- Maintaining your CISM Certification means maintaining an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
- The CISM CPE policy requires the attainment of CPE hours over an annual and three-year certification period. CISMs must comply with the following requirements to retain certification:
- Earn and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISM’s knowledge or ability to perform CISM-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
- Earn and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting cycle period.
- Pay the CISM annual maintenance fee
- Comply with the annual CPE audit if selected
- Comply with ISACA’s Code of Professional Ethics
- Abide by ISACA’s IT auditing standards
Failure to comply with these certification requirements will result in the revocation of an individual’s CISM designation. In addition, as all certificates are owned by ISACA, if revoked, the certificate must be destroyed immediately.