Menu Close

ISACA Certification Maintenance Requirements

Information Systems Audit and Control Association (ISACA) is an international professional association focused on IT Governance. It provides guidance, benchmarks, and governance tools for enterprises that use information systems. Additionally, it offers certification programs in Information Technology (IT) such as CISA, CISM, and CGEIT. These certifications assist professionals in gaining knowledge and expertise in the IT field. Moreover, it boosts their earning potential and career prospects.

ISACA Certification Maintenance Requirements
CISA, CISM, AND CGEIT Certification Maintenance Requirements

What are ISACA CPE policy requirements?

The ISACA certification process does not end even after obtaining certificates. Candidates must renew their certificate every three years by completing CPE credits in accordance with the ISACA CPE policy. CPE credits are earned to guarantee that all certificate holders have up-to-date knowledge and skills in the field of information technology. The ISACA CPE policy for maintaining certifications are as follows:

  • Candidates must obtain a specified number of CPE Credits by participating in job-related activities during three years.
  • ISACA members have to pay a maintenance fee of USD 45 per year while non-members have to pay USD 85 per year.
  • If their certificate is selected for audit, they have to submit the required documents related to the audit process.
  • Candidates should follow ISACA’s Professional Ethics Code.

What is the CPE audit process?

ISACA conducts audits to verify CPE credits earned by certification holders over three years. If selected, ISACA sends an email to candidates asking them to submit the documents related to CPE credits. Candidates must submit proof of their participation in CPE hours-related activities that they have attended. For example, if they completed an online training program, they must present a certificate of completion with CPE hours earned during the training. The certificate will be formally invalidated if the candidates do not submit the CPE credits, and they will have to retake the certification exam to obtain it.

CISA, CISM, and CGEIT Certification maintenance requirements

CISA Certificate

Certified Information Systems Auditor (CISA) by ISACA is a recognized accreditation in the field of IT auditing. The certificate validates the professional’s skill in creating, reviewing, maintaining, and auditing the information security system of an organization. After obtaining a CISA Certificate, professionals have to renew it every three years. The following are the requirements to maintain a CISA certificate.

  • Earn a minimum of 20 CPE hours in a year and 120 CPE Credits within a three-year period.
  • Pay an annual maintenance fee of USD 45 (ISACA members) and USD 85 (non-members).
  • Submit the audit-related documents if selected.
  • Adhere to the Code of Professional Ethics of ISACA.
  • Follow ISACA’s IT auditing guidelines.

CISM Certificate

Certified Information Security Manager (CISM) is the highest credential in cybersecurity management awarded by ISACA. It certifies a professional’s knowledge and competence in developing and managing an enterprise information security program. Candidates are required to maintain their CISM Certificate as per the ISACA CPE policy requirements are as follows:

  • Candidates are required to earn and report 120 CPE credits within three years by doing job-related activities.
  • They have to pay an annual maintenance fee of USD 45 (ISACA members) or USD 85 (non-members)
  • If their certification is chosen for an audit, they must provide documentation for CPE hours obtained.
  • It should comply with the Code of Professional Ethics of ISACA.

CGEIT Certificate

ISACA’s Certified in Governance of Enterprise IT (CGEIT) certification is designed for IT professionals for directing, managing and supporting the governance of IT in an organization. The CGEIT CPE policy requires candidates to attain CPE hours within the three-year certification period. The requirements are as follows:

  • Earn at least 20 CPE credits per year by performing CGEIT related tasks.
  • Earn 120 CPE hours within three years certification cycle.
  • Pay the CGEIT maintenance fee of USD 45 for members and USD 85 for non-members.
  • If the certificate is chosen for an audit, comply with the annual CPE audit.
  • Abide with ISACA’s Code of Professional Ethics.

How to earn CPE credits for CISA, CISM, and CGEIT Certificate?

Candidates can obtain CPE credits by participating in ISACA activities as well as other organizations’ events. ISACA offers 32 CPEs for attending conferences and training week courses, and 36 CPEs for attending webinars and taking quizzes. In addition, candidates can earn CPE credits by attending seminars, workshops, volunteering, teaching, attending events, self-study, enrolling in an online course, and writing blogs and articles.


ISACA certifications are globally recognized certificates. It validates candidates’ skills and knowledge in the IT field. As a result, they can get jobs across the world with a high salary compared to non-certified professionals. So it is necessary for the professionals to maintain their certificate by earning CPE credits. Candidates have to earn 120 CPE credits within three years to renew their CISA, CISM, and CGEIT Certificate which can be easily obtained through professional related activities.

Posted in IT Governance

Related Articles