The objectives of the CPE policy are: to ensure that the current level of knowledge and proficiency in the areas of information systems audit, control and security is maintained at a sufficiently high level for all CISA; CISA that meets the requirements of the CPE policy will receive better training to enhance its ability to assess information systems and technologies and to demonstrate better leadership and create value in the organizations it serves.
The CISA Accreditation Committee (hereinafter referred to as the Committee) is responsible for setting the requirements for CPE. The Committee supervises the procedures and requirements for continuing vocational education to ensure their suitability.
The overall requirement is that CISA and CPE policies meet the required class hours of CPE both in the current year and during the three-year certification period.
To maintain its eligibility, CISA must meet the following requirements:
- A minimum of 20 CPE hours per year should be achieved and reported. These hours must contribute to the growth of CISA knowledge and the ability to perform CISA – related tasks. The use of these credit hours to meet the CPE requirements of multiple ISACA certifications is based on the premise that these vocational education activities provide the work-related knowledge required for each certification.
- Payment of CPE annual maintenance fee in full to ISACA international headquarters.
- A minimum of 120 CPE credit hours shall be achieved and reported during the three-year reporting period.
- People Selected to participate in the annual review must respond and submit the required documentation to participate in the CPE activities.
- Adhere to the ISACA Code of Ethics.
Failure to comply with the above certification requirements will result in the withdrawal of a person’s CISA qualification. In addition, as all certificates are owned by ISACA, if they are revoked, please destroy them immediately.
Payment of CISA Maintenance Fee and Report on CPE Hours
Renewing CISA certification requires paying a maintenance fee and reporting CPE credit hours.
ISACA will send all CISAs a fee list notice by email and print version in the third quarter of each calendar year. Annual maintenance payment can be made online. After obtaining the CPE credit hours, the corresponding records can be saved on the MyISACA > website; MyCertifications > Manage my CPE under the page. Certifiers may also renew their certification by submitting information on the annual renewal notice. To maintain certification, students must pay and report CPE credit hours by January 15.
Notification of Meeting the Annual Review Criteria
CISA who has the required number of CPE credit hours reported and has paid the maintenance fee in full and on time will receive confirmation of compliance from ISACA international headquarters. This confirmation will list the number of credit hours of CPE received during the annual reporting period, the number of credit hours reported in the previous year of the three-year certification period, and the number of credit hours required to meet the requirements during the determined three-year certification period. It is the responsibility of each CISA to promptly notify ISACA international headquarters of any errors and omissions in this confirmation.
Use of the CISA Logo
Individuals are not allowed to use the CISA logo (for example, on business cards or websites in marketing or promotional materials) as it may indicate ISACA’s endorsement or acceptance of the individual’s products or services. Individuals may use the CISA abbreviation after their name in place of the logo (e.g., Zhang Mingqiang,CISA)
Review of CPE Credit Hours
We have to do random tests on CISA every year. Selected CISA applicants must provide written evidence that previously reported activities meet the criteria described in “Qualified Vocational Education Activities.” The documentation provided will not be returned, so please send a copy of the supporting documentation. The CISA Accreditation Board will decide whether to recognize the number of credit hours for a particular vocational education activity. Individuals who fail the audit will have their CISA status revoked.
Record-keeping CISA must obtain and maintain documented records to support and substantiate its reported CPE activities. Documentary records must be retained for at least 12 months after the end of each three-year reporting period. This document may be in the form of a letter, certificate of completion, attendance register, attendance proof form (included in this policy) or other independent proof of completion. Each record should include the participant’s name, the name of the sponsor, the event theme, the event description, the event date, and the number of CPE credit hours awarded or declared, as required by minimum requirements.
Canceling of Certification
If CISA and CPE policies are not met, CISA qualification will be revoked and CISA holder will not be allowed to appear again. Individuals who are disqualified from CISA are required to take and pass the CISA exam and then submit a complete application for CISA eligibility.
Reconsideration and Appeal
If a person loses certification for non-compliance with CPE policies and then requests reinstatement, an additional $50 certification recovery fee may be charged. This recovery fee is payable for certification reinstation requests made after January 1, 2013 (if the certification suspension has been longer than 60 days) and is an additional fee for current and retroactive certification maintenance fees to bring the certifier into compliance with CPE policies. All appeals shall be made at the sole discretion and expense of the participant, applicant for B certification or the person who has been certified.
Discontinuation and Non-practising CISA Qualification
Closure of CISA eligibility
Anyone who has permanently retired from the CISA profession at the age of 55, or who is unable to perform professional duties such as information systems audit, control, or security due to a permanent disability, may apply for CISA[check that] withdrawal. CISA, which is granted this qualification, does not need to earn additional CPE hours.
Non-practising CISA Qualification A CISA who no longer specializes in information systems auditing, control, or security may apply for non-practising CISA qualification. Applications for non-practising qualifications must be made by January 15. Previously served to ISACA and should be accompanied by an annual fee list. CISA, which is approved for this qualification, does not need to earn CPE hours but still has to pay an annual maintenance fee. Once an individual returns to the profession, he must be rehabilitated as a practitioner. Although previously licensed,CISA cannot use the words CISA or non-practicing CISA on a business card after it becomes a non-practising or discontinuing qualification. CISA persons wishing to apply for CISA Discontinuation or Discontinuation must complete and submit the relevant CISA Discontinuation or Discontinuation Application Form. know more about cisa exam cost