myCPE

March Mastery Sale : 67% Savings on Subscription. Offer Ends Soon! March Mastery Sale :
67% Savings on Subscription. Offer Ends Soon!
00hrs : 00min : 00sec

View Offer

CISM CPE Requirements (2024)

trustpilot rating
google rating
Continue Education For Qualification

CPE Credits for Certified Information Security Manager (CISM)

CISM (Certified Information Security Manager) is an advanced certification designed for IT professionals who focus on information security management. It is for those with technical expertise and experience in IS/IT security and control who want to make the move from team player to manager. CISM can add credibility and confidence to your interactions with internal and external stakeholders, peers, and regulators.

MY-CPE LLC is approved by NASBA and it offers Continuing Professional Education (CPE) courses for the designation provided by ISACA. ISACA does not require its designation holders to take CPE from an ISACA-approved CPE provider. We are focused on providing quality continuing education content that incorporates the qualified subject areas. Our NASBA-approved CPE courses are authored/reviewed by industry specialists and subject matter experts.  All our courses are designed in a way to ensure that courses meet your continuing education requirements.

CERTIFIED INFORMATION SECURITY MANAGER (CISM) CONTINUING EDUCATION PROFESSIONAL REQUIREMENT OVERVIEW

CPE Requirements
120 hours for a three-year reporting period, 20 hours annually
License Renewal Period
January 15th annually.
CPE Reporting Cycle
The annual reporting period begins on 1 January of each year.
Ethics Requirement
There is no minimum ethics requirement for CISM designation holders but are required to comply with ISACA’s Code of Professional Ethics.
Carry-Over Credits
No credit may be carried over from excess hours earned during a reporting period.

CLICK HERE for further reference on CPE regulations for the Certified Information Security Manager (CISM).

What is the CPE Requirements for Certified Information Security Manager (CISM)?

A Certified Information Security Manager (CISM) needs to complete 120 hours of CPE during a 3-year reporting period out of which 20 hours must be completed annually.

What is the Ethics Requirement for Certified Information Security Manager (CISM)?

There is no minimum ethics requirement for a Certified Information Security Manager (CISM) but is required to comply with ISACA’s Code of Professional Ethics.

What is the license renewal period for Certified Information Security Manager (CISM)?

The Certified Information Security Manager (CISM) license renewal period ends on January 15th annually.

What is the CPE reporting cycle for Certified Information Security Manager (CISM)?

The annual reporting period begins on 1 January of each year. The three-year certification period varies and is indicated on each annual invoice and the letter confirming annual compliance. 

CLICK HERE for further reference.

Individual Subscription

  • Unlimited Access to Continuing Education: Dive into our extensive library at your own pace without incurring any extra cost for your learning and compliance.
  • Top-Quality Courses: Our expert-led continuing education courses in 500+ subject areas with average 4.5* ratings. 
  • Flexibility: Learn anytime, anywhere, on any device.

$499

$199/Annually

Save $20 on Auto Renewal

Teams Subscription

  • Unlimited Team Access to Continuing Education: Enable your team to grow together meeting compliances through our top quality courses.
  • Admin Dashboard: Easily track progress, manage team Learning, and assign continuing education courses. 
  • Flexibility: Learn anytime, anywhere, on any device.
Per User

$25/Monthly

$199/Annually

Frequently Asked Questions

CISM validates your expertise in the four work-related domains listed below that are applicable across industry verticals:

Information Security Governance

  • Enterprise Governance
  • Information Security Strategy

Information Security Risk Management

  • Information Security Risk Assessment
  • Information Security Risk Response

Information Security Program

  • Information Security Program Development
  • Information Security Program Management

Incident Management

  • Incident Management Readiness
  • Incident Management Operations

No, there are no minimum CPE requirements in a particular subject area.

The following categories of qualifying activities and limits have been approved by the CISM Certification Committee and are acceptable for CPE:

  • ISACA professional education activities and meetings (no limit)
  • Non-ISACA professional education activities and meetings (no limit)
  • Self-study courses (no limit)
  • Vendor sales/marketing presentations (10-hour annual limitation)
  • Teaching/lecturing/presenting/fully accredited university research
  • Publication of articles, monographs, and books (no limit)
  • Exam question development and review (no limit)
  • Passing related professional examinations (no limit)
  • Working on ISACA Boards/Committees (20-hour annual limitation per ISACA certification)
  • Contributions to the information security profession (20-hour annual limitation in total for all related activity for CISM reported hours)
  • Mentoring (10-hour annual limitation)

A CISM must obtain and maintain documentation supporting reported CPE activities. Documentation should be retained for twelve months following the end of each three-year reporting cycle. Documentation should be in the form of a letter, certificate of completion, attendance roster, Verification of Attendance form (located in this policy), or other independent attestation of completion. At a minimum, each record should include the name of the attendee, the name of the sponsoring organization, the activity title, the activity description, the activity date, and the number of CPE hours awarded or claimed.

The cost of annual maintenance fee is $45 for ISACA members and $85 for non-members. Once you hold more than two ISACA certifications, the cost to renew your 3rd (4th, 5th, etc.) certification is reduced to $25 for ISACA members and $50 for non-members.

Failure to comply with these certification requirements will result in the revocation of an individual’s CISM certification. In addition, as all certificates are owned by ISACA, if revoked, the certificate must be destroyed immediately.

For newly certified CISMs, the annual and three-year certification period begins on 1 January of the year succeeding certification. Reporting CPE hours attained during the year of certification is not required. However, hours attained between the date of certification and 31 December of that year can be used and reported as hours earned in the initial reporting period.

No, the Short video (Nano learning) method is not approved for the CPE requirements of a Certified Information Security Manager (CISM).

  • Retired CISM Status: Certified Information Security Manager (CISM) is entitled to apply for retired CISM status if over 55 years of age and permanently retired from the CISM profession, or unable to perform the duties of an information security professional because of permanent disability. CISM granted this status is no longer required to obtain CPE hours. 
  • Nonpracticing: Certified Information Security Manager (CISM) who is no longer working in the information security profession are entitled to apply for nonpracticing CISM status. CISM granted this status are not required to obtain CPE hours but are required to pay the annual maintenance fee. Once the individual has returned to the profession, they are required to return to active status.

myCPE provides courses that are approved for continuing education credits by NASBA. Based on the guidelines issued by these boards regarding Continuing Education Requirements, we recommend the programs/ webinars be suitable for CISM designation holders. However, it will be the responsibility of each attendee to ensure that they are eligible for the Continuing Education Credits based on their occupation/ job profile, knowledge requirements as well as guidelines laid down by their regulatory board before registering for the webinars.