Auditied by the (ISC)2

JDMurrayJDMurray Admin Posts: 13,092 Admin
Not audited for a certification, but for submitting CPEs.

I just submitted my very first two CPEs for my new CISSP certification and promptly received an email from auditor@isc2.org indicating that my CPE submission was being audited, and that I needed to send documented proof of its validity. I scanned my CPE receipt to a PDF file and emailed it in with an explanation of what it was. I should hear back about it in 2-3 weeks.

I had previously submitted over 80 CPEs for my SSCP cert and never received an audit, so this may be a new thing. The audit email appears to be randomly and automatically generated. I can't see how submitting two CPEs for a monthly ISSA meeting that I have been attending for the past three years could be regarded as suspicious.

Anyway, this is a heads-up to you (ISC)2 cert holders that any CPEs you submit on the (ISC)2 Web site could result in you getting the same audit, so always collect some evidence of your CPEs that can be faxed or emailed to the (ISC)2 in case this happens to you.

Comments

  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Here's the CPE audit email that I received:
    (ISC)2 randomly audits and verifies a certain number of Continuing Professional Education (CPE) credits. The audit policy can be found in the Guidelines for Submitting Continuing Professional Education Credits, section: CPE Record-Keeping and Audits. The purpose of this letter is to inform you that the CPE submission below has been selected for audit and verification.


    CPE Type: Professional Association Chapter Meetings

    Domain: CISSP - Multiple Domains (Group A)


    Please understand that once a CPE has been selected for audit, it cannot be removed or deleted. The CPE selected for audit will either "pass" or "fail" the audit process.


    It is important that you complete the CPE audit process. Accordingly, please forward documentation in support of numbers one or two
    below.


    1. Evidence of the CPE Credit You Submitted.


    Evidence of CPE credits earned may be in the form of course transcripts, awarded diplomas, certificates or receipts of attendance, copies of official meeting minutes or rosters (that include attendees names), or documentation of registration materials.


    2. A Description of the CPE Activity


    If the CPE activity has no substantial documentation, please provide a description of the CPE activity, how it relates to your duties, any instructor or supervisor names and what part they played in your submittal. This can be a brief description that accurately reflects the scope and nature of the CPE activity.


    You may submit your documentation via email, postal mail or fax. Please send your name, ID number and the 8 digit number included in the subject line of this email along with your documentation to:


    (ISC)2 Member Support

    Attn: CPE Auditor

    33920 US Highway 19 N., Suite 205

    Palm
    Harbor, FL 34684

    United States


    Fax: +1.727.683.0788


    Email: auditor@isc2.org


    Once your documentation has been received by the auditor, please allow 2 - 3 weeks turnaround time for the processing of your CPE audit. You will receive a response from the auditor when your audit is complete or if there is additional information needed.


    It is not necessary to call or email us to confirm that your documentation has arrived prior to that time, as this will slow down the process. Please do not send multiple faxes or emails of your documents unless requested by (ISC)2 Services.


    To complete the audit, you must submit the documentation requested above within 90 days. If we have not received your response within 90 days, the audit will be considered incomplete and you will not receive credit for the CPE activity referenced above.


    If you have any questions about the CPE audit process, please email membersupport@isc2.org or call
    +1.866.331.isc2 (4722) (toll-free in North America) or +1.727.785.0189.


    We look forward to receiving your CPE documentation in order to move forward with audit process.


    Sincerely,

    For the (ISC)2 Board of Directors,


    Patricia A. Myers, CISSP-ISSMP, Chairperson
  • trackittrackit Member Posts: 224
    this is one hell of the certification :) kinda like you should allways be afraid of something, allways look around the shoulder wondering if you get smacked in the head lol :)

    Thats why i think that in the future i will try to pass the exam itself but i wount be part of this "do you have enough "right type" of experience, have you behaved like we want you to, have you been a good boy" nonsense :) Yeah, i cant say then that i have the actual "certificate" but i can say that i have passed the exam and that will do for me just fine.

    btw, please dont attack me, im not here to argue, just expressed my oppinion and thats all! :)
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Not every certification--or cert vendor--is for everyone. (ISC)2 certifications are for professionals that will honestly attest to their work experience, sign a code of conduct and ethics, commit themselves to continual education and improvement in their profession, and submit to the occasional, "trust, but verify" audit. These are the qualities that organizations look for in highly-skilled, highly-paid professionals. And these points are what separate the (ISC)2 from other "pass it and forgot it" cert vendors.
  • LarryDaManLarryDaMan Member Posts: 797
    I submitted 56 hours of type "A" CPEs fairly recently and didn't have a problem, JD it definitely sounds like your situation was random.

    I am trying to schedule risk management training for later this year, this seems to be the perfect domain to use for both type "A" CPEs and PMP PDUs.
  • trackittrackit Member Posts: 224
    JDMurray wrote: »
    Not every certification--or cert vendor--is for everyone. (ISC)2 certifications are for professionals that will honestly attest to their work experience, sign a code of conduct and ethics, commit themselves to continual education and improvement in their profession, and submit to the occasional, "trust, but verify" audit. These are the qualities that organizations look for in highly-skilled, highly-paid professionals. And these points are what separate the (ISC)2 from other "pass it and forgot it" cert vendors.

    yeah sure, but what i mean is that in the end what matters is knowledge and experience. And i dont mean neccessarily "work experience" as (ISC)2 mesures it, heck you can even get experience in your complex lab set up at home. I would say that some selfthought hacker enthusiast can be much more talented, knowledgeable and experienced (without "proper" work experience) than some "security guys" in many companies. And i think thats what a certification should measure, knowledge and ability.

    And about "code of conduct and ethics", thats even more silly... i honestly think that no certification can measure persons ethics, unless you sign that if you do somethng that (ISC)2 doesnt approve of, then (ISC)2 will own your body and soul. Of course everybody says that "yap, im ehtical guy, ask my friend if you dont belive me" to get certification, but does it really mean that he cant do anything unethical? of course not. I would even say that everybody can do unethical things dependidng on circumstances, even you. Ethics is much much more complex subject than any certification can ever measure.

    Thats why i think certifications should remain on measuring what they really can measure and not go into fields that they cant objectively evaluate.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    You're giving the (ISC)2 exams more credit that they are due. Nobody can prove that they are ethical, moral, righteous, etc. just by passing an exam. The ethics and conduct pledge you make is a public testament of your commitment to ethical behavior by risking your credibility and virtue if you were to act unethically. Many organizations (and employers) ask you to make the same type of pledge before you join.

    Also, your ethics aren't being tested or measured by making this pledge or taking an exam. You are only making a public statement that you will try to be a fair and honest person. You are not dishonest of you refuse to make it, and not selling your soul in an all-binding contract if you do.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    LarryDaMan wrote: »
    I am trying to schedule risk management training for later this year, this seems to be the perfect domain to use for both type "A" CPEs and PMP PDUs.
    It's usually the Group B CPEs that people have trouble finding. I'm thinking of taking several online programming classes and applying them to my Group B CPEs.
  • LarryDaManLarryDaMan Member Posts: 797
    JDMurray wrote: »
    It's usually the Group B CPEs that people have trouble finding. I'm thinking of taking several online programming classes and applying them to my Group B CPEs.

    Good thing only 40 out of the 120 need to be Group B, and I don't see how they will be too much trouble to find.

    Watching some CBT training or podcasts or attending a conference or even reading a book would work. I think the main key is to not wait until the last minute to figure out what you're going to do.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Well, 16 days later I receive a "you passed the audit" email from the (ISC)2. I wonder how and if my two CPEs for attending a monthly ISSA meeting was actually audited.
    [FONT=Tahoma, Verdana, Arial]Dear James Murray:[/FONT]

    [FONT=Tahoma, Verdana, Arial]The purpose of this message is to inform you that you have successfully completed the Continuing Professional Education (CPE) credit audit.[/FONT]

    The activity on 02/12/2009 has been passed.


    [FONT=Tahoma, Verdana, Arial]Although the audit procedure is a burden to you, it is important as it provides an opportunity for (ISC)2 to review the information submitted to ensure compliance with the CPE guidelines.[/FONT]

    [FONT=Tahoma, Verdana, Arial]We wish to take this opportunity to thank you for your participation.[/FONT]

    [FONT=Tahoma, Verdana, Arial]Sincerely,[/FONT]

    [FONT=Tahoma, Verdana, Arial](ISC)2 Services[/FONT]
  • unsupportedunsupported Member Posts: 192
    I guess it is completely random. It is not so much how many CPEs you enter, or what type, because I threw down 50 hours for CEH studying without a peep. More to come with GCIH certification....

    Too bad you have to spread 40 of those hours over the next two years, 'cause I have 60 within three months.

    And to think I was concerned about CPE credits. At least now I can double dip between CEH and CISSP.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    At least now I can double dip between CEH and CISSP.
    Yeah, there's no correlation of submitted CPEs between different cert vendors, so you can legally re-submit the same CPEs for certs from different vendors.
  • unsupportedunsupported Member Posts: 192
    JDMurray wrote: »
    Yeah, there's no correlation of submitted CPEs between different cert vendors, so you can legally re-submit the same CPEs for certs from different vendors.

    I think I should find all the certs where I can double dip my CPEs. I just wish SANS had a CPE option for their certifications. It would make it easier in the long run not having to recertify every 4 years, but I guess it makes that cert more "valuable" and up to date.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Off the top of my head, I can't think of any certs that require both renewal and CPEs; it's always one or the other. It would seem that requiring cert renewal is a better money-making strategy for a cert vendor than requiring CPEs.
Sign In or Register to comment.