How to get CISM Certification

• Certified Information Systems Auditor (CISA) in good standing
• Certified Information Systems Security Professional (CISSP) in good standing
• Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

• One full year of information systems management experience
• One full year of general security management experience
• Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)

How do I demonstrate the required experience?

Documentation to submit:

• CISM Application form including experience or substitution/wavers details, filled and signed by the candidate.
• One CISM Experience Verification form for each experience, filled and signed by a verifier (i.e., supervisor, manager, colleague or client).
• Copy of degree or letter from university/collegue, or CIMA or ACCA certificate, if any of them applies.

Application templates are available to download in the “Get CISM certified” page of ISACA’s web, at the bottom of the page. You can fill it online using a PDF Viewer like Adobe Reader.

Data you need to enter:

• Applicant Details. Basic identification data (name, ISACA ID, contact details)
• Step 1. Pass Exam. Year when exam has been passed.
• Step 2. Report Work Experience.
  • Section A. CISM Job Practice Work Experience. Up to 4 experiences must be entered, including employee and date range. You must detail to which of the CISM Job Practice each experience corresponds; it must be linked to one at least.
  • Section B:  General Work Experience Wavers. Experience on general IS or audit work.
  • Section C: Education Experience Wavers. Studies that can be used as waivers..
  • Section D: Experience total. Sum of total years of experience.

Some of the documents need to be signed, so you may consider printing it in order to sign it..

If you have any printed document, you need to scan it as application is submitted online. Use common file formats (jpg, png, pdf).

How much cost to get CISM certification?

The quick answer is: US$1,000. (approx.). And this is assuming that you pass the exam the first time and preparation material does not get outdated.

Preparation material and exams prices are lower if you are an ISACA member.

Total costs when you are an ISACA member:

Professional Membership fee (annual): US$135.00
CISM Review Manual: US$109.00
CISM Review Questions, Answers & Explanations Manual: US$129.00
Exam fee: US$575.00
Application Processing Fee: $50
TOTAL: US$998.00

Total costs when you are not an ISACA member:

CISM Review Manual: US$139.00
CISM Review Questions, Answers & Explanations Manual: US$159.00
Exam fee: US$760.00
Application Processing Fee: US$50
TOTAL: US$1108.00

As a conclusion, if you get to complete the exam on the first year, it is worth to become an ISACA member just from an economic point of view. In any case, there are additional benefits of being an ISACA member.

Take into account that maintaining the certification imply further costs. This ISACA post details much of the related costs.

How do I pay CISM Application Processing fees?

You can buy CISM Application Processing Fees as an item that can be added to basket in this link.

Consider getting a receipt to attach it to application as a payment method.

How do I apply for CISM certification?

Use the form in this external link with these parameters:

1. Topic: Certifications & Certificate Programs
2. Category: Submit an application
3. Certification Type: CISM

You can attach multiple files. The attach files must contain, at least:

• CISM Application form
• One CISM Experience Verification form for each experience
• Copy of degree or letter from university/collegue, or CIMA or ACCA certificate, if any of them applies.
• Receipt of payment of CISM Application Processing Fees

How long does it take to get certification after application?

After receiving the application, a confirmation notification is sent via e-mail after 2-3 weeks. In my case, it took almost 5 weeks.
The subsequent certification packet (including CISM certificate and pin) is sent via postal mail after 4-8 weeks. In my case, it took 5 weeks after confirmation notification.

What happens if I fail the exam?

You can retake it after waiting some days. You can do the exam up to 4 times per year. Read this post about retakes.

I have not read anything of reduced exam fees for retaking the exam, so exam fees will probably cost the same.

What is the validaty of CISM Certification?

Continuing Professional Education (CPE) policy determines that certain CPE hours must be completed and reported in a periodical basis to keep CISM Certification

CISA Certification is revoked if:

1. CPE’s are not completed or reported annually
2. Standards or codes are not followed.
3. Membership fee is not paid

Requirements regarding CPE hours:

• Earn and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISM’s knowledge or ability to perform CISM-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
• Earn and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting cycle period.

How do I maintain CISM Certification? How much does it cost?

Getting a certification and maintaining it are topics completely different.

Please check this post about how to maintain CISA Certification, that applies also to CISM.