Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Project Management & SAP

How to maintain CISA Certification

CISA (Certified in Information System Auditor) is a certification issued by professional association ISACA.

This certification has a limited validity period that, nevertheless, can be extended. This post summarizes ways to maintain and renew CISA certification.

The information may also apply to all these ISACA certificates:

  • CISA
  • CISM
  • CSX-P
  • ITCA
  • CET

If you are looking about how to get the CISA certification or prepare the CISA exam, check the corresponding articles on the previous links.


Frequently Asked Questions

What is the validity period of CISA Certification?

Continuing Professional Education (CPE) policy determines that certain CPE hours must be completed and reported in a periodical basis to keep CISA Certification.

CISA Certification is revoked if:

  1. CPE’s are not completed or reported annually
  2. ISACA’s IT audit Standards or Code of Professional Ethics are not followed.
  3. Annual membership fee is not paid
  4. If selected for the annual audit, required documentation of CPE activities are not submitted

Requirements regarding CPE hours:

  • Earn and report an annual minimum of 20 CPE hours. These hours must be appropriate to the currency or advancement of the CISA’s knowledge or ability to perform CISA-related tasks.
  • Earn and report a minimum of 120 CPE hours for a three-year reporting cycle period.

CPE reporting is due by the end of each calendar year (i.e., 31 December of each year).

ISACA Cert. Annual CPE hours 3-year CPE hours Comments
1 CISA 20 120
2 CISM 20 120
3 CRISC 20 120
4 CGEIT 20 120
5 CSX-P 20 120 3
6 CDPSE 20 120 5
7 ITCA 20 120
8 CET 20 120 Of the 20 annually required CPE hours, a minimum of 10 hours must be attained by participating in skills-based training/labs


Total examen 45 13 32

Do I need to apply CPE hours the first year I get a certification?

No, you do not need to apply CPE hours on the first year you get a certification.

If you earn CPE hours on a year you do not need to use them, you can keep them and apply them the year you need them.

How do I earn CPE hours?

Ways to get CPE hours:

  1. Getting free CPE available to ISACA members. Some “free” CPE implies working for ISACA.
  2. Attending ISACA’s webinars and virtual conferences
  3. Attending ISACA’s training courses
  4. Participate and volunteer with ISACA, what may include becoming an Exam Item Writer
  5. Attend a conference
  6. Complete Journal Quizzes
  7. Mentoring
  8. Perform online training
  9. Pass ISACA’s certificate or certifications exams

You can find more information in the official web about how to earn CPE hours.

More information about how to maintain CISA certification on this link.

Examples of CPE hours

CISM exam pass: 8 CPE hours

CISA exam pass: 8 CPE hours

CSX-F examp pass: 4 CPE hours

Attending a 3-hour ISACA local chapter webinar: 3 CPE hours

I have many ISACA Certifications. Do I need to get CPEs separately for each of them?

As stated in the CPE Policies, the use of CPE hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.

As far I saw, when you submit a CPE, you do not choose to which certificate it goes, so it will go to your membership. So in case you have more that an ISACA Certfication (e.g., CISA, CISM, CRISP, etc.), a CPE is applied to your certificate, it means, to all the certificates at the same time.

The best approach would be to find CPE that apply to all or most certificates; in this case, you will not need an extra effort to maintain your certificates.

How do I check or report CPE hours?

To check your registered CPE hours, go to “MyISACA” > “Report and Manage CPE“.

There are two types of CPE:

  1. CPE Earned through ISACA
  2. CPE Earned through other vendors

CPE hours earned through ISACA (e.g., local chapter webinars, ISACA certifications, etc.) are automatically registered on your profile with the status “Unapplied CPE Earned through ISACA” and listed in this category in “Report and Manage CPE”. Click on “Apply” to apply them to the current year.

The ISACA CPE records you obtained can be found and their certificates downloaded in “MyISACA”> “CPE Certifcates“.

If the ISACA event was organized by your local chapters, CPE certificate may have been received by e-mail.

CPE earned through non-ISACA vendors require a different process. On the “Report and Manage CPE” screen, click on “Add new CPE record to current cycle”.

You can find more information in the official web about how to report CPE hours.

How do I know if a non-ISACA education can be posted as CPE, and to how many hours correspond?

Check section “Calculating CPE Hours” in CPE Policies.

What is the cost of maintaining CISA certification?

If you are a student and get all CPEs for free (what is quite unexpected), you could mainting CISA certifications with $25/year. But in most cases, maintaining CISA certification will probably cost you hundreds of dollars per year.

The costs of maintaining CISA certification depends on the following concepts:

  1. ISACA membership annual fee
  2. Cost of CPE obtained

As owning a CISA certification requires to be an ISACA member, you need to pay an annual membership fee. The standard annual fee was of $135 in 2021, though there were reduced rates for recent graduates ($68) and students ($25). You may need to apply an additional fee for your local chapter; for example, standard Madrid chapter renewal fee was $70 in 2021.

Also, fees vary depending on whether you are an ISACA member or not, and being a member implies an annual fee.

CPE costs are variable. Take into account that you need to pay to get some CPEs (in the concept course fees, etc.), while others are for free (free webinars imparted by local chapters, ISACA voluteering, etc.). So the final cost of each CPE depends on how did you get CPE hours.

This ISACA post details much of the related costs.

What if I no longer work on the certification field?

It may happen that you no longer work on the certification field either because you changed your career path, stopped working or retired. In these cases, if you want to avoid revocation you can apply for the corresponding special status for each ISACA certification you won:

  • Retired CISA Status
  • Nonpracticing CISA Status

Nevertheless, you need to keep paying the annual membership fee to keep this status.

You need to submit the corresponding retired or nonpracticing form before 15 January.

For additional details, check this link, contact the certification department via telephone at +1.847.660.5660, via fax at +1.847.253.1755 or via e-mail at

What can I do if my certification has been revoked and I want to recover it?

If your certification has been revoked, there is a certification reinstatement process. The reinstatement fee is US$50.

For additional details, check this link and go to section “Revoked status”.


You might also be interested in…

External References


About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


Política de privacidad
Studii Salmantini. Campus de excelencia internacional