Top of Page
 

Examination Policies and Procedures

Are You Ready for Test Day?

You know how important it is to be prepared. Your organization depends on it! We’ve put together the following information to make sure you’re ready for test day.

Before you register for your cybersecurity exam:

  • Get your free exam outline, downloadable from each certification webpage. You’ll find exam requirements, exam topics, overviews of how the exams are structured and much more.
  • Review the (ISC)2 candidate background qualifications. These are the standards you need to meet to become an (ISC)² member when you pass your exam.

Quick Links:

Policies and Procedures for Your Cybersecurity Exam

  • Candidate Background Qualifications Candidate Background Qualifications

    (ISC)² expects its certified members to be of the highest ethical and professional caliber.  To that end the organization has standards that candidates must acknowledge as part of the certification criteria. 

    The following questions may impact your eligibility for certification: 

    • Have you ever been convicted of a felony, a crime based on dishonesty (felony or misdemeanor involving lying) or a Court Martial in military service, or is there a felony charge now pending against you? (Omit minor traffic violations and offenses prosecuted in juvenile court.)
    • Have you ever been involved, or publicly identified, with criminal hackers or hacking?
    • Have you ever had a professional license, certification, membership or registration revoked, or have you ever been censured or disciplined by any professional organization or government agency?
    • Have you ever been known by any other name, alias, or pseudonym? (Omit user identities or screen names with which you were publicly identified.  Also omit name changes due to marriage or adoption.)

    If you answer 'Yes' to any of the questions above, it is possible you may not be eligible to earn an (ISC)² certification. At (ISC)², we do not wish to deny anyone the opportunity for certification. If you feel you may still be eligible, please contact legal@isc2.org to discuss your particular situation and receive clearance of eligibility for certification. Candidates are advised to resolve any potential eligibility problems prior to scheduling the exam. 

    Candidates taking the examination prior to receiving an assessment from (ISC)² about background inquiries will not be refunded for exam fees or expenses should he or she be ineligible for certification.

  • How to Register for Your Exam How to Register for Your Exam
    • Review exam availability by credential.
    • Visit the Pearson VUE website.
    • Create a Pearson VUE account and review the Pearson VUE NDA.
    • Select the most convenient test center location.
    • Select an appointment time.
    • Pay for your exam.
    • Look for email confirmation from Pearson VUE with your appointment details, test center location and any other instructions, if any.

    Pearson VUE will transfer your registration information to (ISC)². All communication about the testing process will be sent to you via email.

    You may register by phone instead. You can find the phone number for your region on the Pearson VUE website.

  • Where to Take Your Exam Where to Take Your Exam

    All (ISC)² exams are offered at Pearson VUE testing centers worldwide.

  • Exam Demonstrations Exam Demonstrations
    Each exam is computer-based. Wondering what to expect? You can watch both a demo and a tutorial of the exam experience on the Pearson VUE website.
  • Rescheduling or Cancelling an Exam Rescheduling or Cancelling an Exam

    To reschedule or cancel your exam appointment, contact Pearson VUE:

    • Online at least 48 hours prior to your exam or
    • By phone at least 24 hours before your exam

    Pearson VUE charges a reschedule fee of USD$50 and a cancellation fee of USD$100.

  • Late Arrivals or No Shows Late Arrivals or No Shows

    Be sure to arrive at least 30 minutes before your exam start time.

    If you arrive within 15 minutes of your start time, you’ll be considered late. This means you may forfeit your assigned seat. It’s up to the test center to decide whether to allow you to take the exam without affecting others’ start times.

    Pearson VUE will make all attempts to accommodate you if you’re late. But if they can’t, you’ll be turned away.

    If you’re turned away because you’re late or you didn’t show up, your exam result will appear in the system as a no-show. You’ll also forfeit your exam fee.

  • Requesting Special Accommodations Requesting Special Accommodations

    (ISC)² provides reasonable accommodations. If you need reasonable accommodations, email (ISC)² before your desired test date.

    To make your request, email the following information to membersupport@isc2.org:

    • An explanation of the accommodations you need
    • Documentation supporting the accommodation
    • The exam you want to take
    • The exam location

    Once an accommodation is agreed to, we’ll send it to Pearson VUE Accommodations.

    Please allow two to three business days for Pearson VUE to get this information.

    Then, call Pearson VUE at 800-466-0450, so you can schedule your exam.

    Please don’t start by scheduling through Pearson VUE’s website or through their main registration phone line. Contact (ISC)² first.

  • What You Need to Bring to the Test Center What You Need to Bring to the Test Center

    Proper Identification

    (ISC)² requires two forms of identification (ID) to take your cybersecurity exam. You’ll be asked to provide a primary and a secondary ID when you check in at your test center.

    Here’s what you need to know:

    • Your IDs must be valid (not expired).
    • They must be original documents (not photocopies or faxes).
    • Your primary ID must include your photo and signature. (The photo needs to be a permanently affixed to the document.)
    • Your secondary ID must include your signature.

    Accepted Primary ID (contains photograph and signature; not expired)

    • Government issued driver's license or identification card
    • U.S. Department of State driver’s license
    • U.S. learner's permit (card only with photo and signature)
    • National/state/country Identification card
    • Passport
    • Military ID
    • Military ID for spouses and dependents
    • Alien registration card (green card; permanent resident visa)
    • Government issued local language ID (plastic card with photo and signature)
    • Employee ID
    • School ID
    • Credit card*

    Accepted Secondary ID (contains signature; not expired)

    • U.S. Social Security card
    • Debit/ATM card
    • Credit card*
    • Any form of ID on the primary ID list

    * A credit card can be used as your primary ID only if it contains both your photo and a signature. It can’t be expired. Any credit card can be used as your secondary ID if your signature is on it and it isn’t expired. This includes major credit cards, as well as department store and gasoline credit cards.

  • What You Shouldn’t Bring Into the Test Center What You Shouldn’t Bring Into the Test Center

    Weapons

    Weapons are not allowed at the test center. If you bring a weapon (or something your Test Administrator considers to be a weapon), you’ll be asked to store it in your car. If you didn’t drive to the test center, you can store it in the locker with your other personal belongings.

    There is one exception. If you are law enforcement or security personnel on site performing an official duty, you may carry a weapon. This exemption does not apply to law enforcement or security personnel who are scheduled to take exams.

  • Name Matching Policy Name Matching Policy

    The first and last name on your ID must exactly match the first and last name that you used to register with Pearson VUE. (For example, if your driver’s license shows your name as Charles, be sure to register as Charles — not as Chuck or Charlie.)

    If your names don’t match, you must bring proof of a legal name change to the test center on your test day. Your document must be an original (not a photocopy or fax). The only legal documents that Pearson VUE will accept are:

    • Marriage licenses
    • Divorce decrees
    • Court-sanctioned legal name change documents

    If you made a mistake with how you registered your name with Pearson VUE, you must contact (ISC)² to make a correction before your test date.

    Name changes cannot be made on your test day, including at the test center. If your names don’t match, you’ll be asked to leave. You’ll also forfeit your testing fee.

  • The Day of Your Exam The Day of Your Exam

    Check-In Process

    Plan to arrive at your test center at least 30 minutes before your exam start time. To check in, you’ll need to:

    • Show two acceptable forms of ID (as defined above).
    • Provide your signature.
    • Submit to a palm vein scan (unless it’s prohibited by law).
    • Have your photo taken. Hats, scarves and coats may not be worn for your photo. You also can’t wear these items in the test room.
    • Leave your personal belongings outside the testing room. You’ll have access to secure storage. Storage space is small, so plan ahead. Pearson VUE test centers do not assume responsibility for your personal belongings.

    The Test Administrator (TA) will give you a short orientation. Then, the TA will escort you to a computer terminal.

    Exam Assistance and Breaks

    You must remain in your seat during the exam, unless the staff says it’s okay for you to get up. You may not change your computer terminal unless a TA directs you to do so.

    Raise your hand to notify the TA if you:

    • Believe you have a problem with your computer.
    • Need to change note boards.
    • Need to take a break.
    • Need the administrator for any reason.

    Your total exam time includes any unscheduled breaks you may take. All breaks count against your testing time. You must leave the testing room during your break. However, you may not leave the building or access any personal belongings unless absolutely necessary (such as for retrieving medication).

    When you take a break, you’ll be required to submit to a palm vein scan before and after your break.

    Testing Environment

    Pearson VUE test centers administer many types of exams. Some exams have written responses (such as essays). The test centers have no control over the sounds of people typing on keyboards next to you. Typing noise is a normal part of a computerized testing environment. It’s like the noise of turning pages in a paper-and-pencil testing environment.

    Earplugs are available upon request.

    When You Finish Your Exam

    After you finish, raise your hand to summon the TA. The TA will let you go when you’ve met all the requirements.

    Be sure to notify your TA before you leave the test center if:

    • You believe there was an irregularity in how your test was run or
    • Irregular testing conditions had a negative effect on the outcome of your exam

    Technical Issues

    On rare occasions, the test center may have technical problems. You may need to reschedule your cybersecurity exam.

    If technical issues cause you to wait more than 30 minutes after your scheduled exam start time, or your exam starts and then stops with a delay of more than 30 minutes, you’ll have the choice of continuing to wait or rescheduling with no additional fee:

    • If you choose not to reschedule and take the test after your delay, your test results will count. You’ll have no further recourse.
    • If you choose to wait but change your mind before starting (or restarting) your exam, you can take the exam at a later date at no extra cost.
    • If you choose to reschedule or the technical problem can’t be fixed, you’ll be allowed to test at a later date at no extra charge.

    We know your time is valuable. If your test center identifies technical problems before your exam, they’ll make every attempt to contact you.

  • Exam Format and Scoring Exam Format and Scoring

    Exam

    Time Allotted

    Items

    Examination Availability

    CISSP

    6 hours

    250 multiple choice and advanced innovative items

    English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean, Visually impaired

    SSCP

    3 hours

    125 multiple choice, 4 choices

    English, Japanese and Brazilian Portuguese

    CCSP

    4 hours

    125 multiple choice, 4 choices

    English

    CAP

    3 hours

    125 multiple choice, 4 choices

    English

    CSSLP

    4 hours

    175 multiple choice, 4 choices

    English

    HCISPP

    3 hours

    125 multiple choice, 4 choices

    English

    CCFP

    4 hours

    125 multiple choice, 4 choices

    English, German, Korean

    CISSP-ISSAP

    3 hours

    125 multiple choice, 4 choices

    English

    CISSP-ISSEP

    3 hours

    150 multiple choice, 4 choices

    English

    CISSP-ISSMP

    3 hours

    125 multiple choice, 4 choices

    English

    There may be scenario-based items with more than one multiple-choice item.

    Each of these exams contains 25 pre-test items. They’re included for research purposes only. The pre-test items aren’t identified, so answer every item to the best of your ability.

    You need a scale score of at least 700 out of a possible 1000 points to pass your cybersecurity exam.

  • Results Reporting Results Reporting

    Receiving Your Results

    (ISC)² conducts a thorough statistical and psychometric analysis of the score data to establish the pass/fail score before releasing scores. We need a minimum number of test takers before this analysis can be completed.

    Depending on the volume of test takers for a given test, there may be times when scores are delayed for approximately six to eight weeks to complete this critical process.

    Your TA will give you an unofficial exam result when you check out at the test center. (ISC)² will email you the official result.

    In some instances, real-time results may not be available.

    All test results are subject to the (ISC)² psychometric and forensic evaluation. This evaluation could take place after you get your official results. (The timing is based on the number of tests taken.) If the psychometric and forensic evaluation affects your score, (ISC)² will notify you.

    Results will not be released over the phone. If you have any questions about this policy, contact (ISC)² before your exam.

    Exam Irregularities and Results Invalidation

    If (ISC)² suspects that any irregularity, fraud or policy violation has taken place before, during or after an exam, (ISC)² will examine the situation and determine whether action is needed. (ISC)² may choose not to score the exam of the affected test taker(s). Or, (ISC)² may choose to cancel the results of the affected test taker(s).

    At (ISC)²’s sole discretion, we may:

    • Revoke any and all certifications you may have earned.
    • Ban you from earning future (ISC)² certifications.
    • Decline to score or cancel any exam under any of the circumstances listed in the (ISC)² Examination Agreement.

    Retake Policy

    You can sit for (ISC)² exams up to three times within a 12-month period.

    For the CISSP, SSCP, CAP, CSSLP, ISSAP, ISSEP and ISSMP:

    • If you don’t pass the exam the first time, you can retest after 30 days.
    • If you don’t pass a second time, you can retest after an additional 90 days.
    • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt.

    For the CCSP, HCISPP and CCFP:

    • If you don’t pass the exam the first time, you can retest after 90 days.
    • If you don’t pass a second time, you can retest after an additional 90 days.
    • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt.
  • Recertification by Examination Recertification by Examination

    You may take an exam to recertify if you’ve become decertified due to:

    • Not meeting your required number of continuing professional education credits.
    • Having the time limit on your endorsement expire.
  • Examination Legal Notice Examination Legal Notice

    Impartiality Statement 

    (ISC)² is committed to impartiality by promoting a bias and discrimination free environment for all members, candidates, staff, volunteers, subcontractors, vendors, and clients. (ISC)²’s board of directors, management and staff understand the importance of impartiality in carrying out its certification activities, manage conflict of interest and ensure the objectivity of its certification. If you feel you have not received impartial treatment, please send an email to notice@isc2.org or call +1.727.785.0189, so that we can investigate your claim.

    Non-Discrimination Policy

    (ISC)² is an equal opportunity employer and does not allow, condone or support discrimination of any type within its organization including, but not limited to, its activities, programs, practices, procedures, or vendor relationships. This policy applies to (ISC)² employees, members, candidates, and supporters.

    Whether participating in an (ISC)² official event or certification examination as an employee, candidate, member, staff, volunteer, subcontractor, vendor, or client if you feel you have been discriminated against based on nationality, religion, sexual orientation, race, gender, disability, age, marital status or military status, please send an email to notice@isc2.org or call +1.727.785.0189, so that we can investigate your claim. For any questions related to these polices, please contact the (ISC)² Legal Department at legal@isc2.org.