Use the code ‘FIREBRAND15’ at checkout for 15% off this month only!
ISC2 Certified in Governance, Risk and Compliance® (CGRC®)
Gain the skills you need to authorise and maintain information systems using the NIST Risk Management Framework (RMF) in just 5 days with Firebrand.
Learn your way
Choose between in-person or online
Award winning
A “Top 20 IT Training Company of the Year”
Certified fast
You’ll be trained in record time
Study with the best
We’ve trained over 135,000 professionals
What you’ll learn
The accelerated course fully aligns with, and covers in depth, the seven domains of the ISC2 CGRC Common Body of Knowledge (CBK®), updated for 2026 to enhance the learning experience for CGRC candidates.
The course shifts away from traditional lecture heavy delivery and moves toward a more engaging, interactive format. This learner focused approach encourages collaboration, discussion, and hands on application—helping delegates deepen their understanding, stay actively involved, and feel more confident and prepared for the exam.
At the end of this course, you’ll either sit the official ISC2 Certified in Governance, Risk and Compliance® (CGRC®) exam or receive an exam voucher to do so. After passing your exam, you will become CGRC® certified.
At Firebrand, we are proud to be an Official Training Preferred Plus Training Partner of ISC2 for 2026 in recognition of our commitment to delivering world-class training, certification, and professional development opportunities for Cybersecurity professionals.
Through our time-tested Lecture | Lab | Review method, you'll get certified faster than traditional training and access official courseware, learn from certified instructors, and train in a distraction-free environment.
In just 5 days, you will learn to:
Demonstrate knowledge in security and privacy governance, risk management, and compliance
Identify and document baseline and inherited controls
Develop implementation strategy
Perform ongoing compliance activities based on requirements
Curriculum
Domain 1: Information Security Risk Management Program
Domain 2: Scope of the Information System
Domain 3: Selection and Approval of Security and Privacy Controls
Domain 4: Implementation of Security and Privacy Controls
Domain 5: Assessment/Audit of Security and Privacy Controls
Prerequisites
Candidates must have a minimum of two years of cumulative work experience in one or more of the seven domains of the CGRC CBK.
A candidate who doesn’t have the required experience to become a CGRC may become an Associate of ISC2 by successfully passing the CGRC examination. The Associate of ISC2 will then have three years to earn the two years of required, relevant experience.
Exam info
At the end of this accelerated course, you'll sit the official ISC2 CGRC® exam at the Firebrand Training Centre, covered by the Firebrand Certification Guarantee. If you receive an exam voucher, you can sit the exam at any Pearson VUE Authorized Test Center, also covered by our Certification Guarantee.
Duration: 3 hours
Format: Multiple-choice
Number of questions: 125
Passing score: 700 out of 1000 points
Languages: English
Security and Privacy Governance, Risk Management, and Compliance Program 16%
Scope of the System (10%)
Selection and Approval of Framework, Security, and Privacy Controls (14%)
Implementation of Security and Privacy Controls (17%)
Assessment/Audit of Security and Privacy Controls (16%)
Upcoming Courses
Filter courses by learning type:
Sorry, there are currently no dates available for this course. Please submit an enquiry and one of our team will contact you about potential future dates or alternative options.
Sorry, there are currently no dates available for this course. Please submit an enquiry and one of our team will contact you about potential future dates or alternative options.
FAQs
This course is for individuals planning to pursue the CGRC certification.
The CGRC is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in federal government, military, civilian roles, local governments and private sector organisations.
Roles include:
--ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues.
--Executives who must "sign off" on Authority to Operate (ATO).
--Inspector Generals (IGs) and auditors who perform independent reviews.
--Program managers who develop or maintain IT systems.
--IT professionals interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management.
Yes, CPE credits can be earned by attending this 4-day CGRC course. ISC2 recognises a maximum of 40 CPEs for an existing ISC2 certification holder; by attending this course, you will earn 38 CPEs.
Yes, we do provide courses suitable for beginners. However, Firebrand's accelerated courses aren't easy and it's essential that you are interested and actively pursuing a career in IT.
Traditional training providers usually run their courses from 9am to 5pm. At Firebrand Training we maximise the number of learning hours to minimise the number of training days, so you’ll be back to your job as quickly as possible. You don’t waste time travelling to several courses and finding an exam centre after that.
Firebrand's accelerated courses are constantly reviewed. We ask our delegates for feedback after every course. We are official partners with leading vendors and therefore, we're provided with certification changes and updates, which we can then implement in our course delivery at a very early stage. This feedback is then analysed in view of changes or discrepancies. We will then address the topics mentioned and have a panel of subject matter experts provide us with valuable suggestions for improvement and solutions.