Our Mission

About GRC Certify

Our commitment to excellence and our core values drive us to set and uphold the highest standards in GRC certification. Our values are deeply rooted in collaboration, accountability, and accessibility. We believe in the power of a versatile and informed GRC community, working together to safeguard organizations and create a world of integrity and compliance. 

Through our accredited certification programs, we strive to instill these values in every GRC Professional, helping them become not just experts in their fields, but also advocates for ethical business practices. Our ongoing dedication to improvement ensures that our certifications remain relevant, practical, and valuable, providing individuals with the opportunity to thrive. 

Policies and Procedures

At GRC Certify, we take great pride in our commitment to maintaining the highest standards of certification processes. Our policies and procedures serve as the cornerstone of our certification programs, ensuring transparency, fairness, and consistency throughout the entire journey.

Transparency & Accessibility 

We believe that transparency is fundamental to building trust within the GRC community. Our certification processes are designed to be open, clear, and accessible to all candidates. We provide detailed information about eligibility criteria, examination procedures, and recertification requirements, leaving no room for ambiguity.

Fairness Dedication

Fairness is at the core of our certification administration. We are dedicated to treating every candidate equitably, regardless of background or experience. Our policies are crafted to prevent bias and favoritism, guaranteeing that each individual has an equal opportunity to pursue and achieve GRC certification. 

Continuous Improvement

We continuously review and refine our policies and procedures to uphold the highest standards of fairness, ethics, and professionalism. Our commitment to excellence ensures that GRC Certify remains a trusted partner on your journey to professional certification.
Empty space, drag to resize

GRC Certify Accreditation Standards

GRC Certify standards enhance timeless best practices to be more accessible and streamlined for modern certification programs.

Standard 1:
Content Alignment

Define essential skills with a job task analysis (JTA). Systematically develop the body of knowledge.

Standard 2:
Quality Testing

Use psychometric standards for examinations. Create fair, reliable, and valid exam items.

Standard 3:
Impartial Oversight

Use psychometric standards for examinations. Create fair, reliable, and valid exam items.

Standard 4:
Candidate Requirements

Set clear eligibility criteria for candidates. Define recertification and continuing education rules.

Standard 5:
Operational Excellence

Administer secure and efficient exam processes. Protect candidate privacy and confidentiality.

Standard 6:
Continuous Improvement

Conduct quality checks.
Periodically review and update content.

Standard 7:
Stakeholder Engagement

Involve candidates, experts, and employers. Encourage feedback and transparency.

Standard 8:
Documentation Standards

Provide necessary documents for accreditation. Prepare for third-party audits and reviews.

Standard 9:
Legal and Ethical Compliance

Follow legal and ethical standards.
Protect intellectual property and data.

Standard 10:
Clear Communication

Communicate openly with stakeholders.

Streamlined Process

We ensure that our certification process is more streamlined and simple - but not easy!
We want to help you demonstrate and showcase your skills as fast as possible.
All of our partner organizations must adhere to this streamlined process.

1. Prepare

At GRC Certify, we believe in the power of knowledge accessibility. That's why all our certifications are built upon freely available and open-source standards and study materials. This approach ensures that you can access and study these materials at no cost, making the certification journey more accessible and affordable for everyone.

While our certification materials are readily available, many individuals choose to collaborate with one of our trusted training partners for a more structured learning experience. Working with our partners offers the advantage of additional context, structured guidance, and the option to learn in your preferred language. It's all part of our commitment to providing diverse and flexible learning pathways to support your success in GRC.

2. Apply

At GRC Certify, we embrace inclusivity, welcoming professionals from a wide array of cultural, educational, and professional backgrounds to pursue our certifications.

Our certification programs are open to individuals who share a commitment to The Protector Code, regardless of their previous experience or expertise. We believe in providing equal opportunities to all who are dedicated to upholding these principles.

3. Earn

Achieve success on your terms with our online exams, available at your convenience, aligning perfectly with your schedule.

Just as real life is open book, so are our exams. You can access the same resources you use in your professional role, reflecting the practical nature of your work.

While our exams allow open-book access, they are intentionally rigorous. Adequate preparation is crucial, as they are designed to assess your expertise thoroughly.

4. Maintain

All of our partner organizations are required to offer AUTOMATIC TRACKING of CPEs.

But don't worry, if you ever find yourself in need of assistance or facing a challenging situation, our partner organizations are ready to offer a helping hand to get things on track.

If you ever have an issue with one of our certifications or partner organizations, contact support@grccertify.org

Frequently asked questions

Certification Development Process

GRC Certify works with our partners so that each certification uses a detailed and phased development process. GRC Certify formulates this process based on accreditation standards and best practices, including developing and managing the exam to support reliability, validity, and security.

Each certification goes through development stages, including:

  • Job Task Analysis (JTA).
  • Essential Body of Knowledge (EBK) Development.
  • Exam Blueprint.
  • Item Development and Test Design.
  • Pilot.
  • Beta Copy & Standard-Setting.
  • Production.
  • Maintenance.

General Eligibility

GRC Certify certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. Candidates for GRC Certify certifications include anyone who adheres to The Protector Code. 

Preparing for an Exam

Each GRC Certify certification outlines the Essential Body of Knowledge (EBK) in the Certification Supplement Handbook. The EBK materials are generally available and often open source. The exam assesses knowledge used by a “typical” professional in a “typical” job associated with the EBK. 

This means that the exam does not require specific courses or other materials as a prerequisite to take the exam. GRC Certify exams typically do not require previous job experience, through previous experience does help candidates to pass the exam. 

Authorized training partners offer in-person and online courses if candidates are interested in more directed exam preparation.

Essential Body of Knowledge (EBK) & Blueprint

Each Certification Supplement Handbook details the reference materials and essential body of knowledge (EBK) and its corresponding exam blueprint covering the specific certification. 

Sample Questions

Each Certification Supplement Handbook includes sample questions and answers. The answer key is taken from the question repository and serves as samples of the question type and content found in each exam. 

Credential Certificates & Badges

Successful candidates who pass our certification exams are entitled to display their GRC Certify designation, along with any associated designations, on various platforms, including transcripts, social media profiles, email signatures, and other certification showcases.

Candidates' designations, including any professional "letters" for use in signatures, are documented in a digital certificate and badge. The digital certificate is provided as a high-resolution file that can be printed and framed for display.

Credential Verification

Our certificates are issued in digital format and securely recorded on a blockchain system of record. Each certificate is assigned a unique URL, enabling employers and other stakeholders to instantly verify the authenticity of the credential.

In instances where certificates are provided in hardcopy format, they include a QR code for verification purposes. Stakeholders can easily verify the printed certificate by using a QR reader on their smartphone. Scanning the QR code on the certificate will direct them to an online verification service.

For cases where stakeholders may not have access to online verification, GRC Certify offers guided support for credential verification.

You can reach out to our support team at support@grccertify.org for assistance in verifying credentials.


We prioritize the confidentiality of candidate information. Candidates who choose to be listed in the GRC Certify Public Directory have control over the information they voluntarily provide.

Continuing Education

Being a certified professional entails remaining current with evolving practices. To fulfill this commitment, each certification mandates the completion of eight continuing professional education (CPE) units annually.

A continuing professional education unit is a measure of educational content, roughly equivalent to 60 minutes of instruction. However, in today's digital learning environment, it's important to note that watching courses at an accelerated pace, such as 1.25x or 1.5x speed, may impact the direct correlation between time duration and CPE units.

Double Counting

At GRC Certify, we understand that continuing education (CPE) activities can often cover multiple subjects simultaneously. Therefore, it's important to note that a single CPE course may apply to the requirements of multiple certifications.

Consider a course on "Risk Assessment" – it holds significance for both GRC Professional (GRCP) and GRC Audit (GRCA) certifications. This means that for every hour of participation in this course, you earn TWO units of continuing education. Specifically, ONE unit for GRCP and ONE unit for GRCA.

Electronic Tracking

At GRC Certify, we advocate for seamless continuing education (CPE) tracking. We require that all CPE education providers to implement electronic tracking systems, eliminating the need for tedious paperwork and manual tracking. However, we understand that there may still be instances where individuals need to manually add or correct CPEs.

In such cases, candidates should directly request certificates from CPE event sponsors. It's essential for candidates to review and verify all manually submitted CPE records on the tracking platform to ensure the continued renewal of their GRC Certify credentials.


All GRC Certify Certifications require recertification every five (5) years based on industry standards and best practices.


GRC Certify conducts audits that encompass the following:

Retesting Audits: GRC Certify verifies that a candidate has not attempted the certification exam more than six (6) times within any 12-month period. This practice aligns with current industry standards and retesting best practices. The 12-month duration is calculated from the date of the candidate's initial exam attempt.

Continuing Education (CE) Audits: GRC Certify confirms that candidates have fulfilled their required Continuing Education (CE) units as stipulated for each certification. We strive to collaborate with CPE providers who offer automated tracking and reporting to GRC Certify. Candidates retain the capability to maintain and rectify documentation manually in case of any discrepancies.

Complaints & Appeals

GRC Certify may make adverse decisions, which can encompass various outcomes, including but not limited to:

Denial of a candidate's application.
Denial of certification.
Denial of continuing education.
Denial of certification renewal.
Revocation of certification.

In case of an adverse decision within the areas specified above, GRC Certify will communicate the decision and the process for appealing such decisions to the individuals affected.

For individuals wishing to appeal GRC Certify's adverse decision (referred to as the "Grievant"), the following guidelines and associated timelines must be adhered to:

The appeal request should be submitted within sixty (60) days after the Grievant receives notice of the adverse decision.

The Grievant is responsible for presenting clear and compelling evidence to support the appeal.

GRC Certify will review the appeal request and inform the applicant of the determination.

For a comprehensive understanding of our Appeal Policy, please contact GRC Certify at support@grccertify.org.

It is important to note that all administrative practices and procedures, including the appeals process, will be conducted without discrimination based on factors such as age, race, creed, color, religion, lifestyle, national origin, gender, sexual orientation, veteran status, or disability.
GRC Certify is a member organization of the American National Standards Institute (ANSI) and the Institute for Credentialing Excellence with credentialing efforts that are aligned with the standards set forth in the Standards for Educational and Psychological Testing. (American Educational Research Association, American Psychological Association, & National Council on Education Measurement, 2014.)
Created with