Gain Comprehensive Insight for CISA CPE Requirements (2025)
The Certified Information Systems Auditor (CISA) certification is one of the highest credentials one can achieve in the fields of information technology and business systems, whether for auditing or control.
Being certified as a CISA is a prestigious deal, but maintaining the same is another. If you are CISA certified, then you are expected to maintain current knowledge and proficiency in information systems audit, control, and security, as required by ISACA, which makes it compulsory to opt for continuing ongoing education and training.
As per the “ISACA” CISA CPE guidelines, you need to attain 120 hours of Continuing Professional Education for a three-year reporting period in which a minimum of 20 hours of CPE has to be attained annually. These are the main CPE requirements that CISA should be aware of.
The annual maintenance fees and reporting of the CPE hours have to be done before 15th January each year.
The commencement of the annual reporting period occurs on the 1st of January every year. The duration of the certification period spans three years, with specific details provided on each annual invoice and in the confirmation letter verifying annual compliance.
There are various approved subjects for CISA CPE divided into five domains. While obtaining your CISA CPE hours, you need to make sure that your course provider aligns the content of the course with the below-given subject domains:
Information Systems Auditing Process
Governance and Management of IT
Information Systems Acquisition, Development & Implementation
Information Systems Operations and Business Resilience
Protection of Information Assets
Advanced certification courses are like in-depth study programs designed by experts to boost your skills and keep you up-to-date with the latest trends.
Here are some great reasons to consider these courses:
1. You earn extra qualifications and keep adding to your knowledge.
2. You gain specialized skills that can lead to better-paying jobs.
3. You learn through practical examples and real-life case studies.
4. You'll have hands-on assignments to help you learn better.
These courses make learning easy and enjoyable, giving you a solid understanding of the topic and helping you grow in your career.
You need to monitor and report the CPE hours within the specified categories below to ensure compliance with CISA requirements.
The CISA Certification Committee has approved the following categories of qualifying activities and associated limitations for Continuing Professional Education (CPE) credits:
ISACA Professional Education Activities and Meetings: No restriction on hours.
Non-ISACA Professional Education Activities and Meetings: No restriction on hours.
Self-study Courses: No restriction on hours.
Vendor Sales/Marketing Presentations: Limited to 10 hours annually.
Teaching/Lecturing/Presenting: No restriction on hours.
Publication of Articles, Monographs, and Books: No restriction on hours.
Exam Question Development and Review: No restriction on hours.
Passing Related Professional Examinations: No restriction on hours.
Working on ISACA Boards/Committees: Limited to 20 hours annually per ISACA certification.
Contributions to the IS Audit and Control Profession: Limited to 20 hours annually in total for all related activities for CISA-reported hours.
Mentoring: Limited to 10 hours annually.
Moreover, as Certified Information Systems Auditors (CISAs) you are also required to obtain and maintain documentation verifying completed Continuing Professional Education (CPE) activities, which should be retained for twelve months following the conclusion of each three-year reporting cycle.
This documentation, ranging from letters to certificates of completion or attendance rosters, serves as an independent attestation of completion.
Essential details such as attendee names, sponsoring organization names, activity titles, descriptions, dates, and earned or claimed CPE hours must be included in each record. By adhering to these documentation standards, CISAs ensure transparency and accountability in their ongoing professional development pursuits.
For every fifty (50) minutes of active participation (excluding lunch and breaks), one CPE (Continuing Professional Education) hour is accrued during qualifying ISACA and non-ISACA professional educational events and gatherings. CPE hours are attainable in quarter-hour segments and can be recorded accordingly (rounded to the nearest quarter-hour).
For instance, if a CISA (Certified Information Systems Auditor) attends an eight-hour session (480 minutes) with 90 minutes of breaks, they would earn seven (7.75) continuing professional education hours.
To fulfill ISACA CPE requirements efficiently, you can opt for either CISA CPE courses or an unlimited annual package offered by MYCPE ONE in which MYCPE ONE takes care of all your CISA certification CPE requirements and makes it a quite hassle-free experience for you to attain the CPE hours.
These packages encompass professional skill enhancement across diverse topics, tailored to meet the latest industry demands as well.
MYCPE ONE is endorsed by NASBA and specializes in delivering Continuing Professional Education (CPE) courses tailored for the certifications offered by ISACA. Unlike some organizations, ISACA does not mandate that its certification holders exclusively seek CPE from ISACA-approved providers.
MYCPE ONE’s primary commitment is to furnish high-quality continuing education content encompassing relevant subject matter areas. Authored and reviewed by industry specialists and subject matter experts, MYCPE ONE’s NASBA-approved CPE courses are meticulously designed to facilitate the attainment of CISA CPE Credits.
In conclusion, maintaining certification as a Certified Information Systems Auditor (CISA) necessitates a commitment to ongoing professional development, as outlined by the Continuous Professional Education (CPE) requirements. With a mandatory 120 hours of CPE over three years, including a minimum of 20 hours annually, CISA professionals must ensure their education aligns with approved subject areas spanning information systems auditing, governance, acquisition, operations, and information asset protection. Advanced certification courses offer a valuable avenue for earning CPE credits, providing opportunities for skill enhancement, and staying abreast of industry trends. Additionally, MYCPE ONE subscription offers a convenient solution for fulfilling CPE requirements, with NASBA-approved courses tailored for ISACA certifications. Failure to comply with CPE policies risks revocation of the CISA credential, underscoring the importance of ongoing professional development in maintaining this prestigious designation.
The annual maintenance fee for CISA members is $ 45 and for CISA non-members is $ 85.
CISAs can complete 100% of the total required CPE hours via self-study courses. MY-CPE provides courses that are eligible for CISA Credit hours.
CISAs who fail to comply with the CISA CPE Policy will have their CISA credential revoked and will no longer be allowed to present themselves as CISA. Individuals who have their CISA certification revoked will be required to take and pass the CISA exam and submit a completed application for CISA certification.
Retired CISA Status: Individuals holding the Certified Information Systems Auditor (CISA) designation are eligible to request retired CISA status under specific conditions. Those who are 55 years of age or older and have permanently retired from the CISA profession or are unable to fulfill the responsibilities of an IS audit, control, or security professional due to permanent disability can apply for this status. Retired CISAs are relieved from the obligation of obtaining Continuing Professional Education (CPE) hours. Non-Practicing CISA Status: CISAs who have transitioned away from working in the IS audit, control, or security profession can opt for non-practicing CISA status. To do so, they must submit their request by January 15th, along with their annual invoice, to ISACA. Holders of this status are exempt from acquiring CPE hours but are still required to pay the annual maintenance fee. Should they decide to reenter the profession, they must return to active status accordingly.
The author Imtiaz Munshi is a Certified Public Accountant and CFO at Azstec, LLC. He is Business Strategist, Tax Planner, Entrepreneur and Advisor to "HNEs" (High Net Worth Entrepreneurs).
