The Open Group FAIR Certification for People Program FAQs

Printer-friendly version

Q. What is FAIR?

A. FAIR, or Factor Analysis of Information Risk, is a risk analysis methodology. The Open Group has published two standards based upon FAIR. These are the Open Risk Taxonomy Standard (O-RT), and the Open Risk Analysis Standard (O-RA).

Q. How many levels are there in The Open Group FAIR Certification for People Program?

A. The program currently has a single level (Open FAIR Foundation). In the future we expect to offer an advanced level (Open FAIR Certified).

Q. Who is Open FAIR certification aimed at?

A. The program has been developed to meet the needs of the risk analyst community, including employers, and risk analysts.

Q. What comprises the FAIR Body of Knowledge, and where can I find the documents?

A. The body of knowledge for FAIR includes the two standards referenced above. They can be obtained from the Open Group publications site. In addition to the two official standards, risk analysts preparing for the certification exam may find these other Open Group risk publications helpful:

Q. Does the Open FAIR certification expire, are there CPE’s, and how does renewal of the certification work?

A. The Open FAIR certification does not expire, and there are no CPE’s or annual maintenance fees. The certification is awarded to a specific version of the underlying standards.

Q. Is a commercial license required when using the Open Risk Taxonomy (O-RT) or Open Risk Analysis (O-RA) standards?  

A. If your organization uses these standards for commercial purposes, then the answer is yes. Contact Brent Muth for more details.

Q. I was previously FAIR certified through Risk Management Insights or CXOWARE.  What is the path for me to get this new Open FAIR Foundation certification?

A. Risk professionals certified by either of these organizations previously are eligible to sit for the Open FAIR Foundation exam at a reduced rate. For details, contact CXOWARE at: training(at)

Q. How can I find an accredited trainer for FAIR?

A. A number of training organizations are in the process of attaining accreditation. As training organizations are accredited, they will be posted in the Accredited Course Register at:

Q. I already use FAIR and understand the Body of Knowledge, am I required to take a training course in order to sit for the examination?

A. No, you may self-study using the body of knowledge materials mentioned previously. Candidates may also prepare by taking a FAIR risk analysis training course.

Q. Where and when are Open FAIR Foundation examinations given?

A. The Open FAIR Foundation examinations are given by Pearson VUE, and are available at their test centers. For more details see the Certification FAQs.

Q. I have been considering the CRISC certification from ISACA. How does Open FAIR differ from the CRISC certification?

A. The ISACA CRISC certification “prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.” The Open FAIR certification is complementary to the CRISC, and helps risk analysts to perform effective risk analysis. The CRISC is a little higher level, and is more broadly focused on risk management. Open FAIR Foundation provides more depth regarding how to perform a risk analysis.

In addition, efforts have been made to align risk analysis terms and definitions between the two certifications and their respective bodies of knowledge.

Open FAIR Sponsors