Maintaining CISM Certification: Continuing Professional Education (CPE) Requirements


In the fast-paced world of information security, staying updated and relevant is crucial for professionals seeking to maintain their certifications. One such certification is the Certified Information Security Manager (CISM), offered by ISACA (Information Systems Audit and Control Association). Obtaining the CISM certification is a significant accomplishment, but the journey doesn’t end there. To retain the CISM designation, professionals must fulfill Continuing Professional Education (CPE) requirements. In this blog post, we will explore the importance of CPE, the CISM certification, and how to fulfill the CPE requirements to maintain your CISM certification.

Understanding the CISM Certification:

The Certified Information Security Manager (CISM) certification is globally recognized and validates an individual’s expertise in managing, designing, and assessing an enterprise’s information security program. It demonstrates proficiency in critical areas such as information security governance, risk management, incident management, and program development and management. The CISM certification is highly regarded by employers and peers alike, emphasizing an individual’s commitment to the field of information security.

The Significance of Continuing Professional Education (CPE):

Continuing Professional Education (CPE) is a crucial aspect of maintaining professional certifications, including CISM. The field of information security is dynamic, with new threats, technologies, and regulations emerging regularly. CPE ensures that certified professionals stay current with industry trends, acquire new skills, and enhance their knowledge to address evolving challenges effectively.

CPE Requirements for CISM Certification:

To maintain their CISM certification, professionals must accumulate a specified number of CPE hours over a three-year reporting period. ISACA requires a minimum of 120 CPE hours, with at least 20 hours earned annually. Additionally, a minimum of 35 CPE hours must be obtained in the field of Information Security Management, and at least 20 CPE hours must be earned in each of the four CISM domains: Information Security Governance, Risk Management, Information Security Program Development and Management, and Incident Management and Response.

Fulfilling CPE Requirements:

a. Training and Courses: Participate in relevant training programs, webinars, workshops, or conferences offered by industry associations, educational institutions, or reputable training providers. These events cover various topics such as risk management, cybersecurity frameworks, regulatory compliance, and emerging technologies.

b. Professional Development: Engage in activities that contribute to professional growth, such as publishing articles, presenting at conferences, participating in professional associations, mentoring, or volunteering in information security-related initiatives. These activities not only enhance your knowledge but also provide networking opportunities.

c. Self-Study and Research: Devote time to self-study, research, and staying informed about industry publications, white papers, security blogs, and journals. This self-directed learning helps you stay updated on the latest trends, best practices, and emerging threats.

d. Vendor Certifications: Earning certifications from technology vendors can be an effective way to gain CPE hours. Many vendors offer courses and exams related to their products or services, covering topics such as cloud security, network security, or secure software development.

Reporting CPE Activities:

ISACA provides a user-friendly online platform, MyISACA, where certified professionals can record and track their CPE activities. The platform allows you to document the date, activity description, CPE hours earned, and supporting documentation. It’s essential to maintain accurate records to ensure a smooth certification renewal process.


Maintaining the CISM certification is an ongoing commitment to professional growth and excellence in the field of information security management. Continuing Professional Education (CPE) ensures that CISM-certified professionals stay up to date with industry developments, acquire new skills, and enhance their knowledge.Sprintzeal  By fulfilling the CPE requirements through various activities, including training, professional development, self-study, and research, individuals can maintain their CISM certification and demonstrate their continued dedication to the field. Embracing a proactive approach to CPE will not only enhance your professional capabilities but also contribute to the overall advancement of the information security industry.