Discover your certification today Browse
Open page navigation
riskresource optimizationmanagement processesorganizational changepoliciesstrategic processesstakeholder engagementconnecting processesframeworksinformation gatheringinformation analysiscyber security

Get certified with the latest edition of ISACA’s globally accepted framework.

COBIT 5 provides an end-to-end business view of the governance of enterprise IT, reflecting the central role of information technology in creating value for enterprises of all sizes. 

The principles, practices, analytical tools and models and models found in COBIT 5 embody though leadership and guidance form business, IT and governance experts around the world. 

Certify your ability to:

  • Make informed decisions to reduce information security incidents.
  • Understand business requirements, mission objectives and their priorities.
  • Help organizations achieve strategic goals and realise business benefits through the effective and innovative use of IT.
  • Enable organizations to achieve compliance with relevant laws, regulations, contractual agreements and policies.
  • Improve an organization’s integration of information security.

Foundation

Certify your understanding of the COBIT 5 guidance.

Risk Management, IT Management, IT Governance
Who is the Foundation Level for?
  • Business Managers.
  • Chief Executives.
  • IT/IS Auditors and Internal Auditors.
  • Information Security and IT Practitioners.
What are the key things you will learn?
  • The IT management issues and challenges that affect enterprises.
  • The 5 key principles of COBIT 5 for the governance and management of Enterprise IT.
  • How COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise.
  • The basic concepts for the implementation of COBIT 5.
Exam format:
  • Multiple Choice format
  • 50 questions per paper
  • 25 mark or more required to pass (out of 50 available) - 50%
  • 40 minute duration
  • Closed book

Implementation

Learn to apply COBIT 5 to a range of business challenges and scenarios within your organization.

Risk Management, IT Management, IT Governance
What is required?
  • COBIT 5 Foundation Certificate.
  • (Recommended) Attend an accredited Implementing the NIST standards using COBIT 5 training course.
Who is the Implementation Level for?
  • Consultants.
  • IT practitioners.
  • Business managers.
What are the key things you will learn?
  • How to analyse the enterprise drivers.
  • Assessing current process capability.
  • Applying implementation challenges.
  • Scoping and planning improvements.
Exam format:
  • Objective testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) - 50%
  • 2 ½ hours duration
  • Open book (‘COBIT 5 Implementation’ book and ‘COBIT 5 Enabling Processes Guide’ only)

Assessor

Learn how to guide implementation activities and drive value to the business.

Risk Management, Compliance, Process Management, Information Management & Analysis
What is required?
  • COBIT 5 Foundation Certificate.
  • (Recommended) Attend an accredited Implementing the NIST standards using COBIT 5 training course.
Who is the Assessor level for?
  • Internal and external auditors.
  • IT auditors.
  • Consultants.
What are the key things you will learn?
  • How to perform a process assessment and how to analyze the results to provide a clear determination of process capability.
  • How these results can be used for process improvement, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance ultimately driving value to the business.
  • How to identify and assess the roles and responsibilites in the process capability assessment process. 
Exam format:
  • Objective testing
  • 8 questions per paper with 10 marks available per question
  • 40 marks or more required to pass (out of 80 available) - 50%
  • 2 ½ hours duration
  • Open book, Using COBIT 5 books only. (‘COBIT 5 Assessor Guide: Using COBIT 5’ and ‘COBIT Process Assessment Model’)

Assessor for Security

Learn to provide a clear determination of process cyber security capability.

Risk Management, Cyber Security, Process Management, Information Management & Analysis

You will also learn how these results can be used for process improvement, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance ultimately driving value to the business.

Who is Assessor for Security for?
  • Internal and external auditors.
  • IT auditors.
  • Consultants.
What is required?
  • COBIT 5 Foundation Certificate.
  • (Recommended) Attend an accredited Implementing the NIST standards using COBIT 5 training course.
What are the key things you will learn?
  • How to perform a process capability assessment using the Assessor Guide: using COBIT 5.
  • How to apply the Process Assessment Model (the PAM) in performing a process capability assessment.
  • How to identify and assess the roles and responsibilities in the process capability assessment process.
Exam Format:
  • Objective testing
  • 8 questions per paper with 10 marks available per question
  • 40 marks or more required to pass (out of 80 available) - 50%
  • 2 ½ hours duration
  • Open book, Using COBIT 5 books only. (‘COBIT 5 Assessor Guide: Using COBIT 5’ and ‘COBIT Process Assessment Model’)

Implementing the NIST standards using COBIT 5

Certify your understanding of the NIST Cyber Security Framework (CSF).

Risk Management, Cyber Security
Who is Implementing the National Institute of Standards and Technology (NIST) using COBIT 5 for?
  • Individuals with a basic understanding of both COBIT 5 and security concepts who are involved in improving the cybersecurity program for outside organizations or their own.
What are the key things you will learn?
  • Levels of IT-related risk and how to make informed decisions to reduce information security incidents.
  • Awareness of business impacts.
  • Understanding the relationship of business systems and their associated risk appetite.
  • Understanding of business requirements and mission objectives and their priorities.
Exam format:
  • Objective testing
  • 70 questions per paper with 1 mark available per question.
  • 35 mark or more required to pass (out of 70 available)
  • 75 minutes duration

FIND A TRAINING PROVIDER

Advanced options

RELATED PRODUCTS

Immaculate dinner table

IT Service Management

APMG IT service management solutions

View more
Bridge across a river

Business Information Services Library (BiSL®)

Connecting business information with key management areas

View more
orbital view of earth at night

ISO/IEC 20000

Demonstrate your ongoing commitment to exceptional IT service management

View more

CONTACT US

FAQs

What is COBIT 5?

COBIT 5 is the latest edition of ISACA's globally accepted framework. It provides an end-to-end business view of the governance of enterprise IT, reflecting the central role of information and technology in creating value for enterprises of all sizes. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.

COBIT 5 provides guidance to executives and those charged with making decisions concerning the use of technology in support of organizational objectives. COBIT 5 helps business leaders address the needs of all stakeholders across the enterprise and ultimately maximize the value from information and technology.

How can I train for the COBIT 5 examinations?

Training is available from the network of COBIT 5 Accredited Training Organizations (ATOs) and accredited COBIT 5 individual trainers who are assessed and certified by APMG International. The full list of COBIT 5 ATOs can be found here.

Do I have to receive training to sit the exam? 

It is not mandatory for COBIT 5 Foundation examination candidates to attend a training course before sitting the exam. It will be possible to sit the examination through our network of public exam centres.

How do I sit the exams?

Accredited Training Organization (ATO) or accredited individual trainer, as part of an accredited training course.

Alternatively, candidates who would prefer to self-study can sit the COBIT 5 Foundation exam through one of our public exam centres.

Please note that the COBIT 5 Implementation, Assessor, Assessor for Security and Implementing the NIST standards using COBIT 5 exams are not available via public exam centres. 

How much does it cost to sit the COBIT 5 examination?

The COBIT 5 Foundation, Implementation, Assessor for Security and Assessor exams can be taken via an If you are sitting the examinations through an accredited training organization, the costs of the exams are generally included in the course fee. APMG-International use a global pricing structure, so for those sitting exams at a public exam centre, the cost is dependent on where the exams are being sat. To find out the cost in your region, please contact the APMG-International Service Desk on +44 (0)1494 452450 or at:servicedesk@apmg-international.com 

Are there any pre-requisites for the COBIT 5 examination?

There are no pre-requisites for the foundation examination and Implementing the NIST Standards using COBIT 5 (INCS) examinations. The pre-requisites for the COBIT 5 Implementation, Assessor and Assessor for Security is that the candidate must have passed the COBIT 5 Foundation exam and have attended an accredited Implementation/Assessor/Assessor for Security/ Implementing the NIST Standards using COBIT 5 (INCS) training course.

What study material is available for COBIT 5 and where can I purchase it?

The COBIT 5 Foundation exam is based on the ISACA publication: COBIT 5 a Business Framework for the Governance and Management of Enterprise IT. This can be purchased directly from ISACA or from APMG Business Books.

There is also a supplementary guide which will be provided to you as part of your training course, or when you book your public exam.

The COBIT 5 Implementation exam is based on two ISACA publications:

COBIT 5 Implementation
COBIT 5 Enabling Processes Guide
These can be purchased directly from ISACA or from APMG Business Books.

The COBIT 5 Assessor and Assessor for Security examinations are based on two ISACA publications:

COBIT 5 Assessor Guide: Using COBIT 5
COBIT Process Assessment Model (PAM): Using COBIT 5
These can be purchased directly from ISACA or from APMG Business Books.

The Implementing the NIST Standards using COBIT 5 (INCS) exam is based on two ISACA publications:

COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. This can be purchased directly from ISACA or from APMG Business Books..
Implementing NIST Cybersecurity Framework Using COBIT 5. This can be purchased directly from ISACA

Which languages is the COBIT 5 examination available in?

The COBIT 5 Foundation exam is currently available in English, French, German, Latin American Spanish, Brazilian Portuguese and Polish. The COBIT 5 Implementation, Assessor, Assessor for Security and Implementing the NIST Standards using COBIT 5 (INCS) examinations are available in English only.

How long will it take to learn the COBIT 5 material?

Training courses are generally delivered over 3 days. It is worth investigating with individual providers, as many will offer tailored and blended learning solutions. If you are self-studying for the exam, the amount of time required to learn the material will depend on the individual.

How long is the COBIT 5 qualification valid for?

The COBIT 5 qualifications are not valid for a defined period and do not expire.

When can I expect the results of my COBIT 5 examination?

Your result will be sent to your ATO approximately 7-10 days after your exam date. Your ATO should notify you of your results so please contact them for further details.

For candidates sitting the Foundation exam through a public centre, results will be issued within one week of APMG receiving your completed exam pack from the exam venue.

When will I receive my certificate?

A foundation certificate will be dispatched to you approximately 2 weeks after we have received your exam paper back into our offices, if you only took the foundation exam.

If you sat the Implementation, Assessor or Assessor for Security exams a practitioner certificate will be dispatched 2 weeks after the practitioner results have been released.

Please note that if you have taken your examinations via an ATO, certificates will be dispatched based on the preferences that the ATO selected when booking the exam. The ATO can select either an e-certificate or hard copy and whether this type is sent to the ATO or directly to the candidate.

If you have not received your certificate shortly after the above time frame please contact our Customer Interaction Team – servicedesk@apmg-international.com

What is the pass mark for the COBIT 5 examination?

Candidates must achieve a score of 25/50 (50%) to pass the COBIT 5 Foundation.

Candidates will need to score 40 marks out of 80 (50%) to pass the COBIT 5 Implementation, Assessor and Assessor for Security examinations.

Candidates will need to score 35/70 (50%) to pass the Implementing the NIST Standards using COBIT 5 (INCS) examination.

What pass mark is required to be eligible to become a COBIT 5 trainer?

To be eligible to apply to become a COBIT 5 trainer individuals must achieve:

A score of 66% (33/50) in the Foundation exam
A score of 66% (53/80) in the Implementation, Assessor and Assessor for Security exams
A score of 66% (46/70) in the Implementing the NIST Standards using COBIT 5 (INCS) exam

How do I find out if I scored enough to be eligible to become a trainer?

To find out if you scored enough to be eligible as a trainer, please email servicedesk@apmg-international.com noting your interest. A representative of the Service Desk will be able to advise.

How do I become a COBIT 5 Trainer?

To become a COBIT 5 trainer you will either need to be ‘sponsored’ by an APMG accredited COBIT 5 training organization (ATO) or you can apply to be accredited as an individual trainer.

Please contact the ATO directly to express your interest in becoming an accredited trainer. The ATO will then be responsible for liaising directly with APMG to process your application and undergo accreditation to become a trainer. 

If you would like to be accredited as an individual trainer, please contact your local APMG office for further details on the application process.

How does my organization become a COBIT 5 Accredited Training Organization (ATO)?

An organization wishing to become a COBIT 5 ATO must first submit an application form to either the APMG-International Service Desk or the relevant APMG-International office. Where appropriate, an invoice will be raised and the organization will then be subject to APMG-International's ATO assessment process.

Can I earn CPE credits for passing the COBIT 5 examination?

ISACA does not review and approve specific courses for CPE credit other than those that they offer. However each certification accepts a broad array of topics that will be accepted by ISACA for credit. These topics are covered by the knowledge statements of each certification and include technical and managerial training that is directly applicable to the:

CISA: assessment of information systems or the improvement of audit, control, security or managerial skills (CISA job practice). CPE hours related to management skills must be relevant to management of audits and/or audit resources.
CISM: management, design or assessment of an enterprise’s information security or the improvement of those skills (CISM job practice).
CGEIT: management and governance of enterprise IT governance (CGEIT job practice).
CRISC: risk identification, assessment, evaluation, response and monitoring and the design, implementation, monitoring, and maintenance of IS controls (CRISC job practice).

FIND ME A TRAINING PROVIDER

Please tell us your training requirements and we'll find you a training provider

BECOME A TRAINING ORGANISATION

Please provide your company details to begin your journey to becoming accredited