How to maintain CISA Certification

Information Systems Audit and Control Association (ISACA) is an association of professionals for auditing and ensuring IT security on IT systems.

There are different certifications issued by professional association ISACA.

These certification has a limited validity period that, nevertheless, can be extended. This post summarizes ways to maintain and renew ISACA certifications, with a focus on CISA (Certified in Information System Auditor).

The information may apply to all these ISACA certificates:

  • CISA
  • CISM
  • CSX-P
  • ITCA
  • CET

If you are looking about how to get the CISA certification or prepare the CISA exam, check the corresponding articles on the previous links.

Frequently Asked Questions (FAQs)

Certification Validity

What is the validity period of CISA Certification?

Continuing Professional Education (CPE) policy determines that certain CPE hours must be completed and reported in a periodical basis to keep CISA Certification.

CISA Certification is revoked if:

  1. CPE’s are not completed or reported annually
  2. ISACA’s IT audit Standards or Code of Professional Ethics are not followed.
  3. Annual membership fee is not paid
  4. If selected for the annual audit, required documentation of CPE activities are not submitted

Requirements regarding CPE hours:

  • Earn and report an annual minimum of 20 CPE hours. These hours must be appropriate to the currency or advancement of the CISA’s knowledge or ability to perform CISA-related tasks.
  • Earn and report a minimum of 120 CPE hours for a three-year reporting cycle period.

The CPE reporting and renewal payent due date is the end of each calendar year (i.e., 31 December of each year).

Nevertheless, there is a grace period that lasts until 28 February of the following year. This grace period is for making payment and reporting CPE, not to earn CPE. You can get more information about the grace period on this external link.

ISACA Cert.Annual CPE hours3-year CPE hoursComments
8CET20120Of the 20 annually required CPE hours, a minimum of 10 hours must be attained by participating in skills-based training/labs
Total examen451332

Continuing Education Requirements

Do I need to apply CPE hours the first year I get a certification?

No, you do not need to apply CPE hours on the first year you get a certification.

If you earn CPE hours on a year you do not need to use them, you can keep them and apply them the year you need them.

How do I earn CPE hours?

Ways to get CPE hours:

  1. Getting free CPE available to ISACA members. Some “free” CPE implies working for ISACA.
  2. Attending ISACA’s webinars and virtual conferences
  3. Attending ISACA’s training courses
  4. Participate and volunteer with ISACA, what may include becoming an Exam Item Writer
  5. Attend a conference
  6. Complete Journal Quizzes
  7. Mentoring
  8. Perform online training
  9. Pass ISACA’s certificate or certifications exams

You can find more information in the official web about how to earn CPE hours.

More information about how to maintain CISA certification on this link.

Examples of CPE hours

CISM exam pass: 8 CPE hours

CISA exam pass: 8 CPE hours

CSX-F examp pass: 4 CPE hours

Attending a 3-hour ISACA local chapter webinar: 3 CPE hours

I have many ISACA Certifications. Do I need to get CPEs separately for each of them?

As stated in the CPE Policies, the use of CPE hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.

When you hold multiple ISACA certificate, when you submit a CPE you need to specify how many hours you assign to each certificate. So in case you have more that an ISACA Certfication (e.g., CISA, CISM, CRISP, etc.), you can apply zero CPEs to a certificate and a different amount to other CPEs.

The best approach would be to find CPE that apply to all or most certificates; in this case, you will not need an extra effort to maintain your certificates.

How do I check or report CPE hours?

To check your registered CPE hours, go to “MyISACA” > “Report and Manage CPE“.

There are two types of CPE:

  1. CPE Earned through ISACA
  2. CPE Earned through other vendors

CPE hours earned through ISACA (e.g., local chapter webinars, ISACA certifications, etc.) are automatically registered on your profile with the status “Unapplied CPE Earned through ISACA” and listed in this category in “Report and Manage CPE”. Click on “Apply” to apply them to the current year.

The ISACA CPE records you obtained can be found and their certificates downloaded in “MyISACA”> “CPE Certifcates“.

If the ISACA event was organized by your local chapters, CPE certificate may have been received by e-mail.

CPE earned through non-ISACA vendors require a different process. On the “Report and Manage CPE” screen, click on “Add new CPE record to current cycle”.

You can find more information in the official web about how to report CPE hours.

How do I know if a non-ISACA education can be posted as CPE, and to how many hours correspond?

Check section “Calculating CPE Hours” in CPE Policies.


What is the cost of maintaining CISA certification?

If you are a student and get all CPEs for free, you could maintain ISACA certifications with $25/year. But in most cases, maintaining an ISACA certification will cost you probably hundreds of dollars per year.

The costs of maintaining an ISACA certification depends on the following concepts:

  1. ISACA membership annual fee
  2. Cost of CPE obtained

As owning a CISA certification requires to be an ISACA member, you need to pay an annual membership fee. The standard annual fee was of $135 in 2021, though there were reduced rates for recent graduates ($68) and students ($25). You may need to apply an additional fee for your local chapter; for example, standard Madrid chapter renewal fee was $70 in 2021.

Also, fees vary depending on whether you are an ISACA member or not, and being a member implies an annual fee.

CPE costs are variable. Take into account that you need to pay to get some CPEs (in the concept course fees, etc.), while others are for free (free webinars imparted by local chapters, ISACA voluteering, etc.). So the final cost of each CPE depends on how did you get CPE hours.

This ISACA post details much of the related costs.

Invoicing and Payment

How do I get a pro forma invoice for my company?

You may need to have an invoice issued to your company in order to proceed for the payment.

If it is the case, first update business data on ISACA profile. To do so, login at > My ISACA Profile.

Please ensure this info is updated:

  • MyIsaca > My Isaca Profile > Professional Info > Contact Company Name: Name that will appear in the invoice. You may use this field to inform for both the Company Name and VAT ID.
  • MyIsaca > My Isaca Profile > Contact Information > Business Street: Address that will appear in the invoice.

Then you can download the invoice. To do so, login at > Certifications > “View invoice” button.

Then select all invoices, and click on “Download” icon. One different pro forma invoice will be generated for each concept.

How do I get the bank details from ISACA to pay an invoice by wire transfer?

You can either pay the invoice with credit card or wire transfer.

If you pay by credit card, things will be much easier and not immediate, but sometimes this possibility does not exist, for example when a company is paying the certificate.

To get the bankd details from ISACA to make the wire transfer, you can open a ticket to request it by logging in to ISACA web and then browsing to Support >> Submit a Request > “Submit” button.

When fulfilling the form, select “Type” = “Membership” and “Case Reason” = “Payment, billing”.

How do I claim a renewal already paid but not updated?

It may happen that your company or you make a wire transfer to ISACA for an invoice but the renewal is not updated on your myISACA profile.

If that happens, you can open a ticket by logging in to ISACA web and then browsing to Support >> Submit a Request > “Submit” button.

When fulfilling the form, select “Type” = “Membership” and “Case Reason” = “Payment, billing” or “Renewal”.

Please ensure you attach the proof of payment from the bank and the invoice you have paid.

Certification Revocation

What if I no longer work on the certification field?

It may happen that you no longer work on the certification field either because you changed your career path, stopped working or retired. In these cases, if you want to avoid revocation you can apply for the corresponding special status for each ISACA certification you won:

  • Retired CISA Status
  • Nonpracticing CISA Status

Nevertheless, you need to keep paying the annual membership fee to keep this status.

You need to submit the corresponding retired or nonpracticing form before 15 January.

For additional details, check this link, contact the certification department via telephone at +1.847.660.5660, via fax at +1.847.253.1755 or via e-mail at

What can I do if my certification has been revoked and I want to recover it?

If your certification has been revoked, there is a certification reinstatement process. The reinstatement fee is US$50.

For additional details, check this link and go to section “Revoked status”.

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *