Here’s an overview of your Continuing Education requirements (ISC2, EC-Council, CompTIA and ISACA)

For All Things IT Security Conference Related

Join Our Newsletter [Over 50K Subscribers]

Let us send you information on ticket discounts, speaking opportunities and a ton more!

Home / Blog / Here’s an overview of your Continuing Education requirements (ISC2, EC-Council, CompTIA and ISACA)

Here’s an overview of your Continuing Education requirements (ISC2, EC-Council, CompTIA and ISACA)

Tagged Under:

Like it, loath it, we all have to complete Continuing Education (also referred to as ‘Continuing Professional Education’) if we hold a professional IT Certification.

Awarding professional IT bodies require that their members sustain and essentially prove their professionalism by agreeing to continue their education and learning. In the Information Security space, Continuing Education is vital and for one obvious reason: Murphy’s Law. Murphy’s law, i.e. ‘Anything that can go wrong, will go wrong’ is pertinent to IT Security.

Education and training is the lifeblood of any serious professional; we either learn new skills to face new challenges, or, we stick to our aging and often inefficient skills that are no longer fit for purpose.

How many cyber threats exist in the wild? Billions is the answer. So yes, learning how to combat and defend against many of these does indeed require learning!

Concise Courses offers a bunch of vendor neutral security certifications (the usual suspects: Security+, CISSP, CEH and CPTE) so we will cover those in this blog post. Also, it’s worth mentioning that we also offer what we term as ‘mini affordable information security training’ that are all eligible for Continuing Education.

First on our list is EC-Council
EC Council designate that credits can be earned in a variety of ways that include:

  • Attending conferences
  • Writing research papers
  • Preparing for training classes in a related domain (for instructors)
  • Reading materials on related subject matters
  • Taking an exam of a newer version of the certification
  • Attending webinars

(The above is not the ‘absolute’ list but can be considered as a solid indicator of what can be claimed as Continuing Education Credits).

EC Council credits are earned on a per annum basis, from the first of January of every year and the end of the year. For those reading this that have CEH or the other range of EC Council certs, you’ll need to register your credits within the ASPEN/ Delta Portal.

ISC2 is next on our list. Most of our community are CISSP certified so this part of the post will help to remind them of their Continuing Professional Education credits (abbreviated to CPEs – as ISC2 refers to them) requirements. ISC2 stipulate three criteria that each member must fulfill to keep their designation, they are: firstly that their code of ethics is upheld, secondly that all Annual Maintenance Fees (AMFs) are paid, and thirdly that enough Continuing Professional Education credits have been accumulated.

ISC2 credential holders must earn the minimum number of Continuing Professional Education credits (CPEs) each year within a three year certification cycle. CPE, as per ISC2 credits, are categorized as either being contained with Group A credits or Group B credits. The CPE credits are dependent on how the members associated activities are relevant to the certification domain. The difference between the groups is that ‘Group A’ refers to credits that are for direct domain-related activities whilst ‘Group B’ are for activities that are described as being outside of a certification’s domain, yet do enhance a member’s overall professional skills and IT security competencies.

    3 Year Certification
Annual Minimum
Group A only
Group A
Group B
Total Required
SSCP 10 40 20 60
CAP 10 40 20 60
CSSLP 15 60 30 90
CISSP 20 80 40 120
During your subsequent full 3-year certification periods for these concentrations, 20 of the 120 CPEs already required for the underlying CISSP certificate must be in the specific area of concentration. For example, if a CISSP took the ISSEP concentration examination and passed, he/she would be required to submit at least 20 of the total 120 hours required to submit for the CISSP certificate to be in the specific area of engineering.

The mighty CompTIA, next on our list, (Security+) like the rest – also requires CE.
Having passed Security+, the member must renew their certification within three years. Failure to do so will void the certification and the student will have to re-sit the Security+ Exam. The CompTIA Security+ CEU requirement is 50 hours per three years. There are several ways to earn CompTIA Continuing Education, these include:

  • Achieve a higher-level certification
  • Complete activities to show new learning (webinars etc.)
  • Attending training courses
  • Participating in industry events
  • Applying relevant work experience or college courses.
  • Take a newer version of the certification exam

Last on our list is ISACA.
For those that don’t know ISACA is an international professional association focused on IT Governance. The ISACA policy requires a certain amount of CPE hours over an annual and three-year certification period. Members must report an annual minimum of 20 CPE hours. The hours (credits) must be appropriate to the advancement of the members knowledge or ability to perform Security-related tasks. There are several ways to earn ISACA Continuing Education – all of which are very similar to CompTIA’s – see above.

In Summary
Our mini courses are open for Continuing Education credits! Please register your name and join our newsletter.

How do you complete your Continuing Professional Education? Do you find it beneficial or is a chore? Let us know we’d love to hear from you!

  • Fidel Deforte

    I need to enroll in areas to acquire CPEs for ISACA, ISC2 primarily


  • Michael

    Good morning:
    Is there a list of CEU points credited to the student after each course documented anywhere in concise’s website?


  • Leave a comment or reply below...thanks!