CPE

Maintaining Your Credentials in Good Standing

At (ISC)2®, we’re committed to helping information security professionals further their
education in all areas of their profession. Once you have successfully earned an (ISC)2
credential, continuing education is required to ensure your certification is in good standing.

In order to maintain an (ISC)2 credential, it is required that all members accrue Continuing
Professional Education (CPE) credits on an annual basis. The amount of CPEs necessary is
predicated by the type of credential held.

CREDENTIAL GROUP A GROUP B TOTAL

CISSP® 80 40 120
ISSAP® During your subsequent full 3-year certification periods for
ISSEP® these concentrations, 20 of the 120 CPEs already required for
ISSMP® the underlying CISSP certificate must be in the specific area of
concentration. For example, if a CISSP took the ISSEP
concentration examination and passed, he/she would be required
to submit at least 20 of the total 120 hours required to submit
for the CISSP certificate to be in the specific area of engineering.
CAP® 40 20 60
SSCP® 40 20 60

CISSP certification is maintained for three years when 120 CPEs are accrued,
however a minimum of 20 credits must be achieved in each of the three
years. This ensures that a CISSP stays current with new information security
practices and technologies.

CPE credits are earned through activities related to the information security
profession including, but not limited to, the following:

• Attending educational courses or seminars

• Attending security conferences
• Being a member of an association chapter
and attending meetings
• Serving on the board for a professional
security organization
• Volunteering for a government, public sector and
other charitable organizations, including (ISC)2
volunteer committees
• Completing higher academic courses
CPE

• Providing security training

• Publishing security articles or books
• Participating in self-study courses, computer-based training or Web casts
• Reading an information security book or subscribing to an information security magazine
For activities not shown but you believe qualify should be submitted for review by the Recertification
Committee for validity.

Each of these activities is represented by a different number of credits, for instance one CPE credit is
accrued for each hour a member spends at a relevant course or seminar.
You will notice the use of the terms Group A and Group B CPEs, and the requirement for the collection of
each type. The topic of the activity determines the relevant group and typically they may be as shown below.

Direct Information Systems Professional Skills Activities

Security Activities {GROUP B Credits}
{GROUP A Credits}
Access Control Organizational Behavior
Application Security Strategic Planning
Business Continuity and Disaster Recovery Planning Programming Languages & Techniques
Cryptography Tools and Techniques
Information Security and Risk Management Interpersonal Communications Skills
Legal, Regulations, Compliance and Investigations Interviewing Techniques
Operations Security Team Development Skills
Physical (Environmental) Security Project Management Skills
Security Architecture and Design
Telecommunications and Network Security

CPEs are awarded for activities over and above your normal job requirements or experience. For
instance time spent preparing an information security presentation for a community organization
would qualify for Group A CPEs. The equivalent amount of time spent preparing for preparing a
client or commercial presentation would not qualify.

Searching for CPE Activities?

If you or your employer have limited budgets for conference registration fees or courses, consider these
less expensive, or free in some instances, options for obtaining Continuing Professional Education (CPE)
credits.

Attend the (ISC)2® Secure Leadership Series

In cities throughout the world, and now online with our new (ISC)2 e-Symposia, (ISC)2 members
can participate for free and earn valuable CPEs. Watch your email for details or check out the
events page on our website at www.isc2.org/events.
Participate in Webinars, Seminars, Podcasts
Search the Internet for free Webinars, Podcasts or seminars focusing on information
security methodology, technology or practices offered by industry publications, security
organizations and other vendors. IP Events offer substantive, complimentary “virtual
conferences”, for example. For more information, go to www.satoevents.com.

Take a Self-Study or Computer-Based Training Course

Search the Internet for free self-study or computer-based training courses, etc. on
information security methodology, technology or practices offered by hardware/software
sellers and other vendors carrying security-related products.

Attend a Vendor Presentation

The presentation must have an educational aspect with regard to information security
methodology, technology or practice (“pure sales” presentations are not considered CPE activities).

Be an Education Volunteer
Call your local police, schools and non-profits and ask about volunteer opportunities to educate
the public about security. CPEs are awarded for the initial preparation of a presentation.

Take Advantage of Speaking Opportunities

Join local business clubs, chambers of commerce, Rotary Club, the Toastmasters organization, etc.
and take advantage of speaking opportunities to educate small business owners and others about
information security.

Volunteer to Audit/Maintain a Network

Call on charitable organizations and volunteer to audit or maintain their networks, improve their
network security, help with other IT security issues, etc.

Read a Book/Write a Review (CISSPs and SSCPs only)

Stop by your local library to check out and read a book on information security. Submit a
book review on a recent information security book you’ve read. You’ll receive CPEs if the
review is accepted and posted on the (ISC)2 Website. To find existing book reviews, visit
(ISC)2’s Member Website.

Write Test Questions for an (ISC)2® Examination - Item Writing

(appropriate credential holders)
Volunteer with (ISC)2 to write test questions for any (ISC)2 examination. Read more about item
writing. Sign up now to help write test questions on (ISC)2’s Member Website.

Proctor (ISC)2 Exams

Volunteer with (ISC)2 to proctor examinations locally. Sign up now to be a volunteer on (ISC)2’s
Member Website.

www.isc2.org
 Join a Professional Information Security Organization
Join and actively participate in a professional information security organization.
Attendance and board service can earn you CPEs. An added bonus: some of these
organizations also offer free information security courses or opportunities to
participate in speaking or training engagements.

Once you have completed your activity, you should submit an online form. Unless otherwise
stated CPE records are updated regularly. You do not need to submit proof of the CPEs at
this stage, but make sure you keep course transcripts, receipts, certificates or other documents
for 12 months after you see the CPEs appear on your record. Some events are presented
by a CPE Provider/Submitter who will submit on your behalf.

Check your CPE record frequently to ensure you are receiving the correct credits, but just in case
we will send you a transcript annually, on the anniversary of your certification, with a summary of
activities for the current certification cycle.

To make it easier to track your CPEs, new features are being added to our member site.
This means that your profile is automatically linked to our database, Microsoft CRM4M, and
you will always know the status of your membership.

For more information on CPEs, visit www.isc2.org/cpe.

(ISC)2 is the premier not-for-profit organization dedicated to certifying information security professionals around the world.
With tens of thousands of credentialed specialists worldwide, (ISC)2 is dedicated to helping both the certified individual
and their organization be successful in the information security industry. Indeed, our credentials are considered the Gold
Standard in information security. So (ISC)2 is the logical first contact for anyone serious about protecting information
assets at an unsurpassed level of excellence. CPE000.0
(02/08)