Introduction
In the fast-changing field of cybersecurity, ongoing education and awareness are key. Staying updated helps professionals improve their skills and strategies to tackle new challenges. Continuous learning supports personal growth and strengthens organizations against emerging threats.
The International Information System Security Certification Consortium (ISC2) is a leading organization for information security certifications. It requires certified members to keep their credentials by earning Continuing Professional Education (CPE) credits. These credits help professionals stay skilled, informed, and up to date with industry changes, threats, and best practices.
If you are holding an ISC2 certification (e.g., CISSP, CCSP, SSCP, or an Associate of ISC2), it is important to understand CPEs, how they work, and the best ways to earn them. This knowledge helps you keep your certification active and your skills sharp.
What is ISC2 CPE?
CPE stands for Continuing Professional Education. It is a system used by ISC2 to help cybersecurity professionals stay current, improve their skills, and keep their certifications.
Who needs it?
All ISC2 certification holders, must earn a set number of CPE credits every three years to maintain their certifications. ISC2 associates and those with the CC credential also need CPE credits, but their requirements are different.
Credit structure
- Group A (Domain-related): Activities directly linked to the certification domains (e.g., webinars, technical training, whitepapers, conferences).
- Group B (Professional development): General professional skills (e.g., leadership training, communications, non-security education). Group B are not required for CC or Associate of ISC2
How many credits?
- For certifications like CISSP, the requirement is 120 CPE credits over three years, with a suggested pace of 40 per year.
- Associates need 15 CPE credits annually.
How to Earn and Submit CPE Credits
Earning CPEs
ISC2 offers a wide array of official activities that count toward CPE credits:
- ISC2 Learning Resources (auto awarded):
- Certificates, express courses, training courses, Security Congress, webinars, quizzes, and more – each providing credits based on duration or complexity.
- Other eligible activities
- Third-party webinars (e.g., via Bright TALK), LinkedIn Learning courses, reading books or whitepapers, presenting or writing articles, volunteering, research, and unique work projects – all can earn credits with appropriate documentation.
- Credit calculation
- Typically, 1 CPE per hour of activity. You can report in increments of 0.25, up to a maximum of 40 CPEs per activity entry, unless otherwise specified.
Submitting and Tracking CPEs
- ISC2 CPE Portal
You must log into your member account and access the CPE Portal (typically through cpe.isc2.org) to review and submit your activities. - Auto-submission benefits
Most ISC2 organized activities are submitted automatically, generally within a week to a month, especially if you’re within your active cycle or 90-day grace period. Otherwise, manual submission is required. - Supporting documentation
Always keep proof – certificates, transcripts, attendance confirmations, or summaries for audits. These helps verify your credit submissions.
Tips & Best Practices
- Stay consistent
Aim for a steady pace – e.g., 3 hours/month to avoid a last-minute rush. - Plan and submit early
Autocomplete submissions may lag; submitting as you go avoids delays and audit complications. - Use tracking tools
Maintain spreadsheets or logs of their CPE activities – complete with dates, descriptions, hours, and documentation. - Leverage ISC2 resources
Participate in ISC2 webinars, quizzes, events, and more to earn credits efficiently and often automatically.
Ajith Nair (LinkedIn)
CISSP, CISA, IS27001 LA, Microsoft Cybersecurity Architect Expert
Senior Manager – Technology Consulting
Protiviti Canada
References