Governance, Risk & Compliance

Advanced in AI Audit

ISACA specialization for AI Audit. First certification worldwide specifically for auditing AI systems. Requires active CISA (or comparable audit certification). Three domains: AI Governance & Risk, AI Operations, AI Auditing.

Advanced in AI Risk

ISACA specialization for AI risk management. Beta phase since April 2026. Requires active ISACA or equivalent certification. Focus on AI Risk Governance, AI Risk Program Management, and AI Life Cycle Risk Management.

Advanced in AI Security Management

ISACA specialization for AI Security Management. Requires active CISM or CISSP. Focus on AI Governance & Program Management, AI Risk Management, and AI Technologies & Controls. For security leaders managing AI risks.

Artificial Intelligence Governance Professional

AI risk, governance, and regulatory literacy (EU AI Act, NIST AI RMF).

APMG ISO/IEC 20000 Auditor

APMG ISO/IEC 20000 Auditor

APMG ISO/IEC 20000 Foundation

APMG ISO/IEC 20000 Foundation

APMG ISO/IEC 20000 Practitioner

APMG ISO/IEC 20000 Practitioner

APMG ISO/IEC 27001 Auditor

APMG ISO/IEC 27001 Auditor

APMG ISO/IEC 27001 Foundation

APMG ISO/IEC 27001 Foundation

APMG ISO/IEC 27001 Practitioner

APMG ISO/IEC 27001 Practitioner

BCS Foundation Certifiate in Information Security Management Principles

BCS Foundation Certificate in Information Security Management Principles

BCS Practitioner Certificate in Information Assurance Architecture

BCS Practitioner Certificate in Information Assurance Architecture

BCS Practitioner Certificate in Information Risk Management

BCS Practitioner Certificate in Information Risk Management

IBITGQ Certified Cyber Security Foundation

IBITGQ Certified Cyber Security Foundation

Mile2 Certified Healthcare Information Systems Security Practitioner

Mile2 Certified Healthcare Information Systems Security Practitioner

Mile2 Information Systems Certification and Accredidation Professional

Mile2 Information Systems Certification and Accreditation Professional

Mile2 Certified Information security Management Systems Lead Auditor

Mile2 Certified Information security Management Systems Lead Auditor

Mile2 Certified Information Systems Risk Manager

Mile2 Certified Information Systems Risk Manager

Mile2 Certified Information Systems Security Auditor

Mile2 Certified Information Systems Security Auditor

Mile2 Certified Information Systems Security Manager

Mile2 Certified Information Systems Security Manager

Mile2 Certified Information Systems Security Officer

Mile2 Certified Information Systems Security Officer

ISC2 Certified in Cybersecurity

The CC is ISC2's entry-level certification without experience requirements and explicitly targets career starters, career changers, and students. Notably, ISC2 periodically offers CC training and the exam for free (as part of the 'One Million Certified' initiative), which has significantly increased market penetration. Content covers five domains: Security Principles, Incident Response, Access Control, Network Security, and Security Operations – at a solid but intentionally broad entry level. As a stepping stone to SSCP or CISSP it is well-suited; as a standalone credential it carries less weight than Security+. From September 2026, a new Exam Outline applies.

Certified Chief Information Security Officer

Executive leadership — governance, program mgmt, finance, and strategic planning for security.

EC First Certified CCMC Professional

EC First Certified CCMC Professional

IBITGQ Certified in Managing Cyber Security Risk

IBITGQ Certified in Managing Cyber Security Risk

EC First Certified Cyber Security Architect

EC First Certified Cyber Security Architect

Certified in the Governance of Enterprise IT

Board / executive-level IT governance and investment oversight.

(ISC)2 Certified in Governance, Risk and Compliance

(ISC)2 Certified in Governance, Risk and Compliance

CIISec Information and Cybersecurity Fundamentals

CIISec Information and Cybersecurity Fundamentals

Certified Information Privacy Manager

Running a privacy program end-to-end.

IAPP Certified Information Privacy Professional

IAPP Certified Information Privacy Professional

IBITGQ Certified ISO 27001 Information Security Management Specialist Foundation

IBITGQ Certified ISO 27001 Information Security Management Specialist Foundation

IBITGQ Certified ISO 27001 Information Security Management Specialist Internal Auditor

IBITGQ Certified ISO 27001 Information Security Management Specialist Internal Auditor

IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Auditor

IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Auditor

IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management

IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management

Certified Information Systems Auditor

IS audit, governance, control testing, and assurance.

Certified Information Security Manager

Security program management, risk, governance, and incident governance. The manager / CISO-track signal.

Certified Information Systems Security Professional

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

CISSP Information Systems Security Architecture Professional

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

IBITGQ Certified in Implementing IT Governance - Foundation & Principles

IBITGQ Certified in Implementing IT Governance - Foundation & Principles

PECB Lead Cloud Security Manager

PECB Lead Cloud Security Manager

Mile2 Certified Master Information Systems Security Officer

Mile2 Certified Master Information Systems Security Officer

Certified Responsible AI Governance & Ethics

EC-Council certification for responsible AI governance and ethics. Focus on oversight, risk management, regulatory alignment (NIST AI RMF, ISO 42001), accountability across the AI lifecycle. Brand new since February 2026.

ISACA Certified in Risk of Artificial Intelligence (emerging)

AI risk management and governance — emerging blueprint, expect revisions.

Certified in Risk and Information Systems Control

Enterprise risk identification, assessment, and response + IT controls.

QAI Certified Software Business Analyst

QAI Certified Software Business Analyst

EC First Certified Security Compliance Specialist

EC First Certified Security Compliance Specialist

Shared Assessment Certified Third-Party Risk Assessor

Shared Assessment Certified Third-Party Risk Assessor

Shared Assessment Certified Third-Party Risk Professional

Shared Assessment Certified Third-Party Risk Professional

DRI Associate Cyber Resilience Professional

DRI Associate Cyber Resilience Professional

DRI Certified Business Continuity Auditor

DRI Certified Business Continuity Auditor

DRI Certified Business Continuity Lead Auditor

DRI Certified Business Continuity Lead Auditor

DRI Certified Cyber Resilience Professional

DRI Certified Cyber Resilience Professional

DRI Certified Risk Management Professional

DRI Certified Risk Management Professional

EC Council Certified Security Specialist

EC Council Certified Security Specialist

EC Council Information Security Manager

EC Council Information Security Manager

EXIN ISO/IEC 27001 Expert

EXIN ISO/IEC 27001 Expert

EXIN ISO/IEC 27001 Foundation

EXIN ISO/IEC 27001 Foundation

EXIN ISO/IEC 27001 Professional

EXIN ISO/IEC 27001 Professional

EXIN Cyber & IT Security

EXIN Cyber & IT Security

Fair Institute Analysis Fundamentals

Fair Institute Analysis Fundamentals

EXIN Information Security Foundation

EXIN Information Security Foundation

GIAC Critical Controls Certification

GIAC Critical Controls Certification

GIAC Critical Infrastructure Protection

GIAC Critical Infrastructure Protection

GIAC Foundational Cybersecurity Technologies

GIAC Foundational Cybersecurity Technologies

GIAC Information Security Fundamentals

GIAC Information Security Fundamentals

GIAC Information Security Professional

GIAC Information Security Professional

GIAC Law of Data Security & Investigations

GIAC Law of Data Security & Investigations

OCEG Governance, Risk, and Compliance Auditor

OCEG Governance, Risk, and Compliance Auditor

OCEG Governance, Risk, and Compliance Professional

OCEG Governance, Risk, and Compliance Professional

GIAC Systems and Network Auditor

GIAC Systems and Network Auditor

GIAC Strategic Planning, Policy and Leadership

GIAC Strategic Planning, Policy and Leadership

HealthCare Information Security and Privacy Practitioner

ISC2 certification for healthcare security and privacy. Will be retired in December 2026. Focus on data protection, compliance, and risk management in healthcare. Relevant in the US (HIPAA), less so in Europe.

The Institute of Internal Auditors Certified Internal Auditor

The Institute of Internal Auditors Certified Internal Auditor

IIBA Certification in Cybersecurity Analysis

IIBA Certification in Cybersecurity Analysis

Mile2 IS20 Controls

Mile2 IS20 Controls

PECB ISO/IEC 42001 Lead Auditor

PECB certification for auditing AI Management Systems according to ISO/IEC 42001. Complementary to Lead Implementer. Growing demand through third-party AI audits and regulatory requirements.

PECB ISO/IEC 42001 Lead Implementer

The PECB ISO/IEC 42001 Lead Implementer certificate qualifies professionals to establish and lead an AI Management System (AIMS) according to the international standard ISO/IEC 42001 within an organization—analogous to the well-known ISO 27001 Lead Implementer in the ISMS domain. It is the implementation-oriented counterpart to the Lead Auditor and targets individuals responsible for AIMS rollout. Strength: Strong anchoring in the ISO framework, internationally recognized as a compliance reference for AI governance; practical focus on project management and implementation. Weakness: PECB is a commercial provider with less market recognition than IAPP or CompTIA; the certificate requires substantial professional experience and is therefore not an entry-level certification. The market for ISO-42001-compliant AIMS implementations is still young, which currently limits demand for the certificate.

Information Systems Security Engineering Professional

ISC2 specialization for security engineering, developed in cooperation with NSA. Focus on Systems Security Engineering, Risk Management, and Security Planning. Particularly relevant in US Government/Defense context.

Information Systems Security Management Professional

ISC2 specialization for security management. Requires CISSP. Focus on Leadership, Risk Management, Security Operations, and Compliance Management. For CISOs and senior security executives.

BSI Zertifizierter IT-Grundschutz-Berater

Personnel certification by the Federal Office for Information Security (BSI). The exam is administered exclusively by the BSI in Bonn — 80 questions in 90 minutes with case studies. Strict prerequisites: min. 5 years IT professional experience, including 2 years in information security, plus proven IT-Grundschutz project leadership. Only approx. 287 certified consultants listed nationwide. The BSI follows ISO 17024 but is not DAkkS-accredited — the certificate is issued by governmental authority. In government agencies and KRITIS environments the strongest German credential for IT-Grundschutz competence.

BSI IT-Grundschutz-Praktiker

Entry-level qualification in BSI IT-Grundschutz. 3-day training with a BSI-recognized provider followed by an exam administered by the provider (not by the BSI itself). No professional experience required, no expiration date. Teaches fundamentals of the BSI framework and is a prerequisite for the IT-Grundschutz-Berater. Relevant in German government agencies and KRITIS environments, but not a strong standalone credential. More of a training certificate than a certification.

ITIL Foundation

ITIL Foundation is the established entry point into IT service management and teaches the common vocabulary and core principles of the ITIL framework. The certification is widely recognized globally and is required by many organizations as a baseline qualification for IT operations roles. In February 2026, ITIL Version 5 was released with AI-native enhancements and a unified product and service lifecycle model; ITIL-4 holders can transition via a shortened upgrade path. The exam content itself is conceptual and practice-oriented, but not a technical deep-dive – candidates without IT operations experience typically find it more challenging than expected. For pure cybersecurity careers, the certificate has limited depth, but is valuable for anyone working in security-relevant service management roles.

Certiport IT Specialist - Cybersecurity

Certiport IT Specialist - Cybersecurity

Axelos M_o_R Framework Foundation

Axelos M_o_R Framework Foundation

Axelos M_o_R Practitioner Risk Management

Axelos M_o_R Practitioner Risk Management

NCSC Certified Cybersecurity Professional - Lead Practitioner

NCSC Certified Cybersecurity Professional - Lead Practitioner

NCSC Certified Cybersecurity Professional - Practitioner

NCSC Certified Cybersecurity Professional - Practitioner

NCSC Certified Cybersecurity Professional - Senior Practitioner

NCSC Certified Cybersecurity Professional - Senior Practitioner

Palo Alto Networks Certified Cybersecurity Entry-level Technician

Palo Alto Networks Certified Cybersecurity Entry-level Technician

PCI Qualified Security Assessor

PCI Qualified Security Assessor

PECB ISO/IEC 27001 Foundation

PECB ISO/IEC 27001 Foundation

PECB ISO/IEC 27001 Lead Auditor

The PECB ISO/IEC 27001 Lead Auditor is aimed at professionals who want to independently lead or conduct ISMS audits according to ISO 27001. The certificate is well established in Europe and is recognized by many organizations as proof of audit competence. The exam is demanding and combines standards knowledge with practical auditor expertise. Compared to ISO auditor certifications from other providers, PECB positions itself in the mid-price segment with broad international distribution. For beginners without audit experience, the Foundation level is recommended first.

PECB ISO/IEC 27001 Lead Implementer

The PECB ISO/IEC 27001 Lead Implementer qualifies holders to establish, implement, and manage an ISMS according to ISO 27001. The certificate is the implementation counterpart to the Lead Auditor and is aimed at individuals who lead ISMS projects internally or as external consultants. It is valued by organizations looking to introduce or maintain ISO 27001. The exam is designed to be practical but requires a solid understanding of the standard. Without real project experience, the learning material often remains abstract.

PECB ISO/IEC 27005 Foundation

PECB ISO/IEC 27005 Foundation

PECB ISO/IEC 27005 Lead Risk Manager

PECB ISO/IEC 27005 Lead Risk Manager

PECB ISO/IEC 27005 Risk Manager

PECB ISO/IEC 27005 Risk Manager

PECB ISO/IEC 27032 Lead Cybersecurity Manager

PECB ISO/IEC 27032 Lead Cybersecurity Manager

PECB ISO/IEC 27032 Foundation

PECB ISO/IEC 27032 Foundation

SECO Information Security Foundation

SECO Information Security Foundation

SECO Information Security Management Expert

SECO Information Security Management Expert

SECO Information Security Practitioner

SECO Information Security Practitioner

SABSA Chartered Security Architect - Foundation Certificate

SABSA Chartered Security Architect - Foundation Certificate

SABSA Chartered Security Architect - Master Certificate

SABSA Chartered Security Architect - Master Certificate

SABSA Chartered Security Architect - Practitioner Certificate

The SABSA Chartered Practitioner (SCP) certification is the most internationally recognized qualification for risk-based security architecture at enterprise level. The SABSA framework pursues a consistently business-driven, attribute-based approach to security architecture, clearly distinguishing itself from technology-heavy frameworks. The market for SABSA is niche but highly specialized: the certification is known and valued particularly in large enterprises, the financial sector, and critical infrastructure. The assignment-based exam requires real practical application and cannot be passed through mere memorization – this increases the credibility of the credential. Limited adoption and lengthy training paths are the main limitations.

The H Layer Security Awareness and Culture Professional

The H Layer Security Awareness and Culture Professional

SailPoint Certified Identity Security Engineer

Designs and engineers SailPoint identity solutions across IdentityIQ and Identity Security Cloud (ISC).

Identity governance and administration (IGA) at enterprise scale.

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Microsoft Certified: Security, Compliance, and Identity Fundamentals

TeleTrusT Information Security Professional

High-quality German professional certification for IT security, supported by Bundesverband IT-Sicherheit (TeleTrusT). Examination by DAkkS-accredited bodies (DEKRA, PersCert TÜV). 180 questions in 4 hours, exclusively in German. Covers network security, cryptography, security management (ISO 27001, BSI IT-Grundschutz), IT law (DSGVO/GDPR, NIS-2), and system security. Particularly relevant in government agencies, KRITIS environments, and regulated German enterprises. Not internationally recognized, but a clear quality indicator in Germany. Since 2004, over 2,400 graduates.

TUV Rheinland IT Security Auditor (GERMAN)

TUV Rheinland IT Security Auditor (GERMAN)

TUV Rheinland Cybersecurity Specialist (GERMAN)

TUV Rheinland Cybersecurity Specialist (GERMAN)

TUV IT Security Manager (GERMAN)

TUV IT Security Manager (GERMAN)

TUV Rheinland Mobile Security Analyst (GERMAN)

TUV Rheinland Mobile Security Analyst (GERMAN)