Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Contributor II

Continuing to add CPE's after reaching the required amount?

Is there any reason, or advantage, to continue requesting CPE's once we've met the required 120?

11 Replies
Community Champion

If you are nearing the end of your 3 years cycle them some CPEs will roll over into the next cycle.



Defender I

@Budoka wrote:

Is there any reason, or advantage, to continue requesting CPE's once we've met the required 120?


It les you keep better record of how much you are actually doing to stay current  in your field, particularly important for annual review on your job, as well as for yourself.

Reviewing the full list can help you identify areas you are repeating too much, and other areas you need to increase your focus.

Also, as pointed out, excess accumulated in the end of your cycle carries over to the new three year period.


I have for years tended to end my cycle with two to three times the required 120 CPE, almost all Type A.




D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts
Advocate II

It used to be that only CPEs from the last 6 months of the certification cycle rolled over into the next cycle.  It's useful to have a head start on the next cycle, so I wouldn't hold off doing extra CPEs just because you reach the 120 figure.  I typically start the next cycle with 10+ CPEs gained from the previous cycle.


Community Champion

Yes, because life happens. You might think you are going to be able to keep earning CPE's on your normal schedule and then a pandemic hits, or your family gets sick, or you change jobs. Having a cushion to fall back on can help make the CPE acquisition less stressful.

Influencer II

> Budoka (Newcomer II) posted a new topic in CPE Opportunities on 10-25-2020 08:37 PM in the (ISC)² Community :

> Is there any reason, or advantage, to continue requesting CPE's once we've met the required 120?

Sorry, as a proponent of life-long learning, I don't even understand what would
prompt you to ask such a question.

I mean, simply in terms of CPE credits and credential maintenance, there is the
rollover provision, but that's not the point. Forget the [pr0n filter] CPE credits
and credential maintenance. If you are involved in security, take every
opportunity to learn something. Heck, if you are involved in dishwashing, take
every opportunity to learn something.

Sorry, that's just my immediate reaction. Going back and re-reading your question
more carefully, I realize that there is a point to it. Given the fight that everyone
seems to have to go through to get some CPE registered after they've taken a
course, the answer is, of course, a resounding *NO*!

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm


Other posts:

This message may or may not be governed by the terms of or
Community Champion

Despite how it may look in my most recent post prior to this one, I take the view that beyond the CPEs that you can rollover (see the CPE handbook for the specifics on that) there is no benefit to registering more than the CPEs you need.


By all means, continue to advance your knowledge, capabilities and skills, but once you've fulfilled the CPE requirements, there is no reason to keep registering CPEs until the next cycle.


While it may well be prudent to have a buffer just in case any CPEs are deleted under audit if you think any may be questionable, I would question why you would enter them in the first place if that is the case?


As this weekend's maintenance issues have shown, it's very important to keep your own records, so I don't see using the CPE portal for record keeping purposes as a benefit, as my own records are more detailed and therefore more useful for any analysis purposes.


The only reason I have so many CPEs registered is due to how my 3 different CPE cycles are staggered. Also, given that the CPEs I have earned are applicable to all of my certs, if I have to apply CPEs against a cert due to needing to fulfil the CPE requirements, I might as well apply them to all the certs even if their requirements have already been fulfilled - the CPE portal does make it very easy to do that.


Additionally, many of my CPEs are auto-submitted for me and when that's the case they are just applied to all certs seemingly by default.


This is much less of an issue now since the last CPE portal redesign - taking the weekend's maintenance issues out of the equation - but as has already been pointed out, the frustrations of dealing with faulty submission systems alone used to deter me from submitting CPEs after I had fulfilled the requirements.


Fundamentally, why bother making unnecessary work for yourself?


Contributor II

You misunderstood my question or I didn't frame it correctly. I am constantly involved in professional activities that would generate CPE's. I have been a member less than 3 months and am already way over the requisite 120 required to maintain the certification. What I was trying to ask is should I continue to submit my activities for CPE's to the ISC2 portal. Nothing I submit between now and 6 months before my membership is up for renewal does me any good, as far as the portal goes, if I understand the previous comments. Correct?

Advocate II

Yes you're correct in a technical sense.  It's probably worth submitting some periodically anyway so you don't fall out of the habit.

Community Champion

For me, documenting CPE's is about documentation and cadence.  


Like you, I do many things that earn me CPE's.  My process is to document them as soon as I can in the (ISC)2 portal.  


I used to serve on two security related Board of Directors (BoD), now just one.  Just one of those can earn me 40 hours a year and trust me that this BoD earns their CPE's.  

One could just stop there but CPE's are good for reviewing past engagements.  Sometimes I wonder when I presented at Women in Cybersecurity or BSides San Antonio and what was the topic.  My CPE's are a running list of my engagement with the community.  


This is not a new thing for me.  I have documentation of every test taken and certification earned since May of 1994.