Hello,
I am preparing to audit our internal processes for ISO 27001 compliance. I have not seen anything directly stating that I can claim the time spent as a class A CPEs and what supporting documents I can supply. Has anyone else claimed for this or believes that this would be accepted?
Regards.
I guess it depends if this is part of your normal work duties?
If it is then it wouldn't be eligible for CPEs.
If you don't normally carry out ISO 27001 audits then it could qualify under "Performing a unique work-related project that is not a part of your normal work duties."
Although, if this is something you don't normally do, that raises a number of other questions in my mind!
https://www.isc2.org/-/media/ISC2/Certifications/CPE/CPE---Handbook-Digital-V2.ashx
Group A credits relate directly to activities in the areas covered by the specific domains of the respective credential.
Some examples are shown below:
• Reading a magazine, book or whitepaper.
• Publishing a book, whitepaper or article.
• Attending a conference, educational course, seminar or presentation.
• Preparing for a presentation or teaching information related to information security.
• Performing a unique work-related project that is not a part of your normal work duties.
• Self-study related to research for a project or preparing for a certification examination.
• Volunteering for government, public sector, and other charitable organizations.
• Taking a higher academic course.
I think you could argue this either way.
In my opinion it should count, as at the time you did the prep work it wasn't part of your normal duties, so you should be able to claim for the prep work.
In terms of explaining it, I think you've done that pretty well already!
In terms of the evidence, I presume you have some artefacts which resulted from the prep work? Maybe some screenshots of a working folder which shows any documents you've created with titles and timestamps might work?
Although, when you have some doubts about CPEs you are submitting, it makes sense to ensure you have enough CPEs from other activities to cover your CPE requirements should you be audited and have those uncertain CPEs denied, which potentially might negate the point of submitting them in the first place.