CISSP audit standstill

I took the CISSP (and passed) several months ago and I was selected for the random audit.

Unfortunately, the auditor was only able to confirm 44 out of 60 months of employment that pertains to the CBK domains.

I have been trying to do everything in my power to get the auditor the information they have been asking for, however, I've run out of options as the remaining 16 months that can be verified by two separate entities are unreachable. These positions were from several years ago and they are not returning the auditor's messages.

So, for now I'm 44/60 towards completing my CISSP audit.

For employers that refuse to confirm or reply - does anyone know what else that can be done? The auditor mentioned showing a starting and ending pay stub would be allowed if the supervisors cannot be reach after the last follow-up try, however, I have not kept pay stubs prior to 2008.

Has anyone else experienced this? Am I SOL? I have a feeling that I will fail the audit - which means I will stay an Associate of (ISC)2 for 16 more months before I can become a full CISSP?

Input is greatly appreciated. Thank you.

Find more posts tagged with

Comments

rogue2shadow

Looking at your side cert list, seems like you have your Security+. Doesn't that null out a year of experience?

That should only leave you with 4 months left (since you're at 44 months).

Correct me if I'm wrong

SECUREADY

rogue2shadow wrote: »

Looking at your side cert list, seems like you have your Security+. Doesn't that null out a year of experience?

That should only leave you with 4 months left (since you're at 44 months).

Correct me if I'm wrong

Thanks for replying rogue2shadow. The 44 months counts the Sec+. I probably should have made it clearer in my original post. My apologies

core22

How long after your endorsement paperwork was received did you find out you are being audited?

badrottie

SECUREADY wrote: »

I took the CISSP (and passed) several months ago and I was selected for the random audit.

Unfortunately, the auditor was only able to confirm 44 out of 60 months of employment that pertains to the CBK domains.

I have been trying to do everything in my power to get the auditor the information they have been asking for, however, I've run out of options as the remaining 16 months that can be verified by two separate entities are unreachable. These positions were from several years ago and they are not returning the auditor's messages.

So, for now I'm 44/60 towards completing my CISSP audit.

For employers that refuse to confirm or reply - does anyone know what else that can be done? The auditor mentioned showing a starting and ending pay stub would be allowed if the supervisors cannot be reach after the last follow-up try, however, I have not kept pay stubs prior to 2008.

Has anyone else experienced this? Am I SOL? I have a feeling that I will fail the audit - which means I will stay an Associate of (ISC)2 for 16 more months before I can become a full CISSP?

Input is greatly appreciated. Thank you.

You do not mention if you had attempted direct contact to the people that are the bottleneck. Are there any pertinent details to explain why they were not returning the (ISC)2 auditor's inquiries (Eg. They are insanely busy, your ex-managers are borderline sociopaths, etc.)? If you are still on good terms, a phone call to explain why these auditors are calling on them could move the process along. I know that if an auditor were to contact me out of the blue, I would carefully engage them.

If you haven't already contacted either the HR or payroll departments of either company, you may wish to. The HR department will be able to confirm your employment, dates, job description and responsibilities. Failing that, the payroll department should be able to provide a copy of a pay stub (Accountants are loathe to throw out financial records, I find).

Failing that, there is always the legal approach. I would consider that to be the option of last resort, admittedly.

SECUREADY

core22 wrote: »

How long after your endorsement paperwork was received did you find out you are being audited?

I took the exam mid-april, I didn't find out intil June that I was "randomly selected" for the audit. It's now mid July and this is still going on.

SECUREADY

badrottie wrote: »

You do not mention if you had attempted direct contact to the people that are the bottleneck. Are there any pertinent details to explain why they were not returning the (ISC)2 auditor's inquiries (Eg. They are insanely busy, your ex-managers are borderline sociopaths, etc.)? If you are still on good terms, a phone call to explain why these auditors are calling on them could move the process along. I know that if an auditor were to contact me out of the blue, I would carefully engage them.

If you haven't already contacted either the HR or payroll departments of either company, you may wish to. The HR department will be able to confirm your employment, dates, job description and responsibilities. Failing that, the payroll department should be able to provide a copy of a pay stub (Accountants are loathe to throw out financial records, I find).

Failing that, there is always the legal approach. I would consider that to be the option of last resort, admittedly.

badrottie,

Thanks for taking the time to respond. I have indeed tried to contact - in some cases I have been successful with my company contacts - others not so much.

One of my positions was confirmed by the HR department as being only 4 months long, however, I was there for much longer than that. I will be contacting them tomorrow to see if they can send the (ISC)2 auditor with correct information. That would help drastically.

I am going to be running down these people as much as I can, trust me - however, when is enough, enough? I am a Federal Contractor and have been working in COMSEC/INFOSEC much longer than 60 months (5 years); oh well. If this can't be resolved, I will just have to stay an Associate of (ISC)2 for a year or so before I can become a CISSP. Of course I would rather not, as a requirement for moving up the ladder is having a CISSP - my process of transitioning to a more senior role has put on hold within my company until then.

It's the worst feeling not knowing how this will impact my career. The higher ups may not want to wait for several months for this process to complete (if it does successfully). If I don't pass the audit and stay 44 / 60 months - then back in the pool with the tadpoles I go to vie for a promotion all over again.

// end rant

JDMurray

SECUREADY wrote: »

I will just have to stay an Associate of (ISC)2 for a year or so before I can become a CISSP. Of course I would rather not, as a requirement for moving up the ladder is having a CISSP - my process of transitioning to a more senior role has put on hold within my company until then.

Check with your HR department to see if it is necessary to become fully CISSP-certified or if just passing the exam enough. For the DoD, just passing the exam is enough.

TunYau

I have a coleague who experience same as you. Try to find any coleague who had work there before to confirm your position at the company you had work before.

My friend pass the audit after resend 2 contact for ISC to verfiy his employment at company where HR did not replied.

SECUREADY

Update: ISC2 auditor was able to confirm 50/60 months of work experience.

The auditor is refusing to honor 31 months of work as she said it was considered part-time work and therefore not applicable to the audit. As a 1099 employee (I was working as a contractor), of course I'm not considered a full-time employee as I'm not getting paid benefits by the company, etc. However, she is refusing to honor it, so I'm SOL.

Just a warning to everyone, if you 1099 it, be aware!

I'm going to try to see if there's information regarding an appeal process because this is ridiculous.

colemic

Do you pay any kind of paystub showing the amount of hours worked?