Here is a link to the updated CPE Handbook if that is helpful for you: https://www.isc2.org/-/media/ISC2/Certifications/CPE/CPE---Handbook.ashx
Thanks, Andrea-- unfortunately, it doesn't explain what to do for the particular examples I used.
From the handbook: "We suggest you retain proof of your CPE credit activities in the event that your submission is audited. It is good practice to retain proof of credits earned for at least 12 months after your current certification cycle expires.Proof of CPE credits earned may be in the form of course transcripts, awarded diplomas, certificates or receipts of attendance, research/prep notes for speaking or teaching, copies of official meeting minutes, or rosters or documentation of registration materials."
So I'm still not sure what kind of documentation can be presented if I listened to a podcast, or did some self-study (sans notes).
@Ben_Malisow Good morning Ben! If a member submits a CPE for listening to a podcast and that CPE is audited, the member can submit a screenshot of the viewing history section of the podcast app. Worst case scenario, if there is no physical proof, we will accept a summary of the activity (what it was about, what you learned), that is at least 5 sentences.
Thanks, Amanda! I realize that (as I posted in this comment thread, earlier on Thursday: "The guidance suggests that maybe you have to write a report on what you learned from the content...but that seems more for books than podcasts.")...but, at my age, remembering five sentences about a podcast I listened to a year ago, especially if I have listened to 50 episodes of that podcast over the course of a year, is gonna be tricky.
Who am I kidding? Writing five sentences about a podcast I listened to five minutes ago is gonna be tricky!
I like the idea of an app screenshot, though. That might work. Thanks again!
In addition to jotting down what I took from the InfoSec books I purchased I also kept the receipts. If you gone out and purchased a book paying maybe £35, read it and made a summary of it then generally auditors would accept that. You just need to keep the records.
Thanks, Steve...but wouldn't the book be just as much evidence of having the book as a receipt? I can snap a selfie of me holding a book in two seconds, if need be.
I think I understand the intent of the rules, though; having the book is not evidence of reading the book; the rules are intended to get the member to demonstrate that the member participated in the learning process. So the book report/digest (and the written summary for, say, a podcast/webinar) is meant to reflect that. I'm just wondering if there might be a more optimum way to make that happen (optimized, that is, for the member, in terms of ease of use).
@Ben_Malisow I use security podcasts as my primary source of CPEs and the iTunes app keeps track of the "last played" date/time for me - I submit that screenshot with the CPEs (both ISC2 and EC-Council seem to be happy with that).
As for audits, I believe that the best way to deal with them is to have enough CPEs early enough in the cycle that I don't have to respond to audits. Since I (normally) have a long commute, I get enough 3-year CPEs in the first year just from podcasts; so for me, I just ignore audits - having to remember enough about what was in a long-ago podcast to write about it is much more work than just submitting the screenshot of another set of podcasts.
There do seem to be a number of questions about CPEs. I find that the easiest way if you're getting behind the curve is to start work an hour earlier and join a webinar in that hour. If you can discipline yourself to do that for a couple of weeks you'll have a quarter the CPE requirement for a year. Personally, I find webinars a little dull compared to face to face events, but with the current pandemic real events have largely become virtual in 2020.