The Unexpected Burden of Multiple Certifications

Those who have been in any information technology profession for a few years or more are witness to the practice of professional certifications. They function as a badge of achievement as well as a badge of access to further professional opportunities.

Many IT professional certifications have continuing education requirements. Organizations such as ISACA, (ISC)2, IAPP, the PCI Security Standards Council, and others require certificate holders to adopt a continuous learning lifestyle through periodic training and other learning opportunities. These and other organizations require that certificate holders document their CPEs (continuing professional education) with the certification body; occasional audits of documented CPEs keep certification holders honest.

ISACA’s CPE policy requires that a certification holder complete 120 hours of training during a three-year certification cycle. This comes to 40 hours per year. ISACA requires a minimum of 20 hours per year, which encourages certification holders to maintain that learning lifestyle.

What may not be immediately clear is that this requirement is per certification.

I now hold four certifications from ISACA: CISA, CISM, CRISC, and CDPSE. Last week, as I was entering my 2020 CPEs into the ISACA system, the reality of one aspect of the CPE policy became exceedingly clear to me: when you have multiple certifications with a single entity like ISACA, each CPE hour is applied to only one certification. For me, this means that I must earn a minimum of 80 hours per year and 480 hours every three years for all four certifications. Keeping the CPE’s level every year means that I must earn a minimum of 160 CPEs, or one full month, of training annually, or over three hours of training every week. ISACA’s policy and its CPE portal do not permit the application of a CPE to more than one certification.

The result: I’m now laser-focused on all of the different training methods and opportunities, and on a weekly basis I identify those that help me to continue to advance my knowledge and skills.

I keep very crisp records of my CPEs. On my personal laptop computer, I have a worksheet that is open all the time where I enter every webinar, vendor demo, writing project, mentoring session, and other eligible activities. My records include the number of CPEs, as well as which certification each CPE will be credited to. I try hard to “front load” my learning each year in the event that life or work get in the way later in the year. And for those three-year certification cycles (which for me, thankfully, are spread out evenly), I try to front-load each certification with more than 40 hours for the first year of the three-year cycle, so that I don’t end up in a situation in the third year when I need to earn more than forty hours.

Fortunately, there is no shortage of online learning opportunities. I subscribe to email feeds from (ISC)2, ISACA, Dark Reading, Brighttalk, TechTarget, and others, so my inbox always has opportunities for me to choose from every week.

I applaud you if you aspire to earn more certifications, whether they are a badge of honor or a means of opening doors for professional growth.

Update: apparently ISACA will permit CPE hours for an activity to be applied to more than one certification, provided the activity qualifies for each certification in question. Read more here. Full link here:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.