Before asking a question in the forum on what counts as a CPE, whether a specific activity can count as CPE, or how many you need, PLEASE read the current 2020 edition of the CPE Handbook to start your effort. We all need to know the information in the handbook to maintain our certifications.
If you still need help for your question, start a new thread in CPE Opportunities (not a reply to this one) [edited 8/29/20 to change to new Forum area on CPE] , use an informative Subject that will let staff and members know your problem, and cite the section or paragraph in the handbook that is confusing you. [Edited 4/6/2020 to add this paragraph]
If you are unsure what documents you need support a CPE submission, either initially or in audit, check the handbook first. If you do not see clear guidance there, then ask yourself what you would accept if you were performing a due process audit of someone else's claim for that activity or event. [Edited 4/18/2020 to add this paragraph]
(Obviously, problems with the CPE reporting site do not fall under the handbook.)
Thanks to William @denbesten and Diana @dcontesti for spotting the announcement from Kaity @Kaity in the middle of another thread, and thanks to Kaity for pointing out the new edition there.
Kaity, please pin this new thread to the top of the Member Support.
<Rant> If a certified security professional is unable or unwilling to read the handbook to manage a career in the field, I question that individual's ability to understand and use the many technical and regulatory documents we all must use to do our jobs. Translation: Asking here before reading the rules makes me question whether I would recommend or hire that person.<Rant OFF>
Here is a link to the updated CPE Handbook if that is helpful for you: https://www.isc2.org/-/media/ISC2/Certifications/CPE/CPE---Handbook.ashx
Thanks, Andrea-- unfortunately, it doesn't explain what to do for the particular examples I used.
From the handbook: "We suggest you retain proof of your CPE credit activities in the event that your submission is audited. It is good practice to retain proof of credits earned for at least 12 months after your current certification cycle expires.Proof of CPE credits earned may be in the form of course transcripts, awarded diplomas, certificates or receipts of attendance, research/prep notes for speaking or teaching, copies of official meeting minutes, or rosters or documentation of registration materials."
So I'm still not sure what kind of documentation can be presented if I listened to a podcast, or did some self-study (sans notes).
@Ben_Malisow Good morning Ben! If a member submits a CPE for listening to a podcast and that CPE is audited, the member can submit a screenshot of the viewing history section of the podcast app. Worst case scenario, if there is no physical proof, we will accept a summary of the activity (what it was about, what you learned), that is at least 5 sentences.
Thanks, Amanda! I realize that (as I posted in this comment thread, earlier on Thursday: "The guidance suggests that maybe you have to write a report on what you learned from the content...but that seems more for books than podcasts.")...but, at my age, remembering five sentences about a podcast I listened to a year ago, especially if I have listened to 50 episodes of that podcast over the course of a year, is gonna be tricky.
Who am I kidding? Writing five sentences about a podcast I listened to five minutes ago is gonna be tricky!
I like the idea of an app screenshot, though. That might work. Thanks again!
In addition to jotting down what I took from the InfoSec books I purchased I also kept the receipts. If you gone out and purchased a book paying maybe £35, read it and made a summary of it then generally auditors would accept that. You just need to keep the records.
Thanks, Steve...but wouldn't the book be just as much evidence of having the book as a receipt? I can snap a selfie of me holding a book in two seconds, if need be.
I think I understand the intent of the rules, though; having the book is not evidence of reading the book; the rules are intended to get the member to demonstrate that the member participated in the learning process. So the book report/digest (and the written summary for, say, a podcast/webinar) is meant to reflect that. I'm just wondering if there might be a more optimum way to make that happen (optimized, that is, for the member, in terms of ease of use).
@Ben_Malisow I use security podcasts as my primary source of CPEs and the iTunes app keeps track of the "last played" date/time for me - I submit that screenshot with the CPEs (both ISC2 and EC-Council seem to be happy with that).
As for audits, I believe that the best way to deal with them is to have enough CPEs early enough in the cycle that I don't have to respond to audits. Since I (normally) have a long commute, I get enough 3-year CPEs in the first year just from podcasts; so for me, I just ignore audits - having to remember enough about what was in a long-ago podcast to write about it is much more work than just submitting the screenshot of another set of podcasts.
There do seem to be a number of questions about CPEs. I find that the easiest way if you're getting behind the curve is to start work an hour earlier and join a webinar in that hour. If you can discipline yourself to do that for a couple of weeks you'll have a quarter the CPE requirement for a year. Personally, I find webinars a little dull compared to face to face events, but with the current pandemic real events have largely become virtual in 2020.