ISC2 CGRC 30-, 60-, and 90-day study plan with topic order, review loops, and final-week priorities.
This plan is a compact route for Governance, Risk and Compliance Certification (CGRC). It assumes you are using TechExamLexicon for concept clarity and the exact IT Mastery page for practice routing.
| Day | Focus | What to do |
|---|---|---|
| Day 1 | Orientation and scope | Read the exam guide overview and official vendor page, then use this study plan to mark the lanes you already know and the lanes that need practice. |
| Day 2 | Governance and risk management | Align risk appetite, policies, roles, controls, and executive oversight. |
| Day 3 | Authorization and assurance | Understand control selection, assessment, evidence, remediation, authorization, and continuous monitoring. |
| Day 4 | Compliance and frameworks | Map laws, standards, control catalogs, audit needs, and reporting expectations. |
| Day 5 | Privacy and data protection | Manage data inventory, classification, consent, retention, privacy controls, and impact. |
| Day 6 | Third-party and program management | Assess vendors, contracts, SLAs, shared controls, reporting, and ongoing monitoring. |
| Day 7 | Timed review and scheduling decision | Run a timed practice block, review explanations, update a one-page rule sheet, and verify current vendor facts before scheduling. |