for individuals involved in enterprise risk management systems. Certification and validation of competence of individuals involved in governance and management of enterprise risk and related management systems has become an important element of an increasingly mobile and global workforce, underscoring the value of industry-recognized credentials that can be carried across national borders.

IRMCB exists to:

  • Establish the minimum baseline requirements necessary to qualify certified professionals managing risk according to well-established best practices of ISO frameworks and standards including NIST, ISO 31000, ISO 27001, ISO 37301, ISO 37001, and ISO 22301;
  • Develop, maintain, and license reliable, valid, and current certification preparation curriculum and training to be delivered through authorized training and certification member organizations;
  • Develop, maintain, and license reliable, valid, and current certification examinations to be proctored through IRMCB authorized training and certification member organizations;
  • Establish requirements for the periodic renewal of certification and determining compliance with those requirements;
  • Ascertain that certificants meet ethical standards in their professional practice; and
  • Promote the benefits of certification to employers, public officials, practitioners in related fields, and the public.

IRMCB Authorized Training and Education Centers (ATECs) provide IRMCB-standardized training, examination, and certification services for individuals.

Professional certifications

ISO 31000 Enterprise Risk Management


CICRA 250As the foundation session of IRMCB risk management training courses, this 3-day risk management strategy training and policy workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:

  • Describe the principles and processes of risk management;
  • Provide a thorough overview of the requirements of ISO 31000, ISO 31010, and 27005;
  • Give practical guidance on designing and implementing a suitable enterprise risk management framework;
  • Establish a firm program starting point by using ISO standards 31000, 31010, and 27005 to build out the initial ERM core policy; and
  • Provides pre-requisite training for professional certification as an ISO 31000 Certified Internal Controls Risk Analyst™ (CICRA™).

Certified NIST AI RMF 1.0 Architect

 The NIST AI Risk Management Framework is designed to equip organizations and individuals with approaches that increase the trustworthiness of AI systems, and to help foster the responsible design, development, deployment, and use of AI systems over time. The Framework training is intended to be practical, adapting to the AI landscape as AI technologies continue to develop. The AI RMF is intended to be utilized by organizations in varying degrees and capacities so society can benefit from AI, while also being protected from its potential risks.

The Certified NIST AI RMF 1.0 Architect is the AI risk management credential supporting a career in the responsible design, development, deployment, use, and evaluation of AI products, services, and systems. This certification validates competence and understanding for developing and managing AI risk-management based upon the NIST Artificial Intelligence Risk Management Framework 1.0.

NIST Cybersecurity Framework 2.0 Lead Implementer


The Certified NIST CSF 2.0 LI certification certifies your ability to implement the formal structure, governance, and policy of a robust cybersecurity framework following internationally recognized and respected NIST best practices and standards. 

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to manage, monitor, and improve NIST Cybersecurity Framework 2.0 policy and program in line with the NIST CSF 2.0 and related standards of best practice;
  • expand your cybersecurity competency;
  • be prepared to integrate a robust NIST CSF program into an ISO 27001 Information Security Management System (ISMS)
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

NIST Cybersecurity Framework 2.0 Lead Auditor


The Certified NIST CSF 2.0 LA certification accredits your ability to assess and audit the formal structure, governance, and policy of a robust cybersecurity framework following internationally recognized and respected NIST best practices and standards. 

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to assess and audit NIST Cybersecurity Framework policy and program in line with the NIST CSF 2.0 and related standards of best practice;
  • expand your cybersecurity competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

Certified ISO 27001 Lead Implementer


CLI 250Building upon the foundation understanding of the ISO 27005 risk management framework validated by the Certified Internal Controls Risk Analyst (CICRA) credential, the Certified ISO 27001 LI certification certifies your ability to implement the formal structure, governance, and policy of an ISO 27001 conforming Information Security Management System (ISMS). 

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to manage, monitor, and improve an Information Security Management System in line with the current ISO 27001 and 27002 standards of best practice;
  • expand your information security competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

Certified ISO 27001 Internal Controls Architect


CICA 250Building upon the foundation understanding of the ISO 27005 risk management framework validated by the Certified Internal Controls Risk Analyst credential, the ISO 27001 Certified Internal Controls Architect (CICA) certification certifies your ability to develop the formal structure, governance, and policy of an ISO 27001 conforming Information Security Management System (ISMS). Furthermore, the CICA certification ensures that you are qualified to develop strategic objectives according to core ISO 27001, 27002, 27003, and 27005 best practices.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to develop, manage, monitor, and improve an Information Security Management System in line with the current ISO 27001 and 27002 standards of best practice;
  • expand your information security competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

Certified ISO 27001 Lead Auditor

CLA 250Building upon the foundation understanding of the ISO 31000 and 27005 risk management frameworks, and the ISO 27001 framework validated by the Certified Internal Controls Architect credential, the ISO 27001 Lead Auditor certification by CIS further certifies your ability to audit the formal structure, governance, and policy of an ISO 27001 conforming Information Security Mgmt. System (ISMS). Furthermore, the ISO 27001 Lead Auditor certification ensures that you are qualified to assure strategic objectives according to core ISO best practices. 

This professional certification is applicable to those needing to conduct internal or external audits of a risk management system supporting an ISMS, or how to manage an ISO ISMS audit program. This is the only ISO 27001 Lead Auditor training and professional examination program to incorporate ISO's 27007 standard as core content within its program.

Upon completion of this training and certificate program, participants will:

  • be equipped with knowledge and skills required to perform audits of Information Security Mgmt. Systems (ISMS) against the ISMS standards;
  • be able to expand participants' auditing competency;
  • be able to increase participants' credibility through gaining international recognition; and
  • be able to improve participants' résumé/CV and help to increase participants' earning potential.

Certified ISO 22301 Business Continuity Strategist


CBCS 250CBCS is an executive business continuity governance certification appropriate for all members of the BCMS or ISMS committee. This certification maps to the strategy competence requirements of ISO best practices. ISO advocates that the business process of business continuity and disaster recovery management should begin with the development of a clear continuity strategy establishing what the organization needs to accomplish with its BCM program based upon thorough risk analysis and evaluation by the proper risk decision-makers within the organization. Building upon the foundation understanding of the ISO 31000 risk management framework validated by the Certified Internal Controls Risk Analyst credential, the IRMCB Certified Business Continuity Strategist (CBCS) certification validates your ability to develop the formal structure, governance, and policy of the Business Continuity Management System (BCMS) using the framework presented in ISO 22301. Furthermore the CBCS certification ensures that you are qualified to develop strategic objectives including, but not limited to:

  • Determining and guiding the selection of alternative business recovery operating strategies for continuation of business within recovery time and/or recovery point objectives, while maintaining the organization's critical functions.
  • Delivering solutions for continuation of business within the recovery time and/or recovery point objectives, whilst maintaining the organization's critical functions.
  • Developing, coordinating, evaluating and creating plans and procedures to communicate with internal stakeholders during incidents.
  • The provision of post-incident support and guidance for employees and their families. 

Certified ISO 22301 Business Continuity Manager

CBCM 250This is the expert-level business continuity management certification. This certification maps to all ISO 22301 competence requirements. Building upon the foundation understanding of the Business Continuity Management System (BCMS) platform validated by the Certified Business Continuity Strategist credential, the Certified Business Continuity Manager (CBCM) attests to your ability to develop the necessary incident management plans (IMPs) and response procedures necessary to fulfill the strategic objectives that have already been finalized. The CBCM also certifies that you have the necessary knowledge and skills to properly administrate the deployment, testing, and maintenance of IMPs and response procedures.

Furthermore the CBCM certification ensures that you are qualified to develop strategic objectives including, but not limited to:

  • determine and guide the selection of alternative business recovery operating strategies for continuation of business within recovery time and/or recovery point objectives, while maintaining the organization's critical functions;
  • deliver solutions for continuation of business within the recovery time and/or recovery point objectives, whilst maintaining the organization's critical functions;
  • develop, coordinate, and evaluate plans and procedures to communicate with internal stakeholders during incidents; 
  • provide post-incident support and guidance for employees and their families

Certified ISO 37001 Anti-Bribery & Corruption Manager


CABCM 250ISO 37001 CABCM™ is the anti-bribery management certification appropriate for managers at every level, including top management at the officer and vice president level. This certification validates competence and understanding for developing and managing a custom anti-bribery and anti-corruption system and methodology based upon the ISO Anti-Bribery Management System framework.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to develop, manage, monitor, and improve an Anti-Bribery Management System (ABMS) in line with the ISO standard of best practices;
  • satisfy your own training and competence requirements for your organization's ISO 37001:2016 certification audit;
  • expand your anti-bribery and anti-corruption management competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and increasing your earning potential. 

Certified Fraud Control Professional


CFCP 250This is the mid-level fraud control certification for fraud control professionals with at least two years of qualified experience. You have already been involved with controlling fraud in your career for at least two years as an accountant, human resource professional, auditor, security professional, or manager, but are now ready to base your career in fraud control. Your experience in the field is an important component of your value to an employer. But experience just isn’t enough. Employers need something quantifiable and verifiable to show them you have the expertise they need. Earning the CFCP™ certification will give you the credential and proof of expertise today's employers require.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to prevent, detect, and investigate potential occupational fraud and abuse;
  • expand your fraud control competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

Certified Fraud Control Manager

CFCM 250This is the expert-level fraud control certification for fraud control professionals with at least five years of qualified experience. One of your primary responsibilities is protecting the organization from suffering losses and business disruption resulting from internal occupational fraud and abuse. Your experience in the field is an important component of your value to an employer. As a designated leader of fraud prevention, detection, and investigation processes, your employer counts on you to mitigate fraud risk throughout the enterprise. You have at least five years fraud control related experience, but experience just isn’t enough. Employers need something quantifiable and verifiable to show them you have the expertise they need, and you want to establish occupational identity with a respected certification in internal fraud risk prevention and mitigation. Earning the CFCM™ certification will give you the credential and proof of expertise today's employers require.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to prevent, detect, and investigate potential occupational fraud and abuse;
  • expand your fraud control competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

CIS Policy Workshop: ISO 37301 Compliance Management


CPP 250ISO 37301 CCP™ is the compliance management certification appropriate for managers at every level, including top management at the officer and vice president level. This certification validates competence and understanding for developing and managing a custom risk-based compliance management system and methodology based upon the ISO Compliance Management System framework.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to develop, manage, monitor, and improve a Compliance Management System in line with the ISO 37301 standard of best practices;
  • expand your compliance management competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and increasing your earning potential. 

Certified ISO 45001 Lead Implementer

ISO 45001 LI™ is the occupational health & safety management certification appropriate for managers at every level, including top management at the officer and vice president level. This certification validates competence and understanding for developing and managing a custom risk-based occupational health & safety management system and methodology based upon the ISO 45001 OH&S Management System framework.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to develop, manage, monitor, and improve an Occupational Health & Safety Management System in line with the ISO 45001 standard of best practices;
  • expand your OH&S management competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and increasing your earning potential.