@emb021   I have always kept a soft copy and hard copy of my documentation for anything submit.  I have never done anything that required me to write anything up.  I do read books and magazines but never submitted a writeup for continuing education.  I keep my documentation and only submit it if an item is flagged for audit.  

---

@nkeaton wrote:

I keep my documentation and only submit it if an item is flagged for audit.  

---

There is an advantage to proactively uploading evidence.  The few times I have been flagged for audit, the auditor was able to complete their work with absolutely no involvement from me.  All I got was a notice of audit followed a few days later by a notification of positive outcome.

---

@Until_then wrote:  

In the past, I think the 250 word description was mandatory. ... for reading books/magazines.

---

The written rule has changed a bit over the years.  The 2015 CPE handbook (10 years old) had the following:

Reading cyber security book/magazine – Group A only
Members can earn five CPE credits for each category: limited to one book per cycle year for five CPE credits; limited to one paid information security magazine subscription per cycle year for five CPE credits.
Members are required to upload a brief summary (approx. 150 words) of their learning experience from a security book they read in order to receive CPE credits.

The 2024 CPE handbook (current) has the following:

Education (Group A)
...
Max CPE credits
5 per book
5 per magazine
1 per paper
Supporting documentation accepted in the event of an audit: course transcripts, awarded diplomas,
certificates or receipts of attendance, copies of official meeting minutes, or rosters/documentation of
registration materials.
If you do not have the proof of completion as listed above, please provide a brief description of no more than
250 words about what you learned and a certificate or letter of attendance.

That said, I do not think the intent has changed. I consider this more of an editorial simplification.  Historically, documentation was enumerated for individual education activities.  Now, it is enumerated for education as a whole.  The end effect is unchanged given that "book, magazine, whitepaper" inherently does not have any of the other supporting documentation.

I am able to reach my annual requirement without any "book/magazine/whitepaper" CPEs, so I wholesale avoid the category (the ISC2 quiz being the exception).  I figure the extra callouts are a clue that the category raises audit-flags.

@emb021   After years of a kludgy and slapped together continuing education program from CompTIA (even have to zip the files and none over 1MB), when ISC2 came up with the ability to submit documentation a few years ago, I decided not to take advantage of that and keep my own records as I always have.  First there is zero reason to clog ISC2's servers with that documentation when it is not needed.  I have been audited maybe 5 or 6 times since 2013.  It is very easy to take my documentation and submit it.  So I would do it however feels comfortable to you.  I am fine with this way, and my CPEs would take up way too much room on their servers for zero reason.  So I am glad that it is optional.  My records are complete if ISC2 ever does want them.  I definitely will not be reviewing any books or articles.  I do want to write an article but not for CPEs.  I would have already but don't need the red tape of dealing with corporate communications.