As reported last April, CRISC - Certified in Risk and Information Systems Control (CRISC) credential - is an experience plus qualification scheme from the association, which has more than 95,000 members worldwide.
Pronounced 'see-risk', the programme runs through until the end of this March, when its progress will be reviewed.
Candidates for the programme must be IT security professionals with at least eight years of experience in the industry and be able to prove they have spent at least six years operating in five key fields.
The key fields identified by ISACA are risk identification, assessment and evaluation,risk response; risk monitoring, information security control, design and implementation; and information security control monitoring and maintenance.
In addition, candidates must also prove at least three years of experience in risk identification, assessment, evaluation, response and monitoring.
Commenting on the 5000 candidate achievement, Urs Fischer, the Swiss chairperson of the ISACA's CRISC certification committee, said that, although it is less than a year old, the programme is already a globally respected and recognised certification.
"This is because it demonstrates an ability to effectively manage IT-related business risk - a skill that is critical to the success of an organisation" he said.