How to earn CISA CPE credits: Your complete guide

Every few years, ISACA updates its industry-recognized Certified Information Systems Auditor (CISA) exam for security practitioners and auditors, and the latest update was released in 2024. The new version emphasizes business resilience and information security and still offers the three-year certification period. Built to maintain proficiency in auditing, monitoring, assessing and controlling information systems, CISA-certified professionals need to participate in 20 continuing professional education (CPE) hours annually and a minimum of 120 hours over a three-year period.

If you're exploring the CISA exam, check out the five-day intensive ISACA CISA Boot Camp to optimize your chance for exam success and download the free cybersecurity certification and skills roadmap to see how the CISA fits in on your current career trajectory.

To keep your certification active and avoid retaking the exam, here's a look at how to earn CPE credits.

Earn your CISA, guaranteed!

Get your CISA live online or on-site, backed with an Exam Pass Guarantee!

View Pricing

CISA CPE guidelines

All CISA-certified professionals need to record and report 20 CPE hours annually outside of their regular on-the-job activities. Candidates must keep thorough documentation of their CPE activities and report these hours. ISACA may audit any of these activities and request supporting documentation.

In addition to earning CPE credits, CISA professionals must:

• Adhere to the ISACA Professional Code of Ethics
• Agree to abide by ISACA's auditing standards for information technology
• Submit an annual fee to ISACA (the maintenance fee for maintaining a certification varies depending for members and non-members)

How can I earn CISA CPEs?

ISACA offers 11 different categories that qualify as continuing education, some of which have limits. Make sure you're not over-reliant on categories with hour limits and risking active participation not being valid. Also, be sure to check against the official ISACA guidelines when submitting CPEs in case an changes have been made by ISACA.

CPE categories without a limit

• ISACA professional education: Candidates can register and attend seminars, workshops, conferences and chapter activities like meetings or programs. Participation in ISACA chapter meetings earns a minimum of one CPE hour regardless of actual duration.
• Non-ISACA professional education: A broader category encompassing professional meetings, courses, corporate in-house training, online webinars and more, CPE credit is earned based on active participation. Successfully completed university courses count as 15 CPE hours per semester credit hour and 10 CPE hours per quarter credit hour (semester = 15 weeks; quarter = 10 weeks).
• Self-study courses: Candidates can also submit self-study courses with a certificate of completion specifying the number of CPE hours earned. In this category, you can also submit online e-learning presentations by ISACA, such as webinars. Passing the ISACA Journal quiz offers one CPE hour.
• Teaching, lecturing and presenting: You can earn CPEs to develop and deliver professional education programs. Courses and presentations earn CPEs at five times the presentation time or estimated delivery for the first delivery. Only the actual presentation time counts on the second delivery.
• Publication activities: For those interested in writing and publishing materials related to information systems and controls, credit is available for the actual time it took to create the content. This can include articles, books and monographs as long as they're formally published online or in print.
• Development and review of exam questions: Candidates can also earn CPEs for developing or reviewing materials related to the CISA exam. Two CPE hours are earned for each question accepted by an ISACA CISA item review committee.
• Other professional examinations: Other industry certifications count toward CPEs if you pass with two CPE hours earned per examination hour.

Earn your CISA, guaranteed!

Get your CISA live online or on-site, backed with an Exam Pass Guarantee!

View Pricing

CPE categories that have an annual hour limit

Pay close attention to your work in these categories to ensure you get the maximum value for your CPE credits. All of these have limits to stay aware of.

• Activities on ISACA boards and committees (maximum 20 hours): CPEs on ISACA boards and committees are calculated based on active participation. One CPE hour is earned for each hour of active participation.
• Professional contributions (maximum 20 hours): This category includes research development and peer reviews for contributions to ISACA and other governing bodies in information systems audit and controls.
• Mentoring (maximum 10 hours): If you're interested in coaching or assisting others with the CISA exam, this can potentially qualify for CPE hours as well. One CPE hour is earned for each hour of mentoring assistance.
• Sales and marketing presentations by vendors (maximum 10 hours): CISA professionals can also create sales presentations for specific information system products.

How do I calculate CISA CPE credits?

Calculating CPE credit feels a little overwhelming at first. But eventually, you'll get the hang of it. For professional activities like presentations, conferences or workshops, every 50 minutes of active participation counts as one CPE hour. You can also report credit in quarter-hour increments, and when calculating the total time for an event, subtract lunch and personal breaks, rounding calculations to the nearest quarter hour.

After calculating, you must gather the required information to get full credit for your participation. Each category has different verification requirements. For example, webinar participation for CPE hours requires a screenshot of the event invitation with the date, time, your name and a recap of the content.

Make sure to submit your required documentation within the given timeline or risk invalidating your participation.

What are some free ways I can earn CISA CPEs?

There are many free ways to earn CPE credits every year. ISACA offers a variety of opportunities, and other organizations offer different free training that could count towards your required hours. Depending on what you're interested in, you might be able to find three full years of requirements for free.

• Online education: Earn up to 36 CPEs per year for webinars, virtual instructor-led trainings and ISACA Journal quizzes
• On-demand learning: Earn up to 28 CPEs per course when completing on-demand and online review courses
• Volunteer activities: Participate in ISACA activities or an IT governance Institute board, committee or working group. You can also volunteer for ISACA projects or hold a chapter officer position for a maximum of 20 CPEs per year
• Conferences: ISACA sponsors several annual global conferences where you can earn CPE credits based on your hours of active participation
• Chapter meetings: Participate in local ISACA chapter meetings and earn a minimum of one CPE hour regardless of actual duration
• Mentoring: With a limit of 10 CPE hours per year, earn credits for mentoring someone in qualifying activities related to credentialing or certification exam prep

Have there been any CISA CPE policy changes recently?

No, there have not been any significant changes to the CPE policies recently, and you can always stay updated on the official ISACA CISA page. Candidates need to report their annual CPEs every year by December 31st.

Stay informed on the latest 2025 CISA exam changes with the below resources:

• An in-depth overview of CISA domains for aspiring auditors
• How to pass the CISA exam: 10 proven tips for 2025 success

Get your guide to the top-paying certifications

With more than 448,000 U.S. cybersecurity job openings annually, get answers to all your cybersecurity salary questions with our free ebook!

Get Your Copy

Work towards your CISA CPE credits

With the average CISA professional salary sitting at $115,600, it's important to keep this highly regarded certification active and valid. Within the information security industry, professionals can't work with expired certifications, and all your hard work goes to waste if you must retake the exam.

Stay on top of gathering your annual CPE hours and submitting them on time. If you want to explore CISA careers, download the free cybersecurity salary guide or check out Infosec's CISA training hub.