Top of Page
 

Membership Policies and Procedures

The following policies and procedures assist and guide members and Associates of (ISC)² through their membership.

  • (ISC)² Certification and Membership Maintenance Policy (ISC)² Certification and Membership Maintenance Policy
    1. Purpose

      This policy establishes the requirements for (ISC)² certified members and associates of (ISC)² to maintain their membership, certification and associate status.

    2. Revision History

      Version 4.0

    3. Scope

      This policy applies to all certified (ISC)² certified members and associates of (ISC)².

    4. Policy

      In order to maintain membership, certification and associate status, certified members and associates of (ISC)² must earn a minimum amount of continuing professional education (CPE) credits for each of their one year or three-year certification cycles, as well as pay an annual maintenance fee (AMF). Both requirements are needed to ensure your membership, certification and associate status remain in good standing.

    4.1; Continuing Professional Education (CPE) Requirement

    4.1.1 Certified members are required to earn and submit CPE credits over their three-year certification cycle. All CPE activities must be earned and completed no later than 90 days after the certification expiration date (end of three years certification cycle) For more information on CPE policy, download the CPE Handbook (Chinese, Japanese, Korean).

     

    Certification

    Type

    Suggested Annual

    3-Year Total

    CISSP

    Group A

    30

    90

    Group A or B

    10

    30

    Total Required

    40

    120

     

    CSSLP, CCSP

    Group A

    20

    60

     

    Group A or B

    10

    30

     

    Total Required

    30

    90

     

     

     

     

    SSCP, CAP, HCISPP

    Group A

    15

    45

     

    Group A or B

    5

    15

     

    Total Required

    20

    60

     

     

     

     

    CISSP-ISSAP, ISSEP, ISSMP

    Group A

    N/A

    20*

     

    Total Required

     

    20*

    Concentrations

    *If you hold a CISSP concentration, 20 Group A CPE credits in the CISSP three-year cycle must be directly related to your concentration. If you hold more than one concentration, you must earn 20 credits in each concentration. CPE credits required for a concentration are automatically counted toward the CISSP CPE requirement.

     

    Associates Program

    Type

    Required Annual

    3-year Total

    Associates of (ISC)²

    Group A

    15

    N/A

     

    4.1.2 Associates of (ISC)² are required to earn and submit 15 CPE credits within their one year cycle. All CPE activities must be completed or earned no later than 90 days after the expiration date (last day of the one-year associate cycle).  For more information on CPE policy, please download the CPE Handbook (Chinese, Japanese, Korean).

    4.1.3 (ISC)² allows certified members and associates of (ISC)² a 90-day grace period after the cycle expiration date to earn and submit required CPE credits earned within their 1-year or 3-year cycle. CPE activities completed during the 90-day grace period may be submitted and accepted for certification or associate status maintenance. After the 90-day grace period expires and the certified member or associate fails to submit the required CPE credits earned during their 1-year or 3-year certification cycle, the certified member or associate will be placed in suspended status.

    4.2 Annual Membership Fee (AMF) Requirement

    4.2.1 Certified members (single certified or multi-certified) are required to pay an AMF in the amount of U.S. $125 which are due on the member’s start date of their certification cycle and due on the same date each year. A member’s start date for their certification cycle is the anniversary of their certification. Associates of (ISC)² are required to pay an AMF in the amount of U.S. $50, which is due on the anniversary date of the associate’s cycle and due on the same date each year.

    4.2.2 Candidates who pass their exams and whose endorsements have been approved for (ISC)² certification must pay their first AMF of U.S. $125 before certification is granted. Once a certified member, AMFs will be due each year on the anniversary date of their certification being awarded.

    Candidates who pass their exams and are applying for associate designation must first pay their first year’s AMF of U.S. $50 before their associate designation is granted. Once an associate, AMFs will be due each year on the anniversary date of their associate status being awarded.

    4.2.3 For certified members with multiple certifications on multiple cycle dates, the earliest certification anniversary will be the start date for all of your certifications and due date for their AMFs. For example, if a member obtained the CISSP certification on September 1, 2010, and a CAP certification on January 13, 2012, the member’s certification anniversary would be September 1 each year.

    4.2.4 (ISC)² allows certified members and associates of (ISC)² a 90-day grace period from the cycle start date to pay in full a past due AMF. After the 90-day grace period expires and they fail to pay the past due AMF, the member’s certification or associate designation will be suspended. This applies for each year of the three-year certification cycle. Once suspended, individuals may no longer be allowed to use the certificate designation, display the certificate itself or imply in any way that they are currently certified.

    4.2.5 Once paid, the AMF is non-refundable.

    4.3 Failure to Meet Requirements

    4.3.1 In order to be reinstated once a certification or designation is suspended, certified members and associates of (ISC)² are required to submit all outstanding CPE credits and pay all past due AMFs. Certified members and associates of (ISC)² are given a 90-day grace period from the end of their certification cycle to fulfill outstanding CPE credits and past due AMFs. After the 90-day grace period, suspended certified members and associates will be placed into suspension status which may be maintained for up to two consecutive years. After two years, certified members and associates of (ISC)² will be terminated, and all membership rights will be revoked. Terminated certified members and associates wishing to be reinstated will be required to retake and pass the examination.

    4.4 Hardship

    4.4.1 (ISC)² does not waive the CPE requirements or Annual Maintenance Fees.

    4.4.2 (ISC)² understands that occasionally there are certain extenuating circumstances that occur preventing members from completing all their recertification requirements by their expiration date. Some examples for such extenuating circumstances are the following:

    • Personal/Immediate family, or household person’s medical issues
    • Extended involuntary unemployment
    • Military deployment
    • Natural Disaster
    • Unexpected personal calamity
    • Death of Immediate Family Member (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household) 

    4.4.3 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to a medical or military issue that prevents the cetified member or associate from fulfilling the AMF and CPE requirements on time. If certified members and associates have experienced hardships throughout their three-year certification cycle, they need to contact Member Services at membersupport@isc2.org.

    4.5 Retired Status

    4.5.1 (ISC)² allows a certified member who wishes to retain his/her affiliation with (ISC)² to be granted a retired designation upon his/her retirement from the security profession. To confer retired designation, a member must meet the following minimum qualifications, pay retired status application and any outstanding AMFs. For complete information on the retired status, please see the Retired Status Policy.

    4.5.1.1 Minimum Qualifications for Retired Designation

    • Currently a member in good standing
    • Should be 60 years of age or older, or is medically unable to continue to practice
    • No longer practices or employed as an information security professional (including consulting, private and public sector work)
    • Has been a credential holder (for credential seeking retired status for) in good standing for at least 10 years. For the following newer credentials, the first year of eligibility will start in the years stated below:
      • CISSP, SSCP, CSSLP and CAP: credentials currently eligible
      • HCISPP: 2023
      • CCSP: 2025

    4.5.1.2 Should not currently be the subject of an (ISC)² ethics action/investigation

    4.5.2 Member must complete a Retired Designation Application Form and submit to (ISC)² Clearwater Office via mail or email.

    4.5.3 Member must pay U.S. $100 Application Fee. Fee payment may be made by check, bank wire, money order drawn on a major U.S. bank or via a major credit card. Checks or money order should be made payable to (ISC)².

  • (ISC)² Associate Designation Upgrade Policy (ISC)² Associate Designation Upgrade Policy
    1. Purpose

      This policy provides the guidelines for upgrading associate designation to full certification.

    2. Revision History

      Version 2.0

    3. Scope

      This policy applies to all Associates of (ISC)² upgrading to full certification.

    4. Policy

      4.1 For an associate designation to be upgraded to a certified member, the individual must have passed an (ISC)² examination and currently hold the Associate of (ISC)² designation. The individual must submit the endorsement application before the last day of the last year that they can hold the associate designation.

      4.2 Associates will have a specific time frame to obtain cumulative work experience in the domains of their target certification and to complete the endorsement. The specific time frames for each certification are as follows:

      • CISSP and CCSP up to six years
      • SSCP up to two years
      • CSSLP up to five years
      • HCISPP and CAP to three years

      4.3 Associates will need to submit an endorsement application. Once the application is reviewed and approved, the associate will receive an email confirmation (Next Step email) outlining the next steps towards certification. They will be instructed to log in to their dashboard to pay the upgrade AMF of U.S. $75 before a three-year certification cycle can be started.

      4.4 The associate’s cycle will be terminated under the termination reason ‘Upgrade Associate.’ A new three-year certification cycle will start once upgrade payment is received. The associate acclaim badge will be terminated, and a new credential badge will be issued.

  • (ISC)² Endorsement Review Policy (ISC)² Endorsement Review Policy
    1. Purpose

      This policy provides guidelines and requirements of the endorsement and application review process for candidates to obtain their (ISC)² credential after passing an (ISC)² exam.

    2. Revision History

      Version 3.0

    3. Scope

      This policy applies to all candidates for (ISC)² credentials.

    4. Policy

      4.1 Individuals who pass an (ISC)² examination must go through an endorsement process in order to obtain the credential for the examination they passed. Once these individuals receive notification that they have successfully passed the exam, they may start the online endorsement application.

      4.1.1 Endorsement applications are submitted through an online form available on the (ISC)² website at https://www.isc2.org/Endorsement. CISSP concentrations do not require an endorser. If an individual is not able to submit their application via the online form, they will be provided with a PDF application via email.

      4.2 All candidates who pass an (ISC)² credential examination must complete the endorsement process within a time period of no longer than nine (9) months.

      4.2.1 A percentage of the candidates who pass an (ISC)² examination and submit endorsements will be randomly subjected for audit and required to submit additional information, as required, for verification. Those candidates will be notified via email if their application is selected for audit.

      4.3 All credential endorsement applications must be reviewed and endorsed by an (ISC)² certified member in good standing. The (ISC)² member does not have to hold the same credential.

      4.3.1 The (ISC)² certified professional is anyone who:

      • Is able to attest to the candidate’s professional experience
      • Is an active (ISC)² credential holder in good standing

      4.4 If the candidate does not know an (ISC)² certified professional in good standing, (ISC)² can provide endorsement assistance to act as the endorser. Candidates may request assistance with the endorsement requirement by submitting additional documentation with their endorsement form so that (ISC)² staff may review their qualifications and consider endorsing the candidate.

      4.5 The endorser will attest the individual’s assertions that his/her professional experience are true to the best of the endorser’s knowledge, and that the individual is in good standing within the cybersecurity industry. The endorser’s certification number and surname is needed when filling out the online application.

      4.6 Once a candidate’s endorsement application has been approved, the final step in the process is to pay their first Annual Maintenance Fee (AMF). If the candidate already holds an (ISC)² certification, they will not have to pay an additional AMF for the latest certification.

  • (ISC)² Badge Policy (ISC)² Badge Policy
    1. Purpose

      The purpose of this policy is to establish guidelines on the issuance of digital badges associated with new and existing members and associates.

    2. Revision History

      Version 4.0

    3. Scope

      This policy applies to all members and Associates of (ISC)².

    4. Policy

      4.1 Newly certified members/associates are issued a digital badge for the certifications they’ve earned. Once a candidate passes their (ISC)² examination and successfully completes the endorsement application process, they will be able to claim their Credly Badge. Candidates who fail the endorsement process can apply for the associate designation and once approved, they will be issued an associate badge.

      4.2 These digital badges based on open badge standards enable newly-certified members to manage, share and verify their certifications digitally.

      4.2.1 Certified members are in complete control of the information they wish to make public. All certification information can be configured in the Credly account.

      4.2.2 Digital badges are uniquely linked to data hosted on the Credly platform. This link to verified data makes Credly digital badges more reliable and secure than a traditional paper-based credential. It also eliminates the possibility of anyone claiming a member’s credential and associate identity.

      4.2.3 Every certification and profile on the Credly platform has a unique URL that can be embedded on a resume or website. The platform also offers seamless integration with several popular social and professional networking platforms for the display of certifications as open badges. Sharing to LinkedIn enables the earner to display the achievement within their profile with single click verification.

      4.3 New members are notified through email to claim their badge within two weeks of earning their certification.

      4.4 Certified members/associates can claim a digital badge for each active certification they hold or exam passed.

      4.5 For questions related to the status of your Credly badge, members can contact badges@isc2.org. For questions related to the status of certification, members can contact membersupport@isc2.org.

  • (ISC)² Membership Reinstatement Policy (ISC)² Membership Reinstatement Policy
    1. Purpose

      This policy establishes the requirements for reinstatement and reactivation of membership and provides the procedure to reinstate a terminated renewal billing record and reactivate a membership.

    2. Revision History

      Version 3.0 (Updated March 2022)

    3. Scope

      This policy applies to all (ISC)² certified members and associates of (ISC)².

    4. Policy

      (ISC)² allows a suspended or a terminated member or associate to regain certification.

      4.1 Suspension Status

      4.1.1 Members and Associates are given a 90-day period from the due date (earliest date of certification) to pay their Annual Membership Fees. Failure to pay within the 90-day period will result in certification suspension. Once suspended, individuals may no longer be allowed to use the certificate designation, display the certificate itself, or imply at any way that they are presently certified.

      4.1.2 Once certification is suspended, individuals are required to submit all outstanding CPE credits and pay all past due AMFs through the member portal prior to certification being reinstated.

      4.1.3 Suspension status may be maintained for up to two consecutive years. After two years, members or associates of (ISC)² will be terminated, and all membership rights will be revoked.

      4.2 Terminated Status

      4.2.1 Suspended members and associates who do not recertify after two years will be terminated.

      4.2.2 Terminated members and associates of (ISC)² will be required to retake the examination applicable to their terminated certification and pass the examination to become certified once again. They must sit for the exam within 90 days of their certification expiration date. In addition, they must pay all outstanding AMFs prior to registering for the exam. They can register for the exam at home.pearsonvue.com/isc2.

      4.2.3 Records are terminated for not meeting renewal requirements (AMF and CPE) for an (ISC)² certification/associate credential. Member/Associate may file an extension request or appeal the termination of certification. If extension or appeal is approved, the individual will need to fulfill extension/appeal approval information.

      4.3 Hardship

      4.3.1 (ISC)² understands that occasionally there are certain extenuating circumstances that occur preventing members from completing all their recertification requirements by their expiration date. Some examples for such extenuating circumstances are the following:

      • Personal/Immediate family, or household person’s medical issues
      • Extended involuntary unemployment
      • Military deployment
      • Natural Disaster
      • Unexpected personal calamity
      • Death of Immediate Family Member (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)

      4.3.2 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to a medical or military issue that prevents the certified member or associate from fulfilling the AMF and CPE requirements on time. If certified members and associates have experienced hardships throughout their three-year certification cycle, they need to contact Member Services at membersupport@isc2.org.

  • (ISC)² Appeal Policy (ISC)² Appeal Policy
    1. Purpose

      This policy establishes the requirements to appeal a certification/designation that has been suspended or terminated.

    2. Revision History

      Version 3.0 (Updated March 2022)

    3. Scope

      This policy applies to all (ISC)² certified members and Associates of (ISC)².

    4. Policy

      4.1 (ISC)² certified members and associates whose certification/designation status are suspended or terminated may file an extension request or appeal the suspension or termination of their certification/designation.

      4.2 All appeals need to be submitted prior to the end of the 2-year suspension period.

      4.3 Once a member/associate has confirmed the intent to file an appeal, an appeal form must be completed. The appeal form along with the written statement and supporting documentation should then be provided to Member Services at membersupport@isc2.org, This written statement should explain in detail the circumstances that occurred which prevented recertification requirements from being met prior to suspension or termination.

      4.3.1 All information and documentation regarding the appeal will be collected and provided to Member Services Manager for review and consideration in a timely manner.

      4.3.2 Member Services Coordinators will follow appeal through to completion including monitoring account activity for renewal requirements submission if appeal is granted. Review of appeals typically takes 7-10 business days.

      4.4 If extension or appeal is approved, the individual must fulfill extension/appeal approval information. If extension or appeal is disapproved, the individual must retest to regain certification/designation.

      4.5 (ISC)² understands that occasionally there are certain extenuating circumstances that occur preventing members from completing all their recertification requirements by their expiration date. Some examples for such extenuating circumstances are the following:

      • Personal/Immediate family, or household person’s medical issues
      • Extended involuntary unemployment
      • Military deployment
      • Natural disaster
      • Unexpected personal calamity
      • Death of Immediate Family Member (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)

      4.6 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to a medical or military issue that prevents the certified member or associate from fulfilling the AMF and CPE requirements on time. If certified members and associates have experienced hardships throughout their three-year certification cycle, they must contact Member Services at membersupport@isc2.org.

  • (ISC)² Retired Status Policy (ISC)² Retired Status Policy
    1. Purpose

      This policy provides the requirements for Retired Designation.

    2. Revision History

      Version 4.0

    3. Scope

      This policy applies to all (ISC)² certified members.

    4. Policy

      4.1 (ISC)² allows a certified member who wishes to retain his/her affiliation with (ISC)² to be granted a retired designation upon his/her retirement from the information security profession.

      4.2 To confer Retired Designation, a member must meet the following minimum qualifications:

      4.2.1 Minimum Qualifications for Retired Designation

      • Currently a member in good standing
      • Should be 60 years of age or older, or medically unable to continue to practice
      • No longer practices or employed as an information security professional (including consulting, private and public sector work)
      • Has been a credential holder (for credential seeking retired status for) in good standing for at least 10 years. For the following newer credentials, the first year of eligibility will start in the years stated below:
        • CISSP, SSCP, CSSLP and CAP: credentials currently eligible
        • HCISPP: 2023
        • CCSP: 2025

      4.2.2 Should not currently be the subject of an (ISC)² ethics action/investigation

      4.3 Member must complete a Retired Designation Application Form and submit to (ISC)² Clearwater Office via mail or email to membersupport@isc2.org.

      4.4 Member must pay U.S. $100 application fee. Fee payment may be made by check, bank wire, money order drawn on a major U.S. bank or via a major credit card. Checks or money order should be made payable to (ISC)².

      4.4.1 After the application fee is paid, if the applicant does not seek Retired Designation, the following cancellations and refunds policy apply:

      • Applicant must submit cancellation request in writing
      • For cancellation request received by (ISC)² within 30 days of filing Retired Designation application, (ISC)² will refund the full application fee of U.S. $100 and closes the application process
      • For cancellation request received (ISC)² after 30 days of filing the application, the fee will be forfeited
      • The Endorsement/Programs Department will subsequently process the application

      4.5 Reinstatement to active status is not anticipated; however, retired member must meet all of the following qualifications/requirements before reinstating to active status.

      4.5.1 Once Retired Designation is granted; he/she may be reinstated only once to active status.

      4.5.2 If the Retired Designation was held for two years or less (the two-year timeframe begins at the date the retired designation was approved; i.e. the date on the retired certificate. The retired member must:

      • Request for reinstatement by contacting Customer Service Coordinators
      • Earn minimum 40 CPE units.
      • Abide by (ISC)² Code of Ethics.

      4.5.3 If retired designation was held for more than two years (the two-year timeframe begins at the date the retired designation was approved; i.e. the date on the retired certificate. The retired member must:

      • Pass the current credential examination – the standard examination fee will be charged. The payment of standard examination fee is due at the time of registration and payment may be made by voucher or by check, money order drawn on a major U.S. bank or via a major credit card. Check or money order should be made payable to (ISC)².
      • Complete the exam registration form as appropriate. Not all sections of the form may be applicable
      • Member will need to request to be reinstated after passing the current credential examination
    5. Special Provisions
      • Non-members such as Fellow of (ISC)² designees are not eligible to apply for retired designation
      • Credential holders who intend to continue part-time information security work (perhaps as a consultant) are not eligible for the retired designation
      • Retired designees shall be subject to the same requirements as active members, except neither CPE requirements nor AMF payments will be required
      • Retired designees will have some of the same rights and privileges as active members in good standing with exception that they may NOT:
        • Vote in (ISC)² Board or other elections
        • Seek or hold office as (ISC)² Board of Director
      • Retired designees should make every effort to return their credential certificate and ID card to (ISC)² as a means to assure that the designee is not misrepresenting credential
      • Retired designees will keep their same (ISC)² ID numbers
      • Reinstated credential holders will not be required to pay outstanding AMFs or earn outstanding CPE units from previous certification cycles
      • Retired designees reinstated to credential holder will have their retired status rescinded
      • Retired designees can be reinstated to credential holder only one time. credential holders can request retired status a maximum two times (initial request and if they are reinstated to credential holder and second request)
      • Retired designees must abide by (ISC)² Code of Ethics
      • Retired designees must agree to follow (ISC)² Logo Usage Guidelines
      • Retired designees must notify (ISC)² of their information changes, including address change
      • The three-year Retired Designation cycle begins on the first day of the month following the date when the Retired Designation was issued
    6. Retired Member Benefits
      • May use the credential retired designation on business cards, websites, letter heads, letter salutations, and/or whenever the member name appears, such as in the press or personal documents
      • Can maintain contact information on the (ISC)² website
      • Access to member magazine
      • Access to security reports
      • Option to attend free virtual events
      • Vulnerability Central
      • Member discounts
      • Will receive all (ISC)² official communications
  • (ISC)² Voucher Policy (ISC)² Voucher Policy
    1. Purpose

      This policy details the terms of use, conditions, restrictions for (ISC)² vouchers as a form of payment for products and services, and outlines internal procedures that guides the issuance and use of vouchers.

    2. Revision History

      Version 1.0

    3. Scope

      This policy applies to all (ISC)² certified members, candidates and associates who wish to use vouchers as a form of payment for (ISC)²products and services.

    4. Policy

      (ISC)² allows vouchers to be used as a form of payment for Annual Maintenance Fee (AMF), examination fees and training fees. Voucher numbers are not issued and released until invoice is paid in full. The following outlines the guidelines for all types of vouchers issued by (ISC)².

    4.1 Exam and Training Vouchers

    4.1.1 Candidates can use the voucher to register for the exam and training of their choice.

    4.1.2 Vouchers have an expiration date – one year from the purchase date and cannot be extended. The candidate is responsible for tracking when the voucher expires; no notification will be sent.

    4.1.3 You must take your exam or training by the voucher expiration date. The examination and training fee will be forfeited on the date of expiration.

    4.1.4 Vouchers cannot be extended, refunded nor replaced. It cannot be used for any other certifications.

    4.1.5 Individuals using vouchers for payment for attendance at an examination or training session will be allowed to reschedule or cancel. However, the exam or training must be rescheduled for a date prior to the expiration date of the voucher.

    The standard U.S. $50 reschedule fee and U.S. $100 cancellation fee for exams will apply. Cancellations and reschedules must be done at least 24 hours prior to the exam start time by contacting Pearson VUE. If you are not in attendance to the exam, you will be marked as a “no-show” and the entire exam fee will be forfeited.

    4.2 Annual Maintenance Fee (AMF) Vouchers

    4.2.1 Corporations/companies can purchase multiple vouchers to pay for their employees’ AMF.

    4.2.2 Vouchers are purchased per individual/employee, and can be used as payment for their AMF.

    4.2.3 Membership vouchers have an expiration date – one year from the purchase date and cannot be extended. The individual who has been issued with a voucher is responsible for tracking when the voucher expires; no notification will be sent.

    4.2.4 The voucher must be used by the expiration date. It cannot be extended, refunded nor replaced.

    5.1 Responsibilities

    The (ISC)² Member Services Team works closely with Finance, Exams and Education Teams on the purchase, usage and administration of vouchers as form of payment for (ISC)2 products and services.

  • (ISC)² Community Usage Policy (ISC)² Community Usage Policy
    1. Purpose

      This policy provides the usage rules and enforcement of the rules for the (ISC)² Community at community.isc2.org.

    2. Revision History

      Version 1.0

    3. Scope

      This policy applies to all (ISC)² Community users (both (ISC)² members and non-members).

    4. Policy

      Located publicly online at https://community.isc2.org/t5/Welcome/ISC-Community-Usage-Policy-Guidelines-Updated-August-2020/m-p/38340

      5. 4.1 Open Forum

      a. One of the primary purposes of this Community is to raise awareness for cybersecurity issues and the profession. As such, this is an open forum. Post on the community knowing that what you share is viewable by the public and search engines. Only a limited number of closed groups are private and not visible to all users, including non-registered Community members.

      b. Only registered Community users can post messages. Create your Community account.

      c. Community users often share personal experiences and might offer peer-to-peer support. Keep in mind, that these are personal opinions and do not necessarily represent the position of (ISC)². Questions requiring a formal answer should be directed to (ISC)² staff. When answering questions regarding (ISC)² policies or procedures, it is best to link to the appropriate (ISC)² policy page and not try to summarize or paraphrase (ISC)² policies as it can risk misunderstandings. It is fair to share your experiences and offer sources of support (such as emailing membersupport@isc2.org or flagging a Community manager), but (ISC)² staff are aware of the latest policies, procedures and systems status, and are best equipped to officially and accurately address questions on the Community.

      • Our Community Champions are here to encourage current and future members and to share their extensive expertise in information security to help facilitate discussions. We appreciate the support they volunteer to help the Community, but please respect their time and direct member and candidate support questions to (ISC)² staff.

      d. The Community is a forum for honest, constructive discussion about the (ISC)² association, including governance, processes, policies and systems. Be mindful that (ISC)² members are the heart of the association. Everything (ISC)² members post on this forum is an extension of the association. Help your association grow and thrive by being a welcoming and helpful place for members, certification candidates and interested parties looking for solutions to today’s security challenges.

      e. As an open forum, community users respond to questions/posts with advice on topics. While we will attempt to correct any misunderstandings or outdated advice, (ISC)² is not responsible for inaccurate information posted. Regarding questions about (ISC)² policy and practices, we recommend users refer directly to the policies and procedures page.

      4.2 Protect Privacy

      a. Don’t share any information about yourself or your organization you do not want made public. Do not share personal information. Personal information includes your home address, full name, (ISC)² member/ID number, credit card numbers, social security numbers, email address, etc. In addition, do not request the personal information of other users. Keep in mind, as with any online forum, that even the Community’s Private Message function is no guarantee of privacy of your online exchanges.

      b. If you have any issues with your (ISC)² account, contact Member Services with your specific issue, account number and contact information at membersupport@isc2.org or visit www.isc2.org/contact-us for additional resources.

      c.In the course of your interactions with (ISC)², you may come in contact with staff members through various communications channels. Do not publicly share the email addresses, phone numbers or other information about (ISC)² staff other than their user profiles on the Community. When addressing association issues, do not identify specific staff members you feel may be responsible. Please escalate issues through appropriate channels and through Community managers.

      d. (ISC)² reserves the right to promote posts and conversations in public discussion boards within the Community on other channels such as Twitter, LinkedIn, Facebook and its magazine InfoSecurity Professional to help encourage more diverse input and awareness about topics.

      4.3 Honestly Represent Yourself

      a. Have fun with your username and avatar; however, remember this is a professional forum

      b. Do not purposely misrepresent yourself

      c.Do not impersonate other people, including (ISC)² staff

      d. Do not use copyright-protected photos for your avatar

      4.4 Be Respectful

      a. Respect others’ time and attention with well-thought-out questions and discussion by keeping your tone positive and maintaining constructive criticism. Personal attacks or criticism of another’s abilities will not be tolerated. Insults, swear words, vulgar language, legal threats, controversial political statements, discriminatory remarks, ridicule, and/or illegal content is not allowed.

      b. Attempting to deliberately circumvent moderation tools and content filters in place to prevent inappropriate content is counter-productive and disrespectful of an administrator’s time. It will not be tolerated. Redacting or obfuscating offensive words when discussing threats and tactics used by threat actors is an appropriate way to address these valuable topics and information sharing.

      4.5 Be Relevant

      a. Keep discussions relevant to our Community’s mission and specific topic areas. Search to see if your question has already been posted to avoid duplication. If you are unsure if a topic is relevant to the Community, please do not hesitate to ask one of the Community team members at community@isc2.org. Do not reply with off-topic comments; instead, create a new post and link to the original if needed. Don’t post the same message in multiple areas.

      b. External links (including those in a signature) should only be posted when related to the content in the thread and not link to irrelevant or off-topic content

      c. Professional signatures including your name, certifications and link to your Credly badge or a reputable professional network like LinkedIn are permissible

      4.6 Be Lawful

      a. Do not any violate any laws or break any contractual agreements you have made (copyright, trade secret, nondisclosure agreements or others)

      4.7 Adhere to (ISC)² Exam Confidentiality

      a. Discussing (ISC)² examination items, answers and responses with other individuals is a violation of the (ISC)² Examination Non-Disclosure Agreement that is signed prior to taking an (ISC)² examination. Any posts related to this will be removed, and users found to be in violation may face penalties.

      b. General discussions about exams that do not share specific exam items are permissible. We encourage Community members to help candidates prepare themselves for success and share their own experiences without disclosing any information that could compromise the integrity of the exam process.

      4.8 Be Responsible With Vulnerability Disclosures

      a. This Community is not to be used as a forum for public disclosure of vulnerabilities. Ethical disclosure is important; however, this Community is not the appropriate place for original disclosures. Appropriate locations include places like bugcrowd.

      b. It is appropriate to discuss publicly disclosed vulnerabilities and how security professionals should respond.

      4.9 Promote Ideas, Not Products

      a. Solicitation or advertisement of goods or services in posts, links, private messages, or any other means of communication is prohibited, and Community users who violate these guidelines may also be subject to further action, including a permanent ban from the Community.

      4.10 Be Concise

      a. Lengthy posts can be intimidating on a forum and might discourage people from reading. Summarize your thoughts or question into a short paragraph with a few points to start a discussion within the Community. When reposting information from a blog, contributed article, or other information, provide a brief overview and include a link to the original source. We require compliance with “fair use” when reposting.

      4.11 Be Vigilant

      a. Flag inappropriate content if you notice anything that violates these guidelines. To flag, use the menu at the top right of a post and select “Report Inappropriate Content.” It will be reviewed by a Community team member. In addition to flagging content that is vulgar, hateful and/or off-topic, this extends to non-helpful, ridicule and baseless jokes as well. This Community is intended to be a tool for cybersecurity professionals to work together to solve problems. When in doubt, refer to our Code of Ethics Canons:

      1. Protect society, the common good, necessary public trust and confidence, and the infrastructure
      2. Act honorably, honestly, justly, responsibly, and legally
      3. Provide diligent and competent service to principals
      4. Advance and protect the profession

      4.12 Escalate Issues Responsibly

      a. Alert the (ISC)² Community managers to any issues you are experiencing or send an email to community@isc2.org.

      b. Members and certification candidates seeking assistance should contact membersupport@isc2.org for assistance.

      4.13 Enforcement of Guidelines

      a. By using the (ISC)² Community, you agree to the above stated guidelines, as well as the Website Access Policy for the (ISC)² Community. Content that violates the Website Access Policy or the Community Guidelines will be removed or edited. Users violating Community Guidelines will be warned. If users continue to violate guidelines, they will face a temporary, 30-day ban. If violations persist after reinstatement, users will be banned permanently. Hate speech, personal attacks and spam posts will not be tolerated, and may result in the permanent ban of the user immediately and without formal notice.

  • Unacceptable/Abusive Behavior Policy Unacceptable/Abusive Behavior Policy
    1. Policy Overview

      (ISC)² Member Services manages thousands of interactions with candidates, members and associates [hereafter, "(ISC)² Community"] on an annual basis without incident. (ISC)² Community feedback is integral to service improvements and enhancements, so we welcome all views, questions and recommendations about member services. There are times, however, when (ISC)² Community members (acting out of anger, frustration or distress) demonstrate unacceptable behavior. This policy is designed to assist Member Services staff in managing situations in which (ISC)² Community members demonstrate unacceptable behavior and provides guidance to staff on how to manage these behaviors. This guidance should be considered in conjunction with the (ISC)² Harassment Policy.

    2. Revision History

      Version 1.0

    3. Scope

      This policy applies to Member Services staff providing customer service and support and the (ISC)² Community receiving that support in all (ISC)² regions.

    4. Definitions

      Unacceptable – demonstrating unwelcome and intolerable behavior

      Persistence – continuing firmly on a course of action despite opposition or requests to cease

      Unreasonable – beyond the limits of acceptability, fairness or good sense

    5. Policy

      Aligned with our Customer Service standards, (ISC)² staff will deal fairly, respectfully and consistently with the (ISC)² Community. This includes those whose actions are considered to be unacceptable. All of our customers have a right to have their service requests considered and to be treated with respect.

      Staff of (ISC)² have that same right. This policy provides guidance to manage our (ISC)² Community with a service, even where it is considered that a person's behavior or actions are unacceptable. It aims to empower our staff to use this policy to deal with any unacceptable behavior and ensure that those who act in an unacceptable manner do not disadvantage themselves. It ensures that staff enjoy the same level of security whether their job involves them either working as a lone worker, in an office or an external environment.

      6. 5.1 Categories of Behavior

      5.1.1 Unacceptable Use of Language

      (ISC)² Member Services staff have the right not to be subjected or to suffer language that is abusive, offensive, threatening, derogatory nor discriminatory. Examples of this kind of language includes:

      • Yelling or shouting
      • Excessive profanity
      • Threats of violence
      • Bullying or intimidating
      • Remarks of a sexual nature
      • Unsubstantiated allegations
      • Remarks that are racist, homophobic, xenophobic or misogynistic

      5.1.2 Unreasonable Expectations and Persistence

      Sometimes (ISC)² Community members will not or cannot accept that Member Services is unable to assist them further or to provide the desired outcome. They may persist in disagreeing with the action or decision taken in relation to their concerns or they may persistently contact Member Services about the same issue(s). Note that the method some (ISC)² Community members use in contacting Member Services is often reasonable, but the persistence in doing so that becomes unreasonably forceful or demanding. In some of these case, the continual telephone calls and emails may be considered harassment. Examples include:

      • Making the same complaint despite the matter having been full addressed by support staff or management
      • Repeating complaints about a previous or historical matter that cannot be undone or remedied
      • Refusal to accept the decision of Member Services staff
      • Refusal to abide by (ISC)² Policies and Procedures
      • Continuing to contact Member Services (phone, email, letter) on the same issue(s) without providing any new information
      • Repeatedly changing the nature or focus of a complaint or desired outcome part way through an investigation or after a formal response has been provided
      • Amplification of issues on social media after Member Services has already provided a response

      5.1.3 Unacceptable Demands on Service

      Some members of the (ISC)² Community make unacceptable demands of Member Services due to the amount of information they ask for or the nature and scale of the service they expect. Examples include:

      • Refusal to end a telephone call
      • Sending the same or similar request to several members of staff
      • Demanding responses in an unreasonable timeframe
      • Requesting responses to correspondences that fall under the "Unacceptable Use of Language" category of behaviors
      • Demanding access to information not generally provided to (ISC)² Community Members
      • Insisting to speak to someone who is either not available or not the appropriate person (e.g. the CEO or Board of Directors)
      • Demanding that (ISC)² make unreasonable accommodations (fee waivers, refunds) based on their experience with any of our third-party partners (Pearson Vue)

      5.2 Managing Behavior

      Members of (ISC)² Community found demonstrating the above behaviors will be subject to sanctions up to, and including, restricting or banning access to (ISC)² services.

      In some cases, a single violation could result in sanctions. These include:

      • Threats of violence
      • Remarks that are racist, homophobic, xenophobic or misogynistic
      • Remarks of a sexual nature

      (ISC)² takes a zero-tolerance approach to these types of behaviors and therefore reserves the right to apply more serious sanctions even after a first instance of these behaviors

      5.2.1 A member of the (ISC)² community should always be given an opportunity to rectify his or her behavior and in the first instance, staff should explain that they find someone's behavior or language unacceptable and allow the person a chance to remedy, moderate or change the behavior.

      5.2.2 (ISC)² recognizes that a person's actions may be affected by disability, including mental health issues, substance misuse or other factors. (ISC)² will take these factors and any other relevant matters into account when implementing this policy.

      5.2.3 (ISC)² staff should be aware of and put into practice any service specific guidelines/policies on managing unacceptable behavior. If the behavior continues, employees are able and empowered to:

      • End telephone calls if the caller is considered aggressive, abusive or offensive. Employees should clearly explain why they are ending the call.
      • Report the threat, verbal abuse/harassment or persistent correspondence to the Member Services Supervisor/Manager. Some situations need to be escalated or consulted with the Department head to decide how to manage communications or contact with the person.
      • If Member Services leadership has exhausted all mechanisms to handle this member, the matter may be escalated to upper management/senior officers or Legal, if necessary. All background information and details of the situation should be provided to allow for thorough review and action.

(ISC)² Logos & Guidelines

  • (ISC)² Regulations Governing Use of Certification/Collective Logo Marks (ISC)² Regulations Governing Use of Certification/Collective Logo Marks

    (ISC)² is a non-profit membership organization identified as the leader in certifying individuals in cybersecurity. All of (ISC)²'s certifications are ANSI ISO/IEC 17024 accredited. (ISC)² does not provide cyber security services, but focuses on the training, education, and certification of information and application security professionals.

    Candidates who successfully complete any of the (ISC)² certification requirements may use the appropriate Certification Mark and Logo (collectively the "Logo") to identify themselves as having demonstrated the professional experience and requisite knowledge in the realm of cybersecurity. The following guidelines explain how (ISC)² Logos may be used.

    Using the Logo

    Only those who have demonstrated the requisite experience in cybersecurity, agree to be bound by the (ISC)² Code of Ethics, successfully passed the corresponding examination(s), and have had their experience and professionalism endorsed by an (ISC)² member are certified by (ISC)². Those who meet these standards ("Certified") are authorized to use the appropriate Logo(s). The Logo(s) identifies those who have met the strict criteria for certification and are able to demonstrate professional judgment and abilities in information security. Use of the Logo indicates the Certified's acceptance of the terms in the agreement executed upon applying to sit for the corresponding examination and these guidelines and that Certified has met the criteria to be a CISSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CAP, CSSLP, SSCP®, HCISPP, and/o CCSP and has maintained the requisite certification obligations. Use of the Logo must be discontinued immediately if Certified does not maintain their certification.

    • Certified may use the Logo only on business cards, letterhead, marketing material and resume to indicate that they are an (ISC)² credential holder. Certified may not use the Logo on any product or product-related material.
    • Certified may only use the Logo for which they have successfully completed the certification requirements (e.g. CISSPs may not use SSCP, nor may SSCPs use CISSP, unless they have completed the appropriate requirements).
    • Certified may not alter the Logo artwork in any way other than to increase or decrease in size.
    • The Logo may not be translated or otherwise localized into any other language. Any localized versions of the Logo must be provided by (ISC)².
    • Certified may not display the Logo in any manner that suggests they are an employee of (ISC)² or in a manner that suggests "(ISC)²" is a part of their company name. Use of the Logo must clearly indicate that Certified is independent from (ISC)².
    • Certified may not use the Logo in any manner that is derogatory to or critical of (ISC)² or the certification.
    • Certified's name, trade name, or company name must appear on any materials where the Logo is used. The Logo cannot appear larger or more prominent than Certified's name, product or service name, trademark or service mark, logo or trade or company name.
    • The Logo may not be used in any manner that expresses or might imply (ISC)²'s affiliation, sponsorship, endorsement, certification, or approval, other than as set forth by the (ISC)² Application Agreement.
    • The Logo, or any elements thereof, may not be included in trade or business name, domain name, product or service name, logo, trade dress, design, slogan or other trademarks.
    • Certified may not combine the Logo with any other object, including, but not limited to, other logos, icons, words, graphics, photos, slogans, numbers, design features, symbols, or Website audio files. (i.e. Mixing another Logo with the CISSP Logo to create a variation)
    • The Logo may not be used as a design feature on any product or service materials.
    • The Logo may not be imitated in any manner.
    • On marketing material (exclusive of letterhead, business cards, and resumes), the Logo shall be attributed to the International Information Systems Security Certification Consortium with the following attribution clause in all materials where it is used: "CISSP (or appropriate certification) is a registered mark of the International Information Systems Security Certification Consortium in the United States and other countries."
    • The respective Logo (e.g. "CISSP" or "SSCP", etc.) shall always be accompanied by ® except where prohibited by size constraints (i.e. business cards).
    • Certified may not use the (ISC)2 Logo or mark in any manner other than as a link on Certified's Website to www.isc2.org.
    • Associates of (ISC)² are NOT certified and may not use any Logo or description other than "Associate of (ISC)²". Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)² certification.

    Logos may not be used in any way other than as specified in these guidelines. Failure to comply with these instructions shall constitute a breach of the (ISC)² Application Agreement.

    Compliance with Guidelines

    (ISC)² reserves the right to spot-check all marketing and promotion materials bearing the Logo and may periodically send out requests for samples. Certified must correct any deficiencies in use of the Logo. Refusal to correct such deficiencies or to cease publication or distribution could result in revocation of right to use the Logo.

    Logo Artwork

    Electronic artwork files for the Logo are available on the (ISC)²'s members-only Website.

    Use the following contact information to obtain clarification or permission:

    E-mail: legal@isc2.org

    Mail: Attn: Logo Guidelines

    (ISC)², Inc.
    311 Park Place Boulevard, STE 400
    Clearwater, Florida 33759

  • Logos Download & Usage Logos Download & Usage
    The following are guidelines for using the (ISC)² approved marks on industry information. All credential holders in good standing are authorized to use the appropriate certification mark and/or logo subject to the guidelines found in the official (ISC)² Logo Usage Guidelines. Use of the (ISC)² mark and/or logo is restricted. View the official (ISC)² Logo Usage Guidelines for more details.

    (ISC)² Logo and Usage

    On all full-color communications materials, the (ISC)² logo should be reproduced in the following Pantone color (3298 CP) or reversed out in white. When necessary, the logo can be produced using CMYK, RGB and HEX. As an alternative the (ISC)² logo may be used in black.


    Logo Guidelines



    Logo Area

    It is important to keep the logo area clear of any distracting elements. Please allow at least 1/5" of clear space around the logo, as shown.

    Logo Guidelines

    Credential Usage

    Being a credential holder is a testament of one’s profession and expertise. When indicating your credentials in business correspondence, it is important to list your certifications in the appropriate order after your name. (ISC)² certifications should be listed from the highest experience level to the lowest: CISSP®, CSSLP®, HCISPP®, CAP®, SSCP®

    For example:
    Jim M. Smith, CISSP, SSCP
    Melinda Adams, CISSP, CAP, SSCP

    When listing multiple CISSP concentration certifications, the order should be alphabetical as follows: CISSP-ISSAP®, ISSEP®, ISSMP®. These credentials should be listed before the CAP and SSCP certifications.

    For example:
    Jane K. Baker, CISSP-ISSAP, ISSMP, SSCP
    Kevin S. Doane, CISSP-ISSEP, ISSMP, CAP, SSCP

    Official logo files are available for download as a self-extracting ZIP file.

    Download

Additional Membership Information

The following resources offer more details and information on navigating (ISC)² membership.

Ok