This examination validates your ability to design, assess, and maintain governance, risk, and compliance programs — spanning GRC frameworks, data privacy law, information assurance, cloud audit, and assessment methodology.
GRC FoundationsISO 27001, NIST CSF 2.0, ISO 31000, COBIT, CIS Controls
Data PrivacyGDPR, CCPA/CPRA, Privacy by Design, cross-border transfers
Security & Privacy GovernanceISMS, SoA, policy hierarchy, metrics
Information AssuranceClassification, BCP/DRP, supply chain, controls
Cloud SecurityAudit rights, SOC 2, shared responsibility, CSA STAR
AST AssessorAssessment methods, independence, evidence quality