Maintaining Your CGEIT Certification: Renewal Requirements [updated 2021]

Greg Belding
April 26, 2021 by
Greg Belding


The Certified in Governance of Enterprise IT certification, or CGEIT, is a vendor-neutral IT governance certification hosted by ISACA. The certification is intended for IT professionals working in the enterprise IT sphere that are responsible for managing, directing and supporting IT governance. 

Just like many other certifications, CGEIT has some renewal requirements that must be satisfied to continue holding the certification beyond the term of the certification. This article will detail how to maintain your CGEIT certification and will explore what renewal requirements must be met for the cert holder to continually hold this certification.

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.

Renewal requirements

The renewal requirements for the CGEIT certification are that the cert holder must meet certain requirements and comply with ISACA’s Code of Professional Ethics. The CGEIT certification remains valid for three years. To maintain the certification, cert holders are required to stay on top of the most up to date IT governance knowledge by satisfying ISACA’s Continuing Professional Education (CPE) policy. 

Satisfying ISACA’s CPE policy requires cert holders to perform CPE related tasks such as earning credits, which then must be self-reported to ISACA. For the CGEIT certification, cert holders are required to earn at least 20 CPE hours annually and at least 120 CPE hours in a three-year time period. Like other ISACA certifications, those reporting CPE hours for CGEIT can do so in quarter-hour increments.

There is some flexibility in earning CPE hours. Below are activities that are counted toward CPE hours:

  • ISACA professional education activities and meetings
  • Non-ISACA professional activities and meetings
  • Self-study courses
  • Vendor sales/marketing presentations
  • Teaching/lecturing/presenting
  • Publication of articles, monographs and books
  • Exam question development and review
  • Passing related professional examinations
  • Working on ISACA boards/committees
  • Contributions to governance of enterprise IT body of knowledge
  • Mentoring

While these activities all count towards CPE, some have annual hour limitations. For more details, you can find the CGEIT CPE policy here.

How to record CGEIT CPE hours

Recording the CPE hours that you self-report is a simple process that is done online through your MyISACA account. To record your hours:

  1. Log to your MyISACA account here.
  2. Click Certifications & CPE Management
  3. Click on the button for Report and Mange CPE
  4. Click on Add New CPE Record
  5. Enter details of the CPE activity. Make sure to include description or title of event, the hosting organization and the start and end dates of when the activity was performed, as well as what appropriate qualifying activity it corresponds to
  6. Enter the number of CPE hours earned for CGEIT
  7. Click Save and Close

Once you self-report CPE hours, they become locked in the system to prevent further changes being made to them. 

To edit your CPE hours, you no longer do it through Instead, you can now edit your CPE hours here

Annual fee payment

In addition to the renewal requirements listed above, CGEIT cert holders will also have to pay an annual fee. Previously, this was done at This website is no longer valid and payment can now be made here

Annual compliance notification

Once you have self-reported your CPE hours and have made your annual fee payment, you will receive a confirmation notification. This notification will contain information about the CPE hours reported and the CPE hours that ISACA accepts, as well as the remaining CPE hours that must be reported by the user for that three-year period. 

It is the responsibility of the CGEIT cert holder to report any omissions or errors on their annual compliance notification.

Auditing CPE hours

Every year, ISACA selects a certain number of CGEIT holders for a random audit of their CPE hours. When this occurs, cert holders have to submit supporting documents showing their compliance to the CGEIT certification committee. The committee will check over the documentation to see if the cert holder has been complying with their CPE hours requirements. If they have not been, their cert is revoked.

If a cert holder’s CGEIT certification is revoked, users will have to retake the exam, wait out a 60-day period of revocation and then pay an extra fee. This will not guarantee that your CGEIT cert will be reinstated; rather, to even be considered, users will need to meet these requirements.

What happens if you are no longer active in the field but want to maintain your CGEIT certification?

There are different reasons, including retirement and disability, that would prevent a CGEIT cert holder from practicing in the field. When this occurs, their CGEIT is assigned a status of either non-practicing or retired. Those with this certification status may want to retain their CGEIT cert. 

The good news is this is possible. To do so, the cert holder can apply for a retired CGEIT status by submitting their application before January 1st and paying the annual fee. The only difference here is that the cert holder will not have to satisfy the CPE requirement.

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.


CGEIT is a certification that cert holders will need to maintain in order to keep the certification for beyond the period of its three-year life cycle. To maintain your CGEIT cert, you will need to earn qualifying CPE hours, self-report your CPE hours to ISACA, abide by the ISACA professional code of ethics and pay an annual fee. While this process has undergone some minor changes of late, the process is still easy and well worth it.



CGEIT Continuing Professional Education (CPE) Policy, ISACA

How to report CPE, ISACA

Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.