This is a very good question! To take it one step further, would be base it on the number of hours we actually spend on the material or the amount of time the course says it will take? To me, most training qualifies for CPEs. If it's directly related to security then it would be a Type A, but if it isn't security related then it would be Type B, because most training is still some form of professional development. To be on the safe side I normally use the amount of time the course states it will take to complete and use either a certificate of completion if provided or maybe a screen shot showing it was completed as proof.
What do others think?
For security related courses completed on Udemy, can I get CPE for my CISSP ?
Also is it 1 CPE per 1 Udemy course?
The official answer can be found in the CPE handbook. To summarize, activities related to one or more of the domains for your certification, may be claimed at the rate of 1 CPE per hour you spend.
hours we actually spend or the amount of time the course says it will take?
That is between you and your conscience. Just don't claim more than you can defend if you are selected for audit.
a certificate of completion... as proof.
Absolutely. Keeping evidence to defend yourself is a good thing, whether CISSP related or not. This is why I write the check/confirmation number on bills as I pay them and is why we use a ticketing system for just about everything at work.
Well almost, I don't want you to cheat yourself! It would be 1 CPE per training hour, not course. So it the course says it's 3 hours you would get 3 CPEs. They now allow you up upload a document when you submit the CPEs so I would add the certificate of completion if you can.