BCS Practitioner Certificate in Information Risk Management (PCIRM)

What is the BCS Practitioner Certificate in Information Risk Management (PCIRM)?

There is no question that effective risk management is absolutely critical in the protection of information assets.

By attending this 5-day course, you will gain extensive hands-on experience of all the key components of the information risk management process, including conducting risk assessments, evaluating risks and developing risk treatment plans.

The PCIRM training course is closely aligned with, and makes full use of, current and relevant international standards such as ISO 27001, 27005 and 31000.

The course culminates on the final afternoon with a BCS invigilated examination, which consists of scenario-based, multi-choice and short answer questions.

Full Course Outline

Download here PDF

PCIRM – Information Risk Management – Frequently Asked Questions

Why Should you Attend?

By attending this course, you will gain invaluable experience in conducting an information security risk assessment, including business impact analyses and threat and vulnerability assessments.

You will also learn the importance of evaluating risks, selecting controls and presenting results in a way which will form the basis of a risk treatment plan.

The course is equally applicable if you are embarking on information risk management responsibilities or are looking to gain a formal insight into information risk management in support of wider business risk decision-making.

By the end of the course, you will possess the skills and knowledge to enable you to return to your organisation and make a significant contribution to the risk management process and help protect your key information assets.

By passing the end of course exam, you will also acquire a highly valuable industry recognised practitioner certificate which can be used internally and externally as a validation of your expertise and competence in information risk management.

What are the Prerequisites for Attending?

Although there are no mandatory prerequisites, this is an intense and practical course and, as such, you should ideally have at least 2 years’ experience in information security and risk management.  

An understanding of information security standards such as ISO 27001, ISO 27002 and ISO 27005 would be beneficial, as would attendance on the Certificate in Information Security Management Principles course (or similar).

What is the format of URM’s PCIRM Course?

URM delivers the PCIRM Course as both a public schedule and on-site training course. If you attend our public schedule courses, these are typically residential and held at purpose-designed training venues.

URM’s PCIRM course leans heavily on discussions and workshops which are designed to reinforce the concepts being taught and to build your confidence in conducting risk assessments.

The course is also designed to encourage debate, and the sharing of knowledge and experience.

A BCS sample scenario is used through the week, with exercises and workshops stemming from it, as well as mock exams each day to ensure you are well prepared to take and pass the BCS administered 3-hour exam on the final afternoon.

The training day typically runs from 9 am to 5 pm, although you will have numerous opportunities to raise queries with URM’s trainer outside of these hours.

You may wish to use the evenings to review some of the comprehensive courseware notes and practice answering mock exam papers

Why Train With URM?

We believe that the key differentiator between URM and other PCIRM courses is the calibre of our trainers. You will benefit from the fact that all of URM’s trainers are practising risk management consultants.

As such they are able to translate best practice theory into ‘real world’ practical applications. 

When you leave this course you will have the confidence to take what you have learnt and implement it as soon as you return to your organisation.

URM’s trainers all adopt a facilitative approach where the goal is to maximise knowledge and skills sharing across the whole group. 

Should you require clarification on any aspect of the course and the end of the course examination, URM’s trainer will be available at breaks and at the end of the training day to assist you. (URM’s trainers stay on-site through the whole of the training week).

The BCS Sample Question Paper with scenario, is used as a basis for questions, mock questions and exercises throughout the week.

The trainer will provide tips throughout the week on how to answer questions and what exam markers may be looking for in the answers, as well as providing advice on timing in the 3 Section exam paper

URM’s PCIRM course is part of the National Cyber Security Centre (NCSC) Certified Training scheme and, as such, has been rigorously assessed by APMG, its independent certification body for Certified Training.

The means that the course materials, the trainers and the administration processes surrounding the course meet the stated objectives and standards.

You can also be reassured by our track record.

URM is by far the most experienced and successful training provider in the UK, having delivered the course for over 12 years and having consistently achieved a pass rate of 90% and above.

Here are a number of comments from delegates who have sat URM’s PCIRM course

In these different times I was expecting a hard press course timetable but it really worked well. The exercises at the end of each day hit the mark.


Great facilitator - helpful examples provided and an engaging presenter.


Would thoroughly recommend URM.


Thank you for a great course.


The trainer led group discussions really well and enabled collaboration.


bcs training

More about Risk Management

Risk Management Training

Consultancy Services


About URM

Follow us on

PCIRM - Practitioner Certificate in Information Risk Management
PCIRM - Practitioner Certificate in Information Risk Management

This video provides an overview of the Practitioner Certificate in Information Risk Management (PCIRM) course