ISACA CISM

How to earn CISM CPE credits: Complete guide [updated 2025]

Lester Obbayi
April 24, 2025 by
Lester Obbayi

Earning CISM CPE credits is essential for maintaining your certified status as an information security manager. The CISM continuing education policy ensures that certification holders stay current with the latest knowledge and proficiency in information systems security management. Just as physicians and lawyers must pursue ongoing education, CISM professionals who regularly update their skills will be better equipped to manage, design, oversee, and assess enterprise information security — making them more valuable to their organizations.

This comprehensive guide explains everything you need to know about CISM CPE requirements, approved activities and strategies for efficient certification maintenance.

$150,040 average salary

$150,040 average salary

ISACA CISM is one of the industry's highest-paying cybersecurity certifications. Take your information security management career to new heights and enroll now to claim your Exam Pass Guarantee!

How can I earn CISM CPEs?

CISM professionals can obtain CPE credits through various approved activities. These include:

ISACA professional education activities and meetings (no limit): CISMs can obtain up to 32 CPE credits per single event by participating in activities deemed acceptable by ISACA. Such activities include ISACA conferences, seminars, workshops, chapter programs and meetings. You'll need proof of attendance, as not all chapter meetings are recorded in the ISACA database.

Self-study courses (no limit): Completing CISM online courses can provide up to about 26 CPE credits per course, depending on variables such as the length of the course, the type of content, the total number of modules, and the time commitment for each session.

Non-ISACA professional education activities and meetings (no limit): CISM holders can gain CPE hours by attending university courses and in-house corporate training. Attending training courses is common, but unlike online courses, they require traveling to the institutions and learning from instructors and certified professionals. You can earn up to 32 CPE credits through this method.

Security professional development opportunities: Many information security continuing education options exist beyond formal courses, including attending security conferences, participating in workshops and contributing to industry publications.

CISM CPE requirements and policy guidelines

The ISACA CPE policy establishes clear guidelines for maintaining your CISM certification. Understanding these requirements is crucial for certification maintenance:

  1. Attain and report annual 20 CPE hours: You must report a minimum of 20 CPE hours annually that are appropriate, current and contribute to advancing your knowledge or ability to perform CISM-related tasks.
  2. Submit annual maintenance fee: You must pay an annual CPE maintenance fee ($45 for members, $85 for non-members).
  3. Accumulate 120 CPE hours over three years: CISM holders must attain and report 120 CPE hours during each three-year reporting period.
  4. Submit CPE documentation when requested: If selected for the annual audit, you must submit necessary documentation of your CPE activities.
  5. Comply with code of ethics: You must adhere to ISACA's professional code of ethics.

ISACA also specifies these general policy elements for certification maintenance requirements:

  • The annual reporting period begins on January 1 each year.
  • Invoice notification for maintenance fees will be sent via email and hard copy within the third quarter of each calendar year.
  • CISM holders who report required CPE hours and submit maintenance fees on time will receive confirmation from ISACA's international headquarters with all reported CPE hours for the three-year certification period.
  • You are not permitted to use the CISM logo for personal use, such as on business cards or business products.

ISACA warns that failure to honor these guidelines may result in certification revocation. If revoked, you must "destroy the certificate immediately."

Learn more from our article on maintaining CISM certification renewal requirements.

$150,040 average salary

$150,040 average salary

ISACA CISM is one of the industry's highest-paying cybersecurity certifications. Take your information security management career to new heights and enroll now to claim your Exam Pass Guarantee!

How to calculate CISM CPE credits

According to the ISACA CPE policy, one CPE hour is earned for every fifty (50) minutes of active participation (excluding lunches and breaks) in qualifying professional education activities.

CPE hours can be earned and reported in quarter-hour increments, rounded to the nearest quarter-hour. For example, if you attend an eight-hour presentation (480 minutes) with 90 minutes of breaks, you'll be eligible for 7.75 CPE hours, as illustrated below:

Study Activity Hours Spent Minutes Spent
9:00 a.m. – 5:00 p.m. 8.0 480
Subtract: Two 15-minute breaks 0.50 30
Subtract: Lunch (1 hour) 1 60
Total hours spent on activity 6.5 390

The total of 390 minutes spent studying is divided by 50 minutes, resulting in 7.8 or 7.75 (rounded to the nearest quarter hour) CPE hours.

Proper CISM CPE reporting requires keeping accurate records of all your professional education activities, including detailed ISACA CPE documentation.

Free CISM CPE opportunities

Maintaining security knowledge currency doesn't have to be costly. There are many methods of obtaining CPE hours without spending money:

  • Virtual events (up to 36 hours): CISM holders can obtain up to 36 free CPE hours by attending online webinars and virtual conferences. These online events eliminate travel costs and allow you to schedule credit opportunities around your busy schedule. Note that CPE quizzes are typically only available to ISACA members.
  • Volunteer service (up to 20 hours): You can earn up to 20 free CPE credits annually by serving as an ISACA volunteer. Earn one CPE credit for every hour of active service on an ISACA committee, task force, board or as an officer of an official ISACA chapter.
  • Mentoring (up to 10 hours): Earn up to 10 free CPE hours annually through mentoring opportunities, such as coaching, assisting, and reviewing work for individuals studying for CRISC, CISM, CISA, CGEIT or other security certifications.
  • Vendor presentations: Participate in vendor sales or marketing presentations related to management, design or assessment of enterprise security.
  • Publishing content: Earn free CPE hours by publishing articles, monographs and books (digital or print) directly related to information security management. ISACA requires that such publications be available in hard copy when requested, with a clear table of contents. For website publications, the link must be available upon request. CPE hours are earned for the actual number of hours taken to complete or review the material.

These free ISACA CPE options make it easier for professionals to maintain their certification while continuing to develop their security expertise.

Recent updates to CISM CPE policy (2022-2025)

While the core CISM CPE policy established in 2014 remains largely unchanged, ISACA has introduced several updates to enhance the certification maintenance process:

  • Expanded online options: In response to the global shift toward remote work, ISACA has significantly expanded its catalog of online CPE-eligible activities, making it easier to earn credits without travel.
  • Digital badging: ISACA now offers digital badges for certified professionals, providing a secure, verifiable way to display your credentials online.
  • Streamlined reporting platform: The CPE reporting system has been modernized with a more user-friendly interface, making CISM CPE reporting more efficient.
  • Professional development paths: ISACA has created curated learning paths that align with specific career trajectories, helping CISM professionals focus their continuing education efforts more strategically.

For the most current policy information, always check the official ISACA website or contact their member support team.

Earn a $150,040 Salary with an ISACA CISM

Earn a $150,040 Salary with an ISACA CISM

The employment of information systems managers is projected to grow 16% by 2031. Get your ISACA CISM to launch into the field — backed with an Exam Pass Guarantee.

Conclusion

Maintaining your CISM certification requires diligent attention to CPE requirements, but the process doesn't have to be complicated or expensive. By understanding the guidelines outlined by ISACA and taking advantage of both free and paid CPE opportunities, you can easily meet your requirements while continuously enhancing your information security knowledge and skills.

The variety of approved activities for earning CPE credits allows you to choose professional development options that align with your career goals and learning preferences. Whether you're just beginning your certification journey or looking to explore new CISM career options, staying current with your continuing professional education ensures you remain competitive in the information security field.

For more information on the CISM certification, view our ISACA CISM hub.

Lester Obbayi
Lester Obbayi

Lester Obbayi is a Cyber Security Consultant with one of the largest Cyber Security Companies in East and Central Africa. He has a deep interest in Cyber Security and spends most of his free time doing freelance Penetration Tests and Vulnerability Assessments for numerous organizations.