Secretaris

Information Systems Audit and Control Association (ISACA) — commonly referred to in many contexts as the Information Systems Audit and Control Association Chapter when referencing its local chapters — is a global professional association and membership organization that serves information technology, assurance, governance, risk, privacy, and cybersecurity professionals. Founded in 1969, ISACA has evolved from a community of IT auditors into an international standards-setting, certification, education, research, and advocacy organization focused on promoting the governance and effective, responsible use of information and technology across enterprises. The organization operates both at a global level and through an extensive network of local chapters in countries and regions around the world; these chapters provide local events, networking, continuing professional education (CPE) opportunities, study groups, and community services that support the professional development goals of ISACA members and local employers. Core business activities: ISACA’s primary activities include professional certification development and administration, framework and guidance publication, professional education and training, research and benchmarking, and membership services. One of ISACA’s most prominent contributions to the technology and governance landscape is the development and stewardship of widely adopted frameworks and guidance, most notably the COBIT (Control Objectives for Information and Related Technologies) framework for IT governance and management. COBIT is used by organizations for designing, implementing, monitoring, and improving governance and management practices for enterprise information and technology. ISACA also produces guidance, standards, and frameworks addressing audit practices, risk management, cybersecurity controls, privacy, IT compliance, and enterprise governance. Certifications and credentialing are central to ISACA’s work. ISACA develops and maintains globally recognized professional certifications that validate skills and knowledge across information systems audit, risk management, governance, cybersecurity, and assurance disciplines. Core certification programs include Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified in the Governance of Enterprise IT (CGEIT). In addition to these flagship credentials, ISACA has introduced other certificates and training programs, including cybersecurity-focused and practitioner-level offerings such as the CSX (Cybersecurity Nexus) platform and associated credentials. ISACA’s credentialing programs include formal examination processes, candidate eligibility requirements, continuing professional education requirements, and codes of professional ethics and conduct. Products and services: ISACA publishes a wide range of practical products and services aimed at enterprises, practitioners, and academic institutions. These include framework publications (e.g., COBIT publications and supporting implementation guides), toolkits for audit and assurance, benchmarking reports, industry research studies, and practice guides for specific domains such as privacy, risk management, and cloud computing. ISACA also produces the ISACA Journal, a peer-reviewed professional journal that features research articles, case studies, and practical guidance for practitioners. The organization provides classroom and online training, official exam preparation materials, virtual labs, and instructor-led courses designed to prepare candidates for certification examinations and to help organizations build workforce capabilities. Education and events: Through both global events and locally organized chapter activities, ISACA organizes conferences, webinars, workshops, and training events that cover current and emerging technology topics, regulatory developments, and best practices in governance, assurance, risk, and cybersecurity. Global conferences and summits convene professionals, practitioners, thought leaders, and vendors to share knowledge, present research, and explore evolving practice areas such as cloud security, privacy regulations, artificial intelligence governance, and cyber resilience. Local chapters extend these offerings into in-person study groups, networking sessions, and employer outreach programs, enabling professionals to earn continuing education credits and to participate in community-driven initiatives. Membership and community services: ISACA maintains a large and active membership base composed of IT auditors, information security managers, risk and compliance specialists, governance professionals, consultants, and academics. Membership benefits typically include access to research and publications, discounted exam and training fees, local chapter programming, industry benchmarking data, online communities, job boards, and professional networking opportunities. Chapters play a key role in building local professional ecosystems by collaborating with educational institutions, employers, and public-sector agencies to promote upskilling and workforce development. Research and advocacy: ISACA invests in research programs and produces reports on trends, practices, and metrics that influence how organizations manage and secure information and technology. Research topics have included cybersecurity workforce development, risk and compliance benchmarking, digital transformation controls, privacy program maturity, and governance implications of emerging technologies. ISACA also engages with standards bodies, regulators, and industry stakeholders to promote sound governance and risk management practices and to provide practical guidance that helps organizations address regulatory and operational challenges. Organizational structure and local presence: ISACA is structured to operate globally while empowering local chapters to serve specific regional and professional communities. Chapters are volunteer-led and provide localized programming aligned with the broader objectives of the parent organization, enabling members to participate in volunteer leadership roles, contribute to local knowledge sharing, and connect with regional employers. The relationship between the global ISACA organization and its chapters supports a distributed model for professional development and ensures consistent access to credentialing, standards, and up-to-date professional guidance. Overall, ISACA — including its network of Information Systems Audit and Control Association chapters — functions as a central professional body for individuals and organizations involved in governing, securing, auditing, and managing enterprise information systems and technology. Its certifications, frameworks, publications, training, and local chapter activities are designed to raise professional standards, provide practical implementation guidance, and foster a global community of practitioners focused on trustworthy, resilient, and well-governed information and technology systems.