Maintaining your CCSP certification: Renewal requirements and CPEs
Once you earn a Certified Cloud Security Professional (CCSP) certification, you become an ISC2 member and join a global community of approximately 150,000 cybersecurity professionals. However, you must maintain your CCSP certification to continue to receive the benefits of your membership, stay up-to-date about the latest industry trends and keep your skills and knowledge current.
In this article, you will learn about Group A and Group B Continuing Professional Education (CPE) credits, CCSP renewal requirements, how to regain membership, how to retake the CCSP exam and the benefits of maintaining your CCSP certification.
Earn your CCSP, guaranteed!
What are the CCSP renewal requirements?
You must recertify every three years by paying an annual maintenance fee (AMF) of $125 and earning 90 CCSP CPE credits before the certification expires. 30 CCSP CPEs are required for each year of the renewal cycle. If you are unable to pay an AMF, your certificate will be suspended. On the other hand, if both required CPE credits and AMF payment are met, your membership will be renewed for a new three-year certification cycle.
How do I earn CCSP CPEs?
Understanding Group A and Group B CPE credits is a prerequisite to comprehending CPE credits altogether. Let’s look at them in a little more detail.
Group A CPE credits
They involve domain-related activities. That means that these activities must be related to specific domains of the respective credential (e.g., CCSP, CISSP, CSSLP, SSCP, CGRC and so forth).
Examples of Group A activities are listed below:
- Taking an online self-paced, blended or instructor-led educational course
- Reading a magazine, book or whitepaper
- Publishing a book, whitepaper or article
- Attending a conference (in-person or virtual), educational course, seminar or presentation
- Preparing for a presentation or teaching information related to information security
- Performing a unique work-related project that is not a part of your normal work duties
- Self-study related to research for a project or preparing for a certification examination
- Volunteering for government, public sector, and other charitable organizations
- Taking a higher education course
Group B CPE credits
They are related to general professional development activities that are not applied directly to your certification domains. These activities help enhance your education, knowledge, professional skills or competency outside of domains. General professional development activities include programs such as management courses or professional speaking. Examples are given below:
- Attending non-security industry conferences
- Participating in non-security education courses
- Preparing for non-security presentation/lecture/training
- Non-security government/private sector/charitable organizations committee
CPE policies and procedures
You must complete one or more of the above CPE activities during the three years of each certification cycle, rather than at the end of your certification cycle or after the certification expiration date.
Excess credits earned within the last six months of the three-year certification cycle can be rolled over and used towards the requirements of the first year of the next cycle.
You can earn CPEs by participating in various activities within the following categories:
- CPE credits offered by ISC2
- Unique work experience (Group A)
- Contribution to the profession (Group A)
- Education (Group A or B)
- Professional development (Group B)
Type Suggested | Annual | 3-Year Total |
Group A | 20 | 60 |
Group A or B | 10 | 30 |
Total Required | 30 | 90 |
Normally, professionals earn one CPE credit per one hour of time spent in an activity, but exceptions are made for particular complexity. CPE credits may be reported in 0.25, 0.50 and 0.75 increments.
CPE credits offered by ISC2
You can earn Group A CPE credits by attending or participating in the events and activities offered by ISC2. Some examples are below:
- ISC2 Certification Course
- ISC2 Chapter Meeting
- ISC2 InfoSecurity Professional Magazine (2 CPE credits per issue with passed quiz)
- ISC2 Exam Development Subject Matter Experts
- ISC2 Professional Development Institute (PDI) Course
- ISC2 Safe and Secure Volunteer Training (1 CPE credit)
- ISC2 Security Congress
- ISC2 Webinar – Solutions Summit (3 CPE credits)
- ISC2 Webinar – Regional (EMEA and APAC)
- ISC2 Webinar – Security Briefing (1 CPE credit)
Some of these CPE activities are automatically added to your record and are not subject to auditing.
Unique work experience
You can earn up to 10 Group A CPE credits for unique activities related to the credential domains performed during regular working hours but outside of the normal scope of the position.
Each hour of participation results in a self-reported credit (up to 10). Auditing is possible, and the professional might be asked to provide proof or a brief description (no more than 250 words) of the project. Some examples are below:
Contributions to the profession
You can earn Group A CPE credits for creating new content for topics related to your credential. Qualifying activities include:
- Writing, researching and publishing (40 credits for authoring a book, 10 for editing)
- Preparing a webinar, podcast or presentation
- Preparing non-ISC2 new or updating existing training seminar or classroom material (from two credits for a one-day course to 20 for a semester of 12 or more weeks)
- Serving as Subject Matter Expert (SME) for a panel discussion
Earn your CCSP, guaranteed!
Education
You can earn Group A CPE credits for self-directed learning activities. Here are some examples:
- Book, magazine or whitepaper (five CPE credits per book or magazine and one CPE credit per whitepaper)
- Courses and seminars
- Higher education course
- Industry conference (in-person or virtual)
- Online webinars and podcasts
Credits are self-reported and might be audited. You may be required to provide a brief description (no more than 250 words) of what you learned and proof of attendance/transcript/possession of the material. Activities that are specifically related to the certification domains will be considered group A. All others, group B.
Professional development
You can earn Group B CPE credits for activities that, although not specifically related to the domains, are still valuable for the professional’s development, such as enhancing management skills, interpersonal communication, project planning and team building. Examples include:
- Chapter formation or management
- Non-security industry conference
- Non-security education courses and seminars
- Non-security government/private sector/charitable organizations committees
- Preparation for non-security presentation/lecture/training
Each hour of participation equals one CPE credit for Group B for a maximum of 40. Auditing is possible.
Maintaining multiple credentials
In addition to CCSP, ISC2 also offers various other certifications, including CISSP, CSSLP, SSCP, CAP, HCISPP, ISSAP, ISSEP and ISSMP. If you hold any other certification(s) along with CCSP, ISC2 automatically counts your CPE credits toward all active credentials you hold as of the completion date. As an ISC2 member, you are only required to enter your CPE activities in a record or member database one time, rather than multiple times.
Learn more about other certifications in our Cybersecurity certifications and skills ebook.
Audit of CPE credits
The CPE credits you earn may be randomly audited by the ISC2 CPE Auditors. You must provide a brief description of your activity (Group A or B or both) or proof of your attendance. Audits of CPE credits are valuable as they provide compliance with ANSI/ISO standards for credentials and uphold the integrity of ISC2 certifications.
Once you are selected for an audit, you will be informed via email that you are required to respond within 90 days of the notice.
It is good to retain proof of credits for at least 12 months after the expiration of the certification cycle: for example, a course transcript, receipts of attendance, official meeting minutes, a sales receipt for a book or a library record.
Dispute regarding CPE status
If any dispute regarding CPE status occurs, you may submit a complaint to the ISC2 Board of Directors within 90 days from the date of denial. Your written appeal must not consist of more than two pages and needs to contain the rationale and any relevant documentation; it is sent to Member Support at membersupport@isc2.org. The decision of the Board shall be considered final.
Can I regain membership if my certification has been suspended?
Yes, you can regain membership if your certification has been suspended. Suspension occurs due to the failure to achieve three years’ worth of CPE credits or payment of AMF renewal requirements within 90 days following the certification expiration date. The notice of suspension is issued by email. Suspension status may be maintained for up to two consecutive years. After that, certified members and Associates of ISC2 will be terminated, and all membership rights will be revoked.
If your certification is suspended or terminated, you have the right to file an appeal. If you cannot report your CPE credits or make your AMF payment within a deadline, you can ask for assistance from the Member Services Department.
Being reinstated will require you to retake and pass the examination and pay the $600 reinstatement fee.
ISC2 also offers you a grace period, allowing you to submit missing CPE credits within 90 days following the certification expiration date.
How long is the CCSP certification good for?
Your CCSP certification is good for three years. However, the member must meet certain requirements to keep his certification active and valid. These requirements include attaining 30 CPE credits each year and 90 CPE credits for the three-year certification cycle. In addition, paying an AMF of $125 and complying with the ISC2 Code of Ethics is also necessary.
Do I have to retake the exam?
If your previous certification has been terminated, you can retake the exam to recertify. The process for retaking the exam is the same as the first time around. For example, you will schedule the exam, pay the AMF and pass the exam. Once you meet all these requirements, the Member Services Department will reactivate your certification. After that, you need to maintain your certification to avoid suspension and eventually termination again.
What are the benefits of maintaining my CCSP certification?
The CCSP certification is a globally recognized credential that builds your career in the cloud security realm. Your CCSP credential ensures that you have advanced technical skills and knowledge to design, manage and secure applications, data and infrastructure in the cloud employing best practices, policies and procedures. Maintaining your CCSP certification have various other benefits, including:
- Peer networking, mentoring and global resources
- A plethora of promotions and job opportunities in the cloud security realm
- Having access to expert guidance, a variety of research and industry insight to support continuous and diverse education
- Having an association with global recognition and value and ethics of ISC2 credentials
Earn your CCSP, guaranteed!
Pursuing the CCSP certification
The CCSP certification is ideal for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration. Therefore, it is a good option for roles as security and systems engineers, enterprise and systems architects, and security consultants.
Once the credential is earned, it is important that the professional keeps in good standing and continues to keep updated through development and educational opportunities.
For more on the CCSP certification, check out our CCSP certification hub.