cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
denbesten
Community Champion

CPE Audit Process

I just got selected for random audit.  Thought I would detail the experience so that others know how it works.  

 

Immediately after clicking "submit" on a CPE, my CPE dashboard displayed the following alert:

 

2019-09-05 14_51_46-Home.png

I was also notified by an email from <membersupport@isc2.org> entitled "(ISC)² CPE audit notification - Audit reference: ##########", which indicated that I could also respond to the audit notification via email.

 

My response was to click "Respond to Audit", enter a simple explanation of the CPE and attach a bit of evidence (in my case, a BrightTALK viewing certificate).  The web site then reported it would be reviewed within 21 days.

 

A couple of important observations:

  1. The entire process was less stressful because I am in the habit of collecting and stashing audit evidence as I enter each CPE.  
  2. If the CPE dashboard has a yellow "Pending CPEs" notice, that means that you have not completed submitting a CPE.  It is not the same thing as an audit.  Audits show up in red.
  3. I also received an email alerting me to the audit.  It was sent to my "primary email on file".
  4. Even after responding, the alert remained on my dashboard until my audit was complete.  Unfortunately, the alert does not change to indicate that I have responded to the audit, nor does it link to a member-visible issue-tracking page.

 

So far, over the life of my certification, I have been audited at a rate of about 2%.  Anyone else pay attention to their audit frequency?

 

 

Tags (1)
12 Replies
emb021
Contributor III


@Jesse_Mundis wrote:

I had one of my first CPE submissions randomly audited in the first month after getting my CISSP, back in 2016. None since then. I wrote up an email explaining what I did, submitted it, and that seemed to satisfy them.

 

Pretty straight forward, but a little unnerving so soon out of the gate.


As I noted, that's been my experience as well.  A couple of random audits after getting my certs, and after renewing them.  None sense.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow
rslade
Influencer II

> Jerry (Newcomer I) posted a new reply in Certifications on 10-09-2019 05:39 PM

> I was absolutely thrilled when they allowed us to submit evidence for CPEs ahead
> of time.  I always have more CPEs than I need, so the new process makes me feel
> better about it all.  I do my part, they do their part.

I was always somewhat bemused by people who (way back in the day) got to the
end of the three year cycle and still needed 118 CPEs to fulfill. (I've been through
*many* changes of CPE rules and process.) My first year, having heard many
horror stories, I religiously submitted every credit I got. By the end of the year, I
had over 2,000 credits, and realized I didn't need to be quite so scrupulous.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The presence of those seeking the truth is infinitely to be
preferred to those who think they've found it.
- `Monstrous Regiment,' Terry Pratchett
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
emb021
Contributor III


@rslade wrote:
> Jerry (Newcomer I) posted a new reply in Certifications on 10-09-2019 05:39 PM

> I was absolutely thrilled when they allowed us to submit evidence for CPEs ahead
> of time.  I always have more CPEs than I need, so the new process makes me feel
> better about it all.  I do my part, they do their part.

I was always somewhat bemused by people who (way back in the day) got to the
end of the three year cycle and still needed 118 CPEs to fulfill. (I've been through
*many* changes of CPE rules and process.) My first year, having heard many
horror stories, I religiously submitted every credit I got. By the end of the year, I
had over 2,000 credits, and realized I didn't need to be quite so scrupulous.


Agree.

While I try not to be a jerk about it, I find I rack up more then enough CPEs each year. I wind up explaining and pointing out to others in the local infosec community how to get CPEs so they don't have a problem.  While I don't have a lot of certs, I  kind of became the 'go to' guy to help explain them etc.  I even did a presentation I've given at a few local events and part of that I explain how CPE works *AND* all the ways you can get CPEs, many being free or low cost.  Seems like too many think they need to go to conferences and training to get them.  And then complain because their work won't pay/let them go.  Ok.  But there are other ways to get them.

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow