ISC2 Certification Maintenance Handbook

Ceriication

Maintenance

Handbook

Contents

How to Use the ISC2 Ceriication Maintenance Handbook ............................................... 3

Customer service ............................................................................................................. 3

How to keep your ceriication and membership in good standing ................................... 4

CPE Requirements ................................................................................................................. 5

CPE requirements per ceriication ................................................................................ 5

Group A and Group B CPE credits .................................................................................. 6

Group A credits: domain-related activities ............................................................... 6

Group B credits: professional development .............................................................. 6

Calculating CPE credits ................................................................................................... 7

How to maintain multiple credentials ............................................................................. 7

Auditing of CPE credits .................................................................................................... 7

Recordkeeping ................................................................................................................. 8

Appeals Process................................................................................................................ 8

Rollover CPE credits ......................................................................................................... 8

Grace period ..................................................................................................................... 8

Failure to meet requirements ......................................................................................... 9

CPE categories ....................................................................................................................... 10

Contributions to the Profession (Group A) .................................................................... 10

Education (Group A) ........................................................................................................ 12

Professional Development (Group B) ............................................................................. 13

Unique work experience (Group A) ................................................................................ 13

ISC2 CPE Activities ........................................................................................................... 14

CPE credits for ISC2 webinars on BrightTalk ................................................................. 16

Approved CPE parners ......................................................................................................... 16

Customer service

For information or assistance regarding your ISC2 membership, beneits, CPE poral, AMFs (Annual

Maintenance Fee), proile changes or event suppor, please contact us by phone, email or using our live

chat function (during business hours).

Overview & how to use the ISC2

Ceriication Maintenance Handbook

Thank you for being an ISC2 member.

This handbook provides you with information on the requirements, policies and procedures related

to maintaining your ceriication or Associate of ISC2 status. All ceriication holders and associate

designees are required to comply with the policies and guidelines.

This handbook also includes an overview of the professional development activities and resources

developed by ISC2 to suppor your continuing education and development journey to maintain your

credentials.

In order to maintain ceriication and membership status, as a Member or Associate of ISC2, you must earn

CPE credits as well as pay an Annual Maintenance Fee (AMF). Both requirements ensure you remain in good

standing.

As a member holding one or more of the following ceriications: ISSAP, ISSEP, ISSMP, CISSP, CCSP, SSCP,

CGRC, and/or CSSLP you are required to pay an AMF of U.S. $135, due on the irst anniversary date of your

membership cycle and the same date each year thereaer. You will only pay a single AMF, regardless of

how many ISC2 ceriications you hold.

Members that only hold the CC ceriication and Associates of ISC2 are required to pay an AMF of U.S. $50,

due on the irst anniversary date of the cycle and the same date each year thereaer. If you are an associate

and have met all experience requirements for full ceriication and membership, you will be required to pay

an upgrade fee of U.S. $85 upon completing the endorsement process. Your AMF for subsequent years of

membership will be U.S. $135. The same upgrade fee applies to CC holders who earn an additional ISC2

ceriication.

At the end of the three-year certication cycle, when the CPE credit and AMF payment requirements

are met, members will be automatically recertied for a new cycle, requiring no additional action.

At the end of the one-year associate cycle, when both CPE credits and AMF payment requirements

are met, Associate of ISC2 designation will be renewed automatically to a new one-year cycle.

How to keep your ceriication and

membership in good standing

As a member, ISC2 ceriication schemes require you to earn Continuing Professional Education (CPE)

credits during your three-year ceriication cycle and submit the CPE credits via the CPE poral. ISC2 has

a suggested annual minimum to help balance maintaining your ceriication, however, there is no annual

requirement unless you hold the associate status.

CPE requirements

Requirements per ceriication

*If you hold a CISSP and an ISSMP, ISSEP or ISSAP, 20 CPE credits of the total number of Group A CPE

credits required in the CISSP three-year cycle must be directly related to the ISSMP/ISSEP/ISSAP. If

you hold more than one of these ceriications, you must earn 20 CPE credits in each of them. CPE

requirements for ISSMP, ISSEP and ISSAP are automatically counted toward the CISSP CPE requirement.

Ceriication/

Designation

Type

Suggested

annual minimum

3-year total

Group A

Group A or B

Total

Group A

Group A or B

Total

Group A

Group A or B

Total

Group A

Group A or B

Total

Group A

Group A or B

Total

Group A

120

140

*With CISSP

Without CISSP

Group A and Group B CPE credits

Group A credits: domain-related activities

Group A credits relate directly to activities in the areas covered by the speciic domains of the

ceriication(s) you hold.

Examples include:

• Taking a course from ISC2 such as Skill-Builders, Ceriicate learning or Ceriication training

• Reading a cybersecurity white paper

• Publishing an aricle on cybersecurity

• Attending ISC2 Security Congress

• Preparing for a presentation or teaching information related to cybersecurity

This does not apply to instructors teaching ISC2 Oicial Training Courses

• Perorming a unique work-related project that is not a par of your normal work duties

• Self-study related to research for a project or preparing for a ceriication examination

• Volunteering for security-related activities within government, the public sector and other

charitable organizations

• Taking a higher education course in cybersecurity (or related ield)

Group B credits: professional development

Group B credits are earned for completion of general professional development activities that enhance

your overall professional skills, education, knowledge or competency outside the domains associated

with your respective ceriication(s). This can include programs such as professional speaking or general

management courses. While these do not apply directly to the domains, ISC2 recognizes that these skills

are vital in the growth of all professionals.

Please note, Group B CPE credits are not applicable to Associates of ISC2 and CC ceriication holders.

Examples include:

• Attending non-security events, such as leadership conferences

• Paricipating in non-security education courses such as emotional intelligence training

• Preparing for non-security presentations, lectures or trainings

• Non-security government, private sector, or charitable organization committees

• Volunteer activities such as committee service, item writing, community projects, and educating

others about cybersecurity.

Calculating CPE credits

Typically, you will earn one CPE credit per hour of time spent on an activity. You can repor CPE credits in 0.25,

0.50 and 0.75 credit increments. However, some activities are worh more credits due to the depth of study

or level of ongoing commitment involved. CPE credits are not earned for normal on-the-job activities, where

income has been earned. The maximum a member or associate can claim for a single activity is 40 CPE credits.

If the CPE activity occurred over multiple days, the end date is used to determine eligibility for the ceriication

cycle. For example, if the activity stared on 1 November 2023 and ended on 5 December 2023, the CPE credit

can be applied to any cycle that was active on 5 December 2023.

How to maintain multiple credentials

If you hold more than one ISC2 credential, the Group A CPE credits you submit will automatically be counted

toward all your active credentials with a relevant domain as of the completion date.

If an activity does not relate to your other credentials as a domain-related activity, choosing “None of the

Above” in the CPE poral applies Group B credits to your record.

CPE credits added to your account by ISC2 will automatically apply to all your ceriications within their active

cycle. Note, this does not apply to ceriications in grace period.

The same activity should not be entered into the CPE poral more than once.

Auditing of CPE credits

ISC2 perorms random audits of submitted CPE activities by members and associates. This is an imporant

process that upholds the integrity of ISC2 credentials and ensures compliance with ISO accreditation

standards.

If you are selected for an audit, you will receive an email with instructions about the necessary documentation

to suppor the activities, unless you already provided these during the submission process. You will need to

provide proof of attendance or a brief description of the activity in question, if you have not already. To maintain

ceriication members must respond to audit requests and provide the required information within 90 days.

Please contact the Customer Service team with any questions.

Recordkeeping

As a best practice for the submission process, we recommend providing proof of your CPE activities through the

Supporing Documentation section in the CPE poral.

Proof of CPE credits earned may be in the form of course transcripts, awarded diplomas, ceriicates or receipts

of attendance, research/prep notes for speaking or teaching, copies of oicial meeting minutes, or rosters/

documentation of registration materials.

For book and/or magazine CPE credits, please retain “proof of possession,” such as the book or magazine, sales

receipt, invoice or library record. At a minimum, the proof should include the title and, if a book, the author and

ISBN number; or, if a magazine, the publisher.

It is advisable to retain documentation and beneicial to keep proof of credits earned for at least 12 months

beyond the expiration of your current ceriication cycle in the event of an audit.

Appeals process

In the event that your CPE activity submission is denied, you have the right to appeal that decision within

90 days of the denial. Please ill out a contact form with the rationale of your appeal, along with any relevant

documentation to be considered. Your appeal will be reviewed and appropriately resolved.

Rollover CPE credits

CPE rollover credits are limited to the number of recommended annual CPE credits each year for the credential.

Only Group A CPE credits can be rolled over, and they must be earned within the last six months of the three-

year ceriication cycle, in excess of the required CPE credits for that ceriication. For example, a CISSP may roll

over up to 40 Group A CPE credits (in excess of the required 120 CPE credits) if they were earned within the inal

six months of the previous three-year ceriication cycle. These CPE credits will roll over automatically and will be

eligible to satisfy the annual recommended CPE credits for the irst year of the next ceriication cycle.

Grace period

When you reach the end date of your ceriication or associate cycle, if you have not met your CPE credit

requirements, you will be provided with a 90-day grace period to complete the submission of all CPE credits You

can both earn and submit CPE credits during these 90 days.

Failure to meet requirements

Failure to meet the CPE requirements within 90 days following the end of your three-year (or one-year for

associates) cycle will result in suspension of your ceriication/designation. While your status is suspended,

you are not permitted to claim the ceriication, your digital badge is disabled, and your details are no longer

available within the online Member Veriication tool.

ISC2 will notify you by email to inform you that your ceriication/designation has been suspended. If you feel

you are in jeopardy of failing to meet ceriication renewal requirements by the deadline, contact Customer

Service.

Suspension status may be maintained for up to two consecutive years. Aer two years, your ceriication

and membership status will be terminated, and all membership rights will be revoked. Terminated ceriied

members who seek reinstatement will be required to submit at least 5 CPE credits for each domain of the

ceriication being reinstated, along with 40 CPE credits in their primary domain of practice and a total of 120

CPE credits. CPE activities for terminated member reinstatement must be obtained with a 12-month period.

Terminated associates may only be reinstated through re-examination. Terminated ceriied members may

alternately seek reinstatement through re-examination.

As a member or associate, you have the right to ile an appeal if your ceriication is suspended and/or

terminated by contacting our Customer Service.

CPE credits can be earned through various learning activities and submitted in the CPE poral within the

following categories.

Contributions to the profession (Group A)

Activities related to creating new content in topics related to the domains of your credential.

• Qualifying activities as listed in the CPE poral:

• Board services for a professional security organization

• Exam development subject matter exper

• Government/private and public sector/charitable organization committees

• Paricipation in security standards development for a recognized committee

• Preparation for presentation/lecture/training

• Preparation for webinar, podcast, conference presentation

• Preparing new or updating existing training seminar or classroom material

• Serving as a subject matter exper for a panel discussion

• Writing, researching, publishing

For a list of CPE-earning activities available from ISC2 in the “Contributions to the profession” category,

see page 14.

CPE categories

Supporing documentation accepted in the event of an audit: copies of publications, research/prep notes

for speaking or teaching, sample educational materials or course agenda. Letter or ceriicate from the

organization served or meeting minutes that indicate paricipation.

Activity

Book - author

Book - co-author

Book - editor

Book - chapter only - author

Book - chapter only - co-author

Book - chapter only - editor

Aricle - author

Aricle - co-author

Aricle - editor

Professional blog - author

Professional blog - co-author

Professional blog - editor

White paper - author

White paper - co-author

White paper - editor

Preparing training: one day course

Preparing training: two-day course

Preparing training: ive- to seven- day courses

Preparing existing training: semester (12 or more weeks)

Max CPE credits

40 per book

20 per book

10 per book

20 per chapter

10 per chapter

5 per chapter

20 per aricle

10 per aricle

5 per aricle

10 per blog

5 per blog

2 per blog

10 per white paper

5 per white paper

2 per white paper

2 per training

5 per training

10 per training

20 per training

Maximum number of CPE credits apply to the following activities:

Education (Group A)

Activities related to consuming educational content where the topics are aligned with the domain(s)

of your credential.

Qualifying activities as listed in the CPE poral:

• Book, magazine, whitepaper

• Courses and seminars - other

• Higher education course

• Industry conference

• Information security professional association chapter meeting

• ISC2 ceriication course

• ISC2 continuing education course

• Online webinars, podcasts and other online materials

• Vendor presentation

For a list of CPE-earning activities available from ISC2 in the “Education” category, see page 14.

Activity

Self-directed learning: books

Self-directed learning: magazines

Self-directed learning: white papers

Max CPE credits

5 per book

5 per magazine

1 per paper

Supporing documentation accepted in the event of an audit: course transcripts, awarded diplomas,

ceriicates or receipts of attendance, copies of oicial meeting minutes, or rosters/documentation of

registration materials.

If you do not have the proof of completion as listed above, please provide a brief description of no more than

250 words about what you learned and a ceriicate or letter of attendance.

Maximum number of CPE credits apply to the following activities:

Professional Development (Group B)

Activities related to enhancing professional skills, including management, interpersonal communication,

project planning, team building, etc. These activities need not be directly related to cybersecurity or a

domain within your credential.

• Chapter formation or management

• Non-security education courses, seminars

• Non-security industry conference and events

• Non-security organizations/committees

• Preparation for non-security presentation/lecture/training

Maximum number of CPE credits per entry may not exceed 40.

Supporing documentation accepted in the event of an audit: letter, ceriicate, or other documentation

from the organization served.

Note: associates and members holding only the CC ceriication are not required to earn

Group B CPE credits.

Unique work experience (Group A)

As an associate or member, you can earn Group A CPE credits for activities perormed during your

regular working hours when you are engaged in unique projects, assignments, activities or exercises.

The unique project, assignment, activity or exercise must fall outside your normal (or day-to-day) job

responsibilities or job description.

Maximum number of CPE credits per entry may not exceed 10.

Supporing documentation accepted in the event of an audit: proof of unique project or a brief

description of no more than 250 words summarizing the project or activity.

ISC2 CPE Activities

The below resources, learning programs and engagement opporunities have been developed by ISC2

with your continuing professional development in mind. CPE credits for most of these activities are

auto-submitted to your member account and are audit-exempt*.

ISC2 Activities Group

Ceriicates

Skill-Builders

Security Congress

Secure Events

Spotlight Events

Webinars

Security brieings-APAC

Security brieings - Norh America

Security brieings - EMEA

Knowledge Vault

Think Tank webinars

Membership channel

Oicial online ceriication training

CPE parner events/courses

News and Insights online publication

Quiz

Content development

Chapter meetings

Exam development

Volunteering - Awards

Chapter Recognition Awards Review

Committee

Global Achievement Awards

Committee

2-8 per ceriicate

0.5-2 per learning program

1 per hour

1 per 45-60 minutes

40 per training

1 per hour

2 per quiz

1 per hour

Education

Contribution to Profession

A/B

CPE Category

Number of CPEs

ISC2 Activities Group

Volunteering - global events

Event planning committees

Event speaker

Volunteering - Knowledge Sharing

& Content

Blog contributor

Education subject matter exper

Volunteering - Leadership

Board of Directors

Chapter Advisory Committee

Chapter Leadership

Volunteering - Center for Cyber Safety

& Education

Board of Trustees

Content development

Cybersecurity Health Check volunteer

Safe and Secure Online

volunteer educator

Safe and Secure Online translator

Scholarship review panellist

1 per hour

40 per year

1 per hour

2-10 total

Contribution to Profession

CPE Category

Number of CPEs

*To enable accurate recording of auto-submitted CPE credits, it is essential that you enter

your member ID on the relevant registration forms or platforms where the CPE activity occurs

(e.g BrightTALK, Secure Event). If you are unable to add your member ID, you will need to

submit the CPE credits and attach the necessary supporing documentation as proof.

Approved CPE parners

CPE credits for ISC2 webinars on BrightTALK

To ensure proper accreditation of your CPE credits for ISC2 webinars on BrightTALK, it’s essential to include

your ISC2 member ID during your initial registration for the irst webinar in any ISC2 BrightTALK channel.

In the event that your member ID is not added to the channel hosting the webinar, but you want your activity to

be automatically submitted for CPE credit, please follow these steps:

• Delete your existing BrightTALK account

• Create a new account, and

• Ensure you add your member ID during the registration process

Alternatively, you have the option to retain your original BrightTALK account. In this case, you can personally

submit the CPE credits by attaching the viewing ceriicate available for download in the viewing history

section of your BrightTALK account.

ISC2 parners with leading security organizations and technology innovators to help members on

their path of professional development while earning CPE credits.

CPE credits earned through an approved CPE parner (or third-pary submitter) are submitted to

ISC2 on members’ behalf. As a member or associate, you must provide your ISC2 member ID to the

approved third-pary CPE parners. If CPE credits are not posted within six weeks of the activity date,

please contact the approved CPE parner directly. It is your responsibility as a member or associate

to review their CPE credit records for accuracy, including duplicate or missing entries. For a list of

parners authorized to submit CPE credits on behalf of members and associates, please visit

ISC2.org/members/cpe-parners.

Ready to submit CPE credits: log in to the CPE poral.

Safe and secure cyber world

ISC2.org