Everything you Need to Know about the PCIRM

Effective information management and the maintenance of its confidentiality, integrity and availability is a vital aspect of any organisation’s continued and successful operation.  To avoid the inappropriate sharing, loss and theft of sensitive information and data assets, organsiations need to employ individuals with a comphrensive understanding of information risk management best practice who can implement systems, policies and processes to identify, analyse and mitigate information security risks.     

One qualification which can provide you with the necessary understanding of information risk management to take on these responsibilities is the Practitioner Certificate in Information Risk Management (PCIRM).  The PCIRM is a practitioner-level qualification, developed and managed by the British Computing Society (BCS), achievement of which will demonstrate that you possess a hands-on level understanding of information risk management.   

Who is the PCIRM for?  

Qualifying to the PCIRM is a hugely beneficial step in the career development of any professional who is involved in information security and needs to be able to understand and implement information risk management processes for the performance of their job role, or for those who want to increase their understanding of risk and how to quantify and analyse it.  On a practical level, achievement of the PCIRM is incredibly useful if you are or are going to be involved in an ISO/IEC 27001 (the International Standard for Information Security Management Systems) conformance or certification project and the associated risk management activities.   

Unlike the Foundation Certificate in Information Security Management Principles (CISMP), the PCIRM is a practitioner-level qualification.  As such, the PCIRM is generally more suited to individuals with an existing understanding of information security and IT. 

What is Covered in the PCIRM?  

The PCIRM syllabus is extremely comprehensive and will provide you with a working knowledge of how to develop and deploy an information risk management strategy in line with the best practice risk management guidelines defined in ISO/IEC 31000 (for risk management) and ISO/IEC 27005 (for information security, cybersecurity and privacy protection).   

To pass the BCS exam and achieve certification, you will need to be able to demonstrate knowledge and understanding of information risk management principles and techniques, the potential benefits of information risk management, and be able to explain and effectively use terminology associated with information risk management such as risk, hazard, proximity, probability, etc.  The syllabus also requires you to have a practical understanding of how to conduct threat and vulnerability assessments, including how levels of likelihood can be quantified and how likelihood can be predicted using historic data.  Alongside this, you will need to understand how to conduct risk assessments and business impact analysis, use information classification schemes, and be able to present the outputs from these activities in a format which will form the basis of a business case for a risk treatment plan.  An understanding of relevant regulations, standards, and legislation, such as the General Data Protection Regulation (GDPR), the Official Secrets Act, and the Payment Card Institute Data Security Standard (PCI DSS), is also necessary for certification.  

How is the PCIRM Assessed?  

The PCIRM is assessed by a 90-minute, closed-book examination which is administered by BCS.  The pass mark for successful certification is 65% (39/60) and candidates are required to answer scenario-based questions across a range of question types, including multiple choice, multiple response and matching questions.  PCIRM examinations are delivered digitally, and will cost £264 (including VAT) if you have decided to self-study, or, if you attend a training course to prepare for the exam, the cost of the examination will generally be included in the price of your training course.  

How Do you Prepare for the PCIRM Examination? 

As mentioned above, there are two main routes you can take in your preparation for the PCIRM exam; self-led study, or attending a PCIRM training course.  If you decide to self-study, the BCS PCIRM syllabus contains a recommended reading list which includes books, legislation, codes of practice, guidance and websites that will help you prepare for the exam.  However, while self-study may be sufficient for individuals who already possess an advanced understanding of information risk management, BCS recommends that candidates attend an accredited training course, such as the PCIRM course delivered by URM.  While the reading list provides you with the necessary information to pass the exam, learning from reading alone can be fairly dry.  A trainer, on the other hand, will facilitate discussions and provide real-world examples which will not only make your exam preparation more engaging, but also put your learning into practical context. 

Training courses can be delivered both in person and remotely but post-pandemic, courses tend to be delivered online.  Training courses usually run over roughly 5 days, although we at URM have opted to spread our course over 6 mornings instead, as full days over Microsoft teams can be challenging for delegates.  

Closing Thoughts 

Achievement of the PCIRM will position you to contribute significantly to the management of your organisation’s information risks and protect your information assets.  It is an excellent addition to the skillset of an already established professional, or for those with an existing interest in and understanding of information risk management looking to advance their career.  By attending an accredited PCIRM training course, you will not only be ideally-placed to receive an industry-recognised qualification from a chartered institute, but also to conduct effective information risk management and help your organisation avoid the financial and reputational damage associated with data breaches. 

Why URM for PCIRM? 

Having delivered our accredited PCIRM course for over 12 years, with a consistent pass rate of over 90%, URM is one of the most experienced and successful training providers in the UK.  All of our trainers are qualified information security practitioners who are able to translate best practice theory into its ‘real-world’ application, and always teach with the aim of facilitating the sharing of skills and knowledge across the entire group.  Following attendance of URM’s PCIRM training course, you will not only be well prepared to sit the exam, but also to return to your organisation with full confidence in your ability to apply what you have learnt.  

Previous delegates of our PCIRM course have said:   

• ‘I really enjoyed the course and thought it was led brilliantly. The trainer was a great tutor and clearly well experienced with a vast knowledge of the subject matter.’ 

• ‘I liked the half-day format. Oftentimes full day sessions for a week can be quite onerous but this broke it up which I liked.’ 
• ‘The course was very good and one of the best I have attended, learnt a lot, and will take away a lot from the course.’ 
• ‘I feel as though the sessions met my expectations, I’m not sure what it could have done to exceed them.’