All Practice Exams

100+ Free BCS PCIRM Practice Questions

Pass your BCS Practitioner Certificate in Information Risk Management (PCIRM) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free

Loading practice questions...

Same family resources

Explore More BCS Practitioner Diplomas (UK)

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

2026 Statistics

Key Facts: BCS PCIRM Exam

39/60

Pass Mark (65%)

BCS syllabus v7.1

90 min

Exam Duration

BCS

£230

UK Exam Fee

BCS (incl. £35 remote proctoring)

Closed book

Exam Conditions

BCS

21% + 21%

ID + Assessment Weight

BCS question weighting

56 hrs

Total Qualification Time

BCS syllabus

BCS PCIRM is a closed-book 90-minute supervised digital scenario exam (pass 39/60). UK exam fee is £230 including remote proctoring. Syllabus v7.1 weights risk identification and risk assessment at 21% each, risk treatment at 19%, programme establishment at 12%, fundamentals at 10%, with smaller shares for concepts, monitoring and business-case presentation.

Sample BCS PCIRM Practice Questions

Try these sample questions to test your BCS PCIRM exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1According to the BCS PCIRM syllabus, which statement best describes the purpose of information risk management?
A.To identify, analyse and manage risks to information assets so harm to the business and individuals is minimised
B.To replace information security policies with insurance alone
C.To ensure only IT staff handle organisational data
D.To eliminate all organisational risk permanently
Explanation: PCIRM section 1 frames information risk management as protecting organisational information against inappropriate sharing and cyber threats through systems, policies, procedures and skilled people. Total elimination of risk is unrealistic; the aim is managed reduction of harm.
2In the information lifecycle context used by PCIRM, when should information risk management activities be considered?
A.Only after a breach has already occurred
B.Throughout the lifecycle of information, whenever information is created, used, shared, stored or disposed of
C.Only during annual financial audits
D.Only when hardware is purchased
Explanation: Syllabus 1.1 covers the lifecycle of information and when IRM should be undertaken. Risk considerations apply across creation, use, sharing, storage and disposal—not only after incidents or at purchase time.
3Which parts of an organisation may practice information risk management, according to PCIRM concepts?
A.Only the marketing team
B.Only the legal department
C.Any parts of the organisation that create, process, store or are accountable for information assets
D.Only external auditors
Explanation: Syllabus 1.1 asks which parts of an organisation may practice IRM. Responsibility is organisation-wide wherever information is handled or owned, not confined to one support function.
4Why must organisations take account of information risk in their operating context?
A.Because information risk only affects paper archives
B.Because insurance always covers every cyber loss in full
C.Because regulators ban all digital systems
D.Because compromise of information can damage operations, reputation, legal compliance and stakeholder trust
Explanation: Syllabus 1.2 covers why organisations must account for information risk and the benefits versus consequences of (not) undertaking IRM. Impacts span operations, reputation, compliance and individuals—not only paper records.
5Which is a potential consequence of NOT undertaking information risk management?
A.Increased exposure to breaches, regulatory penalties, operational disruption and reputational harm
B.Automatic ISO 27001 certification
C.Elimination of the need for business continuity planning
D.Guaranteed increase in customer loyalty
Explanation: Syllabus 1.2(c) highlights consequences of not undertaking IRM: greater chance of compromise and organisational damage. Skipping IRM does not create certifications or remove continuity needs.
6In information security fundamentals, what does the CIA triad stand for?
A.Classification, Identification, Authentication
B.Confidentiality, Integrity, Availability
C.Control, Inspection, Audit
D.Compliance, Investigation, Assurance
Explanation: Syllabus 2.1(a) lists confidentiality, integrity and availability (CIA) as core information security concepts that IRM seeks to protect.
7Which concept means that an action or transaction cannot later be denied by the party who performed it?
A.Aggregation
B.Availability
C.Non-repudiation
D.Proximity
Explanation: Syllabus 2.1(b) includes non-repudiation among extended security concepts alongside accountability, authenticity, privacy and related terms.
8How does information risk management differ from cyber security in PCIRM terminology?
A.IRM only applies to paper documents; cyber security only to cloud
B.Cyber security replaces the need for risk assessment
C.They are identical terms with no distinction
D.Cyber security focuses on protecting systems and networks from cyber threats; IRM is the broader process of managing risk to information assets using assessment and treatment
Explanation: Syllabus 2.1(c) requires candidates to distinguish information security, cyber security, information risk management and information assurance. IRM is the structured risk process; cyber security is a related but narrower protective discipline.
9Which international standard provides guidelines specifically for managing information security risks and is listed in the PCIRM syllabus?
A.ISO/IEC 27005
B.ISO 14001
C.ISO 22000
D.ISO 9001
Explanation: Syllabus 2.2 lists ISO 27005 among core IRM standards (alongside ISO Guide 73, ISO 27001, ISO 31000 and BS 31100). ISO 27005 guides information security risk management.
10What is the primary role of ISO 31000 in the PCIRM standards landscape?
A.It defines only software testing metrics for IT delivery projects
B.It provides general risk management principles and guidelines applicable across risk types
C.It lists Annex A information security controls only
D.It replaces all national data protection law
Explanation: Syllabus 2.2 includes ISO 31000:2018 as risk management guidelines. It is the general risk framework that information security risk practice (e.g. ISO 27005) specialises.

About the BCS PCIRM Exam

The BCS Practitioner Certificate in Information Risk Management (PCIRM) is a BCS practitioner qualification assessing scenario-based information risk management aligned to ISO 27001, ISO 27005 and ISO 31000 practice. Candidates apply IRM terminology, build programmes, classify information, run BIAs and threat/vulnerability assessments, analyse and evaluate risks, select treatments, monitor/review, and present business cases.

Questions

60 scored questions

Time Limit

90 minutes

Passing Score

39/60 (65%)

Exam Fee

£230 UK (incl. £35 remote proctoring; VAT extra) (BCS, The Chartered Institute for IT)

BCS PCIRM Exam Content Outline

5%

Concepts and Framework

Lifecycle of information, need for IRM, organisational context and benefits/consequences

10%

IRM Fundamentals

CIA, standards (ISO 27001/27005/31000), legal instruments, process and terminology

12%

Establishing an IRM Programme

PDCA, leadership, policy, appetite, scope and classification

21%

Risk Identification

Assets, BIA, threats/hazards, vulnerabilities and likelihood

21%

Risk Assessment

Analysis methods, matrices, evaluation and risk registers

19%

Risk Treatment

Strategic options, tactical/operational controls and treatment plans

6%

Monitor and Review

Post-treatment monitoring, periodic review and status reporting

6%

Presenting Risks and Business Case

Risk reports and Board business cases

How to Pass the BCS PCIRM Exam

What You Need to Know

  • Passing score: 39/60 (65%)
  • Exam length: 60 questions
  • Time limit: 90 minutes
  • Exam fee: £230 UK (incl. £35 remote proctoring; VAT extra)

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

BCS PCIRM Study Tips from Top Performers

1Download BCS syllabus v7.1 and memorise the eight area weightings—spend most practice time on identification, assessment and treatment
2Drill BIA vocabulary: direct/indirect, primary/secondary, worst-case, cost of failure, and CIA-framed interruption costs
3Know the four strategic treatment options and the procedural/physical/technical operational control split
4Practise reading scenario stems carefully—official items are scenario-based with mixed response types
5Be able to explain risk appetite vs tolerance vs acceptance criteria and how evaluation uses them
6Prepare a mental checklist for Board papers: risks, severity, treatments, cost/time, residual risk, decision asked

Frequently Asked Questions

What is the BCS PCIRM exam format?

PCIRM is a supervised, closed-book, scenario-based online exam lasting 90 minutes. It uses mixed objective question types including multiple choice, multiple response and matching. The pass mark is 39 out of 60 (65%), and delivery is digital only via BCS.

How much does the BCS PCIRM exam cost?

BCS lists the UK exam price at £230, inclusive of a £35 remote proctoring fee, with VAT applied at purchase. International pricing may vary. Accredited training courses charge separately and often bundle the exam.

What topics carry the most weight on PCIRM?

Per BCS syllabus v7.1 (July 2022), risk identification and risk assessment are each 21% of the exam, risk treatment is 19%, establishing an IRM programme is 12%, and fundamentals are 10%. Concepts/framework, monitor/review, and presenting risks/business case are 5–6% each.

Are there prerequisites for PCIRM?

BCS states there are no formal entry requirements, though candidates need a good standard of written English and benefit from information assurance awareness. An accredited training course is recommended but self-study candidates can book the exam with BCS.

Which standards does PCIRM emphasise?

The syllabus centres on information risk management practice using international standards including ISO Guide 73, ISO 27001, ISO 27005, ISO 31000 and BS 31100, plus awareness of UK instruments such as data protection/UK GDPR, Freedom of Information, Official Secrets and PCI DSS where relevant.

Is PCIRM open book?

No. BCS specifies a closed-book exam: no materials may be taken into the examination. Reasonable adjustments (including additional time) can be requested under the BCS accessibility policy.