Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Contributor II

Governance Question for the (ISC)2 Board (Business Practices) and (ISC)2 Management (Programmes)

So I'm just reviewing my CPEs for end of year, and I see an entry for 5 Type B CPEs which has been added by (ISC)2 on my behalf for filling out a JTA survey for the Entry Level Certification. 

Now my understanding of "Continuous Professional Education" tallies fairly well with the content of the CPE Handbook: Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the
domains associated with the respective certifications.


What I don't completely understand is how filling out a survey (relating to cybersecurity roles):

  1. is classified to be outside of the domains associated with my respective certifications (there are many crossovers in my certs to Security Principles; Business Continuity (BC), Disaster Recovery (DR) and Incident Response Concepts; Access Controls Concepts; Network Security; Security Operations)
  2. enhances (in any way) my overall professional skills, education, knowledge, or competency

As memory serves me our ANSI/ISO/IEC Standard 17024 accreditation imposes rigorous criteria for issuing CPEs. Primary amongst them is the requirement for professional education/development.

I know that handing out CPEs for non-educational activities came up before the Board in the past and they were advised that issuing/awarding CPEs could NOT be used as an enticement for members to engage in non-educational/developmental activities (e.g. GISWS). @dcontesti or @GJackson may correct me here if I'm mistaken.


I have serious concerns that the activity of filling out a JTA survey can be shoehorned into type "Exam Item Writing Workshop" (which I find hilarious, as I appear to be blacklisted by (ISC)2 management from that particular activity). 


Can someone please let me know what has changed, or have the ISO auditors just not been looking under the hood?


P.S. Interestingly I see on page 12 of that (ISC)2 JTA Surveys can be used to attract Group A CPE credits (not B) 

7 Replies
Community Champion

As quick reply to this question.  I have never seen or heard of CPEs being issued as Group B they were always when approved by the Board Group A as they were considered to be promoting or furthering the profession.


So I would ask, why if this unnamed cert that there are so few details about (are these folks members, do they pay AMF, do they need to collect CPEs, can they vote in the election?, if they are members, can they run for the board, etc.) and is supposed to benefit the industry (read profession) then why would completing the JTA not count as Group A credits unless there is some gate to be yet passed that the cert may never be a reality.


This year started on a positive note for the organization with SOME transparency with Clar Russo (CEO) and Zach Tudor (Board Chair), providing some updates............HOWEVER as the year has come to pass those sessions went by the wayside and now we find out that in fact, some things were simply glossed over to quell the members who were asking for transparency.


@TrickyDicky  I took the JTA for the "New Cert" and did not receive either Group A or Group B credits so you are lucky.


Years ago all changes to a cert needed to be reviewed and approved by the Board as the BOARD owns certifications and not management.  In the beginning there was a committee that was comprised of members of the organization who vetted changes and then made recommendations to the board.  This was changed later by ANSI (as they stated the board were the responsible body for all changes, hence a committee was set to handle this).  I would ask when this has changed. @GJackson 


CPEs are a way that management uses to get folks to take surveys or such.  After taking a survey that took no more than five minutes to complete, I have an issue with any CPEs being issued for this JTA.  Especially this one, there was no educational basis for this survey for members, just like attending a workshop for this event should not be given any CPEs.  Others will argue this is promoting the profession but I personally do not see it that way. 


I totally agree that this is a misuse of CPES and feel that ANSI may not be looking hard enough, this activity is NOT educational in any form as it does nothing to improve my skills (personal or in Information Security), it does however assist management in justifying this certification.


I believe this item should be reviewed by the Business Practices committee (which last time I checked was still a Board Committee) and determine whether this lies within ANSI guidelines and the Articles of Incorporation (State of Mass) and that the organization is functioning according to both sets. @LoriRossONeil 


my nickel Canadian




Contributor II

@dcontesti   > "I took the JTA for the "New Cert" and did not receive either Group A or Group B credits so you are lucky."


Entry Level JTA Survey CPEs.jpg

I was actually looking for the button to delete these CPEs, as I don't consider that I've earned/learned anything from this activity (but I can't because they've been added to my profile by (ISC)2 rather than me). I don't consider it ethical to count these towards my yearly/credential educational requirement.


How is it that I've been awarded them, and you haven't? Doesn't sound equitable. 

Maybe Dr. Casey Marks (Chief Qualifications Officer) could answer the question, but I don't see his name listed anywhere in this community.




Community Champion

The trick for declining CPEs with no "delete" button is to have member services delete them on your behalf.  


Nothing wrong with prioritizing personal ethics.  I too would have difficulties accepting 5 CPEs for 5 minutes work (rendering the more substantial questions moot). This is highly related to why I tend to graciously decline vendor chum. 


That said, following Hanlon's razor I tend to attribute the on-your-behalf inconsistency more to janky automation than inequity.

Community Manager

Hi everyone, 


Thanks for linking me to your post. I reached out to our exams team for answers about JTAs, CPEs and ISO 17024 as it relates to the certification scheme.  


For a member and certification holder, participation in an entry-level JTA survey is an appropriate general professional development activity which is designed to enhance overall professional knowledge outside of the domains (associated with the respective certification(s) of the holder). If you ever feel your CPE credits are listed incorrectly, you may contact Member Services to review your account.


Regarding ISO 17024, requirements regarding recertification are scheme related established by the certification body. As such, they are not prescribed by the standard itself.  To answer @dcontesti question, I can confirm that the standard for changes to certifications follow the required processes.  


I hope this helps clarify.


Kind regards,



Community Champion

@TrickyDicky @GJackson 


Graham, Thanks for the reply, however the question is more around the fact that these CPEs were Bs and not As.


From the (ISC)2 website:

Group A Credits: Domain-Related Activities

Group A credits relate directly to the cyber security profession. Generally, this consists of activities in the areas covered by the specific domains of the respective credential.

Group B Credits: Professional Development/Knowledge Sharing

Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the domains associated with the respective certifications. These generally include professional development programs, such as management courses. While these do not apply directly to the domains, (ISC)² recognizes these skills are vital in the growth of all professionals and their credentials.


If this certification is truly to advance the Security Profession, then the CPEs should be As.  This activity did not or does not enhance my professional skills.


My personal issue with this is that the survey took no more than 15 minutes to complete (maybe someone could have stretched it to a half hour), yet the organization has provided 5 CPEs (which according to everything that I have read equals 5 HOURS ).  If I spend time writing blogs, articles, etc., I may only claim 1 CPE per HOUR up to a maximum of 5.


I would still ask that Business Practices review management's use of CPEs as a carrot to entice folks to answer surveys this seems to be a blatant misuse. 






Contributor II

@GJackson as advised, I've contacted Member Services to delete these CPEs. I've no desire to be awarded credit for the equivalent of 5 hours of professional education by filling out a 15min survey that does nothing to either enhance my knowledge and experience, or benefits the profession in any way. 

Newcomer III

I have just completed 3 JTA surveys (Security Architecture, Security Management, and Security engineering) and was about to ask under what CPD do these appear but also, as I already have more CPE's than I need over the next 3 years, are these still credited to my account?  was your enquiry answered?