GUIDELINES FOR SUBMITING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

Transcription

1 GUIDELINES FOR SUBMITING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS (ISC) 2 CISSP Recertification Guidelines Page 1 of 14

2 CONTENTS Introduction... 3 CPE Record Keeping... 4 CPE Credit Requirements... 5 Direct IS Security Activities [Group A Credits]... 5 Professional Skills Activities [Group B Credits]... 5 Professional Development... 5 Qualifying Activities... 6 How CPE Credits are Calculated... 8 Educational Courses and Seminars... 8 Conferences... 8 Professional Association Chapter Meetings... 8 Vendor Presentations... 8 Attending A Higher Academic Course... 8 Providing Security Training... 8 Published a Security Article or Book... 9 Board Service For A Security Professional Organization... 9 Self-Study, Computer-Based Training [CBT], Web Casts... 9 Read Information Security Book... 9 Review Information Security Book Magazine Subscription Government/Public Sector Volunteer Work Submission of CPE Credits CPE Record-Keeping and Audits Reporting of CPE Activity Additional Information (ISC) 2 CISSP Recertification Guidelines Page 2 of 14

3 INTRODUCTION CISSPs are required to earn and submit a minimum of 120 CPE credits during each three-year recertification cycle. Excess CPEs earned during the final 6 months of your cycle can be carried over to your next recertification period. CPEs earned through a Trusted CPE Provider will be automatically submitted on your behalf, if you provided your Constituent ID # during registration. CPE s earned from a Trusted CPE Provider are typically exempt from audit. However, in keeping with good security practice, you are encouraged to maintain an audit trail of your earned CPEs for your personal records. Trusted CPE Providers Use the following online form to submit CPE credits for your (ISC)² credential. Please submit one activity at a time. Combining multiple activities on a submission may result in errors in submission. CPE Submission Form (ISC) 2 CISSP Recertification Guidelines Page 3 of 14

4 CPE RECORD KEEPING Please do not send (ISC)² verification of your earned CPEs. However, please retain verification of those CPEs for at least 12 months after your previous certification cycle expires, in the event of an audit. (ISC)² performs audits as required to verify the authenticity of claimed CPE credits. (ISC)² may ask for sufficient evidence of your CPE credits at any time. (ISC) 2 CISSP Recertification Guidelines Page 4 of 14

5 CPE CREDIT REQUIREMENTS The requirement of Continuing Professional Education (CPE) credits help ensure that CISSPs stay current in our rapidly evolving industry and maintain their breadth of knowledge. To maintain CISSP certification, a total of 120 CPEs are required every 3 years. Of these 120 CPEs, at least 80 must be directly related to the information systems security profession, while up to 40 may be drawn from other forms of professional skills development. These two types are described in more detail below: Direct IS Security Activities [Group A Credits] Group A credits are given for completion of activities which relate directly to the information systems security profession. Generally, this consists of work in the areas covered by the CBK. Professional Skills Activities [Group B Credits] Group B credits are given for completion of activities which enhance a CISSP s overall professional skills, education, knowledge or competency. These include professional development programs, such as professional speaking or management courses. While these do not apply directly to the field of information security, these skills are vital in the growth of all professionals, and (ISC)² recognizes their value to the CISSP. Professional Development While not a requirement, it is recommended that a constituent CISSP gain CPE s for recertification in at least 6 of the 10 domains. Adhering to this recommendation will help ensure that the CISSP's management capabilities grow and mature over time, in part through exposure to a broader range of topics. Please click on any of the following subjects to find out more about CPE credit requirements: Qualifying Activities How CPE Credits are Calculated Submission of CPE Credits CPE Record-Keeping and Audits Reporting of CPE Activity (ISC) 2 CISSP Recertification Guidelines Page 5 of 14

6 Qualifying Activities Continuing Professional Education credits are given for experience exceeding that of normal on-the-job training or experience. For instance, while time spent independently preparing an information security presentation for a community organization would qualify for Group A CPE credits, an equivalent amount of time spent on the job preparing a client presentation would NOT qualify. Typically, education qualifying for CPE credits will be gained outside the workplace. The following are some of the types of activities that qualify for continuing education in the two types of categories. These activities are not intended to be a complete listing, as many other events such as graduate work in an appropriate academic field, may also qualify. Each activity not previously awarded CPE credits will be reviewed by (ISC)² to determine if it should qualify. Direct IS Security Activities [Group A Credits] Professional Skills Activities [Group B Credits] Access control systems & methodology Telecommunications & network security Security management practices Applications & system development security Cryptology Security architecture and models Operations security Organizational behavior Strategic planning Programming languages & techniques Tools and techniques Interpersonal communications skills Interviewing techniques Team development skills Business continuity planning [BCP] Law, investigation and ethics Physical security (ISC) 2 CISSP Recertification Guidelines Page 6 of 14

7 Examples of work-related activities that do not qualify for CPE s include: preparing presentations for internal employees; writing for internal publications; providing internal consulting; work completed by consultants for clients; etc. When you submit credits online, the domain field you select will be used to determine Group A vs. Group B credits. Activity falling under one of the domains of the CBK will qualify as Group A credits. Activities that do not fall under one of the domains of the CBK qualify as Group B credits, without explicit authorization through (ISC)². (ISC) 2 CISSP Recertification Guidelines Page 7 of 14

8 How CPE Credits are Calculated CPE credits are weighted by activity. Below are common categories of activities and the amount of credits CISSPs earn for each. Activities not shown may still be submitted for CPE credit, but will be reviewed by the Recertification Committee for consideration and approval. Typically the CISSP will earn 1 CPE credit for each hour spent engaged in an educational activity. However, some activities are worth more CPEs, due to the depth of study or ongoing commitment involved. Educational Courses and Seminars CISSPs earn 1 CPE credit for each hour of attendance at a training course or educational seminar. Conferences CISSPs earn 1 CPE credit for each hour of attendance at a conference. Security conferences qualify as Group A CPEs. Other educational conferences qualify as Group B CPEs. Professional Association Chapter Meetings CISSPs earn 1 CPE credit for each hour of attendance at a professional association chapter meeting. Vendor Presentations CISSPs earn 1 CPE credit for each hour of attendance at a vendor meeting or presentation. Attending a Higher Academic Course CISSPs earn 1 CPE credit per hour spent in class. Credit will only be given on passing the course successfully. Providing Security Training CISSPs earn CPE credits for preparing courseware, lectures, or training material. The time spent preparing for each hour of presentation material is valued at 4 CPE credits (eg, a one hour presentation = 4 CPE s, a two hour presentation = 8 CPE s). CPEs are not granted for time spent presenting the course, lecture or training. (ISC) 2 CISSP Recertification Guidelines Page 8 of 14

9 Published a Security Article or Book CISSPs earn CPE credits for contributing original work to the professional corpus. First publication of a security-related article will earn the author(s) 10 CPE credits. Publication of a security-related book will earn 40 CPE credits. Board Service for a Professional Security Organization CISSPs can earn up to 40 CPE credits per year of service on the boards of professional security organizations. Credits will be granted based on the CISSPs level of contribution, as determined by the Board of the relevant organization. CPE credits will be given for those performing volunteer work on behalf of (ISC)², either serving as a Board member, committee member, item writing contributor, or other type of approved volunteer activity. The (ISC)² Board of Directors will determine the amount of CPE credits earned for such activity and will submit credits on behalf of the CISSP. Self-Study, Computer-Based Training [CBT], Web Casts Self-Study, Computer-Based Training [CBT] or Web Casts Credits can be earned by completing a self-study program, completing computer-based training, or Web Casts. Study material and validated documentation of completion, such as a certificate or diploma, must be retained for auditing purposes. Read Information Security Book Reading an information security text will be worth 5 CPE credits. Credit in this category will be limited to one text per year. Constituent should provide and retain "proof-of-possession" of the book by submitting the appropriate information in electronic form when completing the CPE submission form. This proof should include Title, Author, and ISBN number at minimum. If audited, CISSP should provide proof of possession, such as the actual book, a sales receipt, invoice, library record, etc. Completion of and submission of an original book review to (ISC)² will be worth an additional 5 CPE credits, and will constitute sufficient proof, even in the absence of other proof. (ISC) 2 CISSP Recertification Guidelines Page 9 of 14

10 Review Information Security Book Reviewing an information security book will be worth 5 CPE credits. Upon submission of a completed form to (ISC) 2, you will be awarded 5 CPE credits for a professional and accurate review, as determined by (ISC) 2. In exchange, you grant (ISC) 2 permission and license to post your review on their website and use it in any way they deem appropriate for distribution with proper attribution to you. Magazine Subscriptions Qualifying Security Magazine Subscriptions Constituents will receive 5 CPE credits per year for subscribing to a qualifying information security magazine. Click here to see a current list of qualifying list of magazines. The CPEs will be submitted by the Trusted CPE provider on behalf of the CISSP. Government, Public Sector, and other Charitable Organizations Volunteering CPE credits will be given for those performing information security volunteer work for Government, Public Sector, and other Charitable organizations. CISSPs earn 1 CPE credit for each hour of volunteer work. You must obtain and retain signed confirmation of the number of hours of volunteer work on the organization letterhead. (ISC) 2 CISSP Recertification Guidelines Page 10 of 14

11 Submission of CPE Credits There are two ways to submit CPE credits: Complete the Online Form CISSPs are required to have an active address and establish an online CISSP account to submit CPE credits in this manner. Paper submissions are no longer accepted. CPE credits must be submitted using the online form, found on the (ISC)² website ( CPE credits will be processed within a few business days after receipt. Have a Qualifying Organization (Trusted CPE Provider) Submit Credits on Your Behalf If you provide your Constituent ID # on registration with a Trusted CPE Provider, they will submit CPE credits on your behalf. Please do not resubmit CPE credits for such activities. However, it is your responsibility to confirm submission on a timely basis. It is not necessary to submit more than 120 CPE credits in any three year period. However, excess CPE credits earned in the last 6 months of your recertification cycle will be credited to the next three year cycle. (ISC) 2 CISSP Recertification Guidelines Page 11 of 14

12 CPE Record-Keeping and Audits CISSPs are not required to provide proof of CPE credits on submission. However, they should retain proof of CPE credits earned until 12 months after the cycle in which they were earned. The Recertification Committee can and does perform routine audits on a randomly selected basis to verify CPE credits earned. Proof of your CISSP CPE credits may be asked for at any time by (ISC)². Evidence of CPE credits earned may be in the form of transcripts of courses, diplomas awarded, certificates or receipts of attendance, copies of official meeting minutes or rosters [that include attendees names], or documentation of registration materials. (ISC) 2 CISSP Recertification Guidelines Page 12 of 14

13 Reporting of CPE Activity Daily Updates For the status of your CPE records and any updates made on a daily basis to those records, please log in to the CISSP Services page of the (ISC) 2 website using your ID and password. Annual Transcripts (ISC)² mails CISSPs transcripts annually, on the anniversary of certification. These transcripts provide a summary of CPE activity. (ISC) 2 CISSP Recertification Guidelines Page 13 of 14

14 Additional Information For additional information regarding Continuing Professional Education requirements or CPE credits, please contact CISSP Administration. (ISC) 2 CISSP Recertification Guidelines Page 14 of 14