How to earn CISM CPE credits [updated 2022]

Lester Obbayi
July 11, 2022 by
Lester Obbayi

The CISM certification is bolstered by the continuing professional education (CPE) policy, whose main purpose is to ensure that certified CISM holders are up to date with the most current knowledge and proficiency in the information systems security management field. Just like physicians, lawyers, and other high-level, high-earning professionals, CISM-holding IT security employees who augment their education with the most recent information will be better equipped to manage, design, oversee, and assess enterprise information security and, by extension, a greater asset to their companies.

$150,040 average salary

$150,040 average salary

ISACA CISM is one of the industry's highest-paying cybersecurity certifications for 2023. Take your information security management career to new heights and enroll now to claim your Exam Pass Guarantee!

How can I earn CISM CPEs?

There are numerous ways that CISMs can obtain CPE credits. They include:

ISACA professional education activities and meetings (no limit): CISMs can obtain up to 32 CPE credits per single event for participating in activities deemed acceptable by ISACA. Such activities include ISACA conferences, seminars, workshops, chapter programs and meetings. Proof of attendance will be required since not all chapter meetings are recorded in the ISACA database.

Self-study courses (no limit): Attending CISM online courses can guarantee up to about 26 CPE credits per course taken, depending on variables such as the length of the course taken, the type of course, the total number of courses and the time commitment for each session.

Non-ISACA professional education activities and meetings (no limit): CISMs can engage in various activities such as university courses and in-house corporate training to gain CPE hours. Attending training courses is one common activity but, unlike the online courses, they require traveling to the institutions that issue the courses and having instructors and certified professionals. Up to 32 CPE credits can be earned by this method.

What are the CISM CPE guidelines?

The CISM CPE policy dictates the guidelines that should be adhered to maintain certification. These primarily dictate that annually and over the three-year certification period, CISMs must attain and report CPE hours. The guidelines are defined as follows:

  1. Attain and report annual 20 CPE hours: CISMs must report a minimum of 20 CPE hours that must be appropriate, up to date, and to the advancement of the CISM’s knowledge or ability to perform CISM-related tasks.
  2. Submit annual maintenance fee: CISMs must pay an annual CPE maintenance fee ($45 for members, $85 for non-members).
  3. CIMS must attain and report 120 CPE hours for a three-year reporting period.
  4. Submit CPE activities: If CISMs are selected for the annual audit, they must submit the necessary documentation of CPE activities.
  5. Compliance with code of ethics: CISMs must comply with ISACA's professional code of ethics.

In addition to the CPE guidelines above, ISACA also states the following in general:

  1. The annual reporting period for CISMs begins on January 1 every year.
  2. To CISMs making the maintenance fee payment, invoice notification will be sent through email and a hard copy invoice within the third quarter of each calendar year.
  3. CISMs who report the required number of CPE hours and submit the maintenance fee in full and on time will receive a confirmation from ISACA international headquarters with all reported CPE hours for the three-year certification period.
  4. CISMs are not permitted to use the CISM logo for personal use, such as overlaying it on business cards or business products.

ISACA clearly warns that if the guidelines above are not honored, the certification may be revoked and, if revoked, the holders must “destroy the certificate immediately.”

Earn a $150,040 Salary with an ISACA CISM

Earn a $150,040 Salary with an ISACA CISM

The employment of information systems managers is projected to grow 16% by 2031. Get your ISACA CISM to launch into the field — backed with an Exam Pass Guarantee.

How do I calculate CISM CPE credits?

According to the CISM policy, a CPE hour is earned for every fifty (50) minutes of active participation (this does not include lunches and breaks) and is for qualifying and non-qualifying ISACA professional education activities and meetings.

CPE hours can be earned in quarter-hour increments and can be reported in quarter-hours, rounded to the nearest quarter-hour. For instance, a CISM who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will be eligible for 7.75 CPE hours. This is illustrated in the table below:

Study Activity Hours Spent Minutes Spent

9:00 a.m. – 5:00 p.m. 8.0 480

Subtract: Two 15-minute breaks 0.50 30

Subtract: Lunch (1 hour) 1 60

Total hours spent on activity 6.5 390

The total of 390 minutes spent studying is divided by 50 minutes, resulting in 7.8 or 7.75 (rounded to the nearest quarter hour) CPE hours.

What are some ways I can earn CISM CPEs for free?

There are many methods of obtaining CPE hours that do not cost money. CISMs can obtain up to 36 free CPE hours just by attending online webinars and virtual conferences. The fact that these are done online means that travel cost is slashed as well and, by doing so, CISMs can schedule credit opportunities around their busy daily schedules. It is, however, important to note that CPE quizzes are given only to ISACA members.

A CISM can obtain up to 20 free CPE credits annually by serving as an ISACA volunteer in various environments and situations. CISMs can earn a CPE credit for every hour of active service if participation is on an ISACA committee, task force or board. The same is true if a CISM serves as an officer of an official ISACA chapter.

CISMs can also obtain up to 10 free CPE annually through various mentoring opportunities, for example, coaching, assisting and reviewing work for an individual studying to take a CRISC, CISM, CISA, CGEIT, or any other type of examination.

CPE hours can also be obtained through participating in vendor sales or marketing presentations that involve offering presentations related to management, design or assessment of enterprise security.

CISMs may also obtain free CPE hours by publishing articles, monographs and books, either in soft copy or hard copy, that are directly related to the management of information security. ISACA requires that submissions of such publications be made available in hard copy when requested, with a clear table of contents. In the case of a website publication, the website link be made available upon request. In this case, CPE hours are earned for the actual number of hours taken to complete or review the material.

There are many more methods of gaining free CPE hours, especially for ISACA members.

Have there been any CISM CPE policy changes recently?

In 2014, ISACA published the CISM CPE policy that is still in use today. However, a minor change was effected in the area “Passing Related Professional Examinations (no limit).” Effective January 1, 2014, ISACA allows twice the number of CPE hours earned for every examination hour when a passing score is achieved on a related professional examination. The change was allowed and accepted by the Credentialing and Career Management Board.

$150,040 average salary

$150,040 average salary

ISACA CISM is one of the industry's highest-paying cybersecurity certifications for 2023. Take your information security management career to new heights and enroll now to claim your Exam Pass Guarantee!


CISMs are encouraged to satisfy the guidelines outlined by ISACA to maintain their certification. The various free and paid methods of obtaining CPE credits allow CISMs to easily meet the guidelines by providing a formula to calculate CPE credits and various options to choose from.

For more information on the CISM certification, view our ISACA CISM hub.


Lester Obbayi
Lester Obbayi

Lester Obbayi is a Cyber Security Consultant with one of the largest Cyber Security Companies in East and Central Africa. He has a deep interest in Cyber Security and spends most of his free time doing freelance Penetration Tests and Vulnerability Assessments for numerous organizations.