I just got selected for random audit. Thought I would detail the experience so that others know how it works.
Immediately after clicking "submit" on a CPE, my CPE dashboard displayed the following alert:
I was also notified by an email from <firstname.lastname@example.org> entitled "(ISC)² CPE audit notification - Audit reference: ##########", which indicated that I could also respond to the audit notification via email.
My response was to click "Respond to Audit", enter a simple explanation of the CPE and attach a bit of evidence (in my case, a BrightTALK viewing certificate). The web site then reported it would be reviewed within 21 days.
A couple of important observations:
So far, over the life of my certification, I have been audited at a rate of about 2%. Anyone else pay attention to their audit frequency?
I had one of my first CPE submissions randomly audited in the first month after getting my CISSP, back in 2016. None since then. I wrote up an email explaining what I did, submitted it, and that seemed to satisfy them.
Pretty straight forward, but a little unnerving so soon out of the gate.
As I noted, that's been my experience as well. A couple of random audits after getting my certs, and after renewing them. None sense.
> Jerry (Newcomer I) posted a new reply in Certifications on 10-09-2019 05:39 PM
> I was absolutely thrilled when they allowed us to submit evidence for CPEs ahead
> of time. I always have more CPEs than I need, so the new process makes me feel
> better about it all. I do my part, they do their part.
I was always somewhat bemused by people who (way back in the day) got to the
end of the three year cycle and still needed 118 CPEs to fulfill. (I've been through
*many* changes of CPE rules and process.) My first year, having heard many
horror stories, I religiously submitted every credit I got. By the end of the year, I
had over 2,000 credits, and realized I didn't need to be quite so scrupulous.
While I try not to be a jerk about it, I find I rack up more then enough CPEs each year. I wind up explaining and pointing out to others in the local infosec community how to get CPEs so they don't have a problem. While I don't have a lot of certs, I kind of became the 'go to' guy to help explain them etc. I even did a presentation I've given at a few local events and part of that I explain how CPE works *AND* all the ways you can get CPEs, many being free or low cost. Seems like too many think they need to go to conferences and training to get them. And then complain because their work won't pay/let them go. Ok. But there are other ways to get them.