Information Risk Management Training | PCIRM FAQs, what is risk, types of risk, risk management questionnaire, risk management help, about risk management, information security risk management, it risk management, benefits of risk management

What is PCIRM?

PCIRM is a BCS qualification which stands for Practitioner Certificate in Information Risk Management. It is a practitioner-level qualification which demonstrates that you have a hands-on level of understanding of information risk management.

PCIRM – Practitioner Certificate in Information Risk Management

Who is PCIRM aimed at?

PCIRM is aimed at anyone who is involved in information security that needs to understand and implement information risk management processes. The qualification and training course is ideal if you are involved or going to be involved in risk management activities as part of an ISO 27001 implementation project. Equally, if you want to gain a greater understanding of risk and how to quantify and analyse it, attending a PCIRM course will be of real value to you.  We will also help you to articulate information security risk in business language to ensure that it is considered in the same way as other business risks such as operational or financial risk.

URM’s PCIRM training course is based upon the best practice risk management guidelines as presented in ISO 31000 and ISO 27005.  So you can be confident in applying what you learn within your business and knowing that it will be accepted as best practice by ISO 27001 auditors and assessors.

What are the benefits of attending a PCIRM course?

URM’s PCIRM training course provides you with an in-depth knowledge of the processes associated with effective information risk management and, importantly, you will gain experience of conducting those processes in a hands-on learning environment. You will learn how to confidently establish what your most important risks are and how to evaluate them against your organisation’s risk appetite to determine the most appropriate and effective ways of treating them. At the end of the course, you will be in a position to apply information risk management processes within your organisation, enabling you to protect your important information assets more effectively.

Passing the end of course exam and gaining the PCIRM qualification, will provide you with a level of credibility that will greatly enhance your career. If you are looking to embark on a career that includes information risk management responsibilities, PCIRM is the course for you.

What will I learn on a PCIRM training course?

By attending URM’s PCIRM training course, you will learn about all of the component parts of information risk management.  You will learn, for example, how to identify the important information assets in your organisation and understand why they are important. You will also learn how to identify the threats that could harm your key assets and also to assess any vulnerabilities that might lead to those threats materialising. The PCIRM training course also teaches you about the different options available to treat the risks that you have identified and what the most effective and appropriate controls are. Information classification schemes is another subject that is covered on the course along with the most effective ways of communicating information risk to your organisation’s management so that they can make informed decisions on how to proceed.

What is the format of a PCIRM training course?

URM’s PCIRM course is delivered by our experienced information security and risk management consultants and practitioners in a classroom environment. You will learn all the key components of information risk management through a combination of PowerPoint presentations and real-life examples on how to apply risk management processes. Working through case studies in small groups, you will undertake practical exercises on each stage of the risk management process. This will enable you to quickly gain hands-on experience on what you have learned in the classroom. URM’s trainers are experienced information security and risk management practitioners and consultants and will be on hand to discuss and review what you have learned and applied. By attending URM’s PCIRM course, you will build the knowledge and confidence to implement information risk management processes within your own organisation or in your future career.

Are there any pre-requisites to attending a PCIRM course?

As the PCIRM is a practitioners course, it is intended for those who have an understanding of information security and the need for effective risk management. An understanding of IT, ISO 27001 and how information security is managed within your organisation would be advantageous.

How long is the PCIRM training course?

URM’s training course lasts 5 days with the PCIRM examination being taken on the afternoon of the final day.

How long is the PCIRM exam?

The BCS PCIRM exam is three hours long and is broken down into three parts. Section A consists of ten multiple-choice questions and is worth a total of 10 marks. Section B consists of six questions, each of which requires a short paragraph or bullet point answers, with each question being worth 5 marks for a total of 30. Section C consists of three essay style questions which are based on a case study or scenario. Each of these questions is worth 20 marks for a total of 60. The pass mark is 65%.

During URM’s course, we will work through example exam questions with you and will provide you with advice and guidance on the best approach to answering individual questions and sitting the exam as a whole.

URM’s PCIRM course is also certified by the Chartered Institute of Information Security, meaning that the Institute has assessed the course materials and the methodologies and has determined that it meets its stated objectives. Furthermore, the Institute has verified that the course meets the claimed competency level against its Skills Framework. URM’s PCIRM training course was also the first information risk management course in the UK to be certified as part of the GCHQ certified training scheme (now branded under the National Cyber Security Centre scheme).

Many organisations can claim various firsts and bests, but URM’s key differentiator is our trainers. We are all practicing information security consultants and see the challenges you face day to day. We have got extensive experience to draw on and are happy to share, in fact, that’s what we really want to do, so whether it is a question you ask in class or want to spend time with us during breaks, lunch or at the end of the day, we really want to help. We also make sure we make the course relevant to you, by using examples taken from our own experiences, whatever your background or sector.

As such, we adopt a facilitative approach. We want to make sure you learn new skills and importantly, grow in confidence to that you can implement them. We encourage discussion throughout the week whether that is within small groups or as part of the wider class.

Yes, we want you to pass the exam and we pride ourselves on our pass rate but most importantly, we want you to enjoy the course and walk away wiser, empowered and ready to put into action what you have learned.

More about Risk Management

Risk Management Training

Consultancy Services


About URM

Follow us on