I equate asking MemberServices for advise to asking a lawyer for legal advise. They can help you "learn" the rules and can offer friendly advise. However, in both cases, seeking advise does not guarantee that your case would win if it came to audit/trial.
Your best defense if to understand the rules, as published in the CPE handbook because ultimately it boils down to "use your best professional judgement" and "defending your actions to an auditor". Both of these activities should be well understood by CISSPs.
@denbesten, I believe there's a difference. A lawyer that one approaches for legal advice isn't necessarily representative of the entity related to the query. Since we're talking about (ISC)2 Support here, I'd assume their confirmation can be taken as that of (ISC)2.
No doubt its up to us to understand the rules, but we should also get the organisation's confirmation. In the event of an audit & an explanation about manual CPE addition, consider the following justifications :-
I can't guarantee that the 2nd explanation will be accepted, but it looks much better than the 1st. Of course, the 3rd is the best one.
To provide an example, sometime back I wanted to tour a city in a country offering a visa-on-arrival. A travel company handling my booking offered an itinerary that involved a transit at the capital's airport, where visas are provided at the immigration --- but the transit time was just 1 hour. I doubted the time would suffice, and expressed my concerns to the travel support person. He assured me that I could obtain the visa at my final stop, but I later found out this wasn't the case, and that I could potentially miss the connecting flight. When I asked the travel company to reschedule the booking to rectify this, they claimed it wasn't their responsibility, so I told them my booking was based on the advice of their own staff. They asked for proof, and once I sent them a chat transcript with the support person, they did an investigation, & then rescheduled my booking at their own cost.
@SamanthaO_isc2, please let us know if there is a preferred method to get a confirmation from (ISC)2 about the validity of CPEs in situations like this. Thanks.
@mcnj To confirm, members may submit CPEs for any legitimate training they complete. We ask that you use your best professional judgement when determining if the training is from a legitimate provider. You may submit 1 CPE per hour of attendance and round to the nearest quarter hour if it is not a full hour.
@amandavanceISC2 can a confirmation from firstname.lastname@example.org regarding CPE eligibility be relied on?
As in, if I have a doubt about the CPEs, take it to them and then obtain a go-ahead from them to add the CPEs, can I bank on this in the event of an audit? Or is there some alternate channel for this with (ISC)2?
Please clarify, coz I've always been getting their confirmation to supplement my own judgement when it comes to adding CPEs --- but if it's not of much use, I needn't continue doing that.
@Shannon Unfortunately, we can only tell you to use your best professional judgement. As long as the material is coming from a legitimate source and is either domain related (Group A) or professional development (Group B), you may submit the CPEs. In the case of an audit, you would just submit proof that you attended or viewed the CPE submission. If the CPE auditor feels this material is not domain related or professional development, they will let you know.