Membership Policies and Procedures

The following policies and procedures assist and guide members and Associates of ISC2 through their membership.
Four people meeting in a conference room
  1. Purpose

    This policy establishes the requirements to appeal a certification/designation that has been suspended or terminated.

  2. Revision History

    Version 3.0 (Updated March 2022)

  3. Scope

    This policy applies to all ISC2 certified members and Associates of ISC2.

  4. Policy

    4.1 ISC2 certified members and associates whose certification/designation status are suspended or terminated may file an extension request or appeal the suspension or termination of their certification/designation.

    4.2 All appeals need to be submitted prior to the end of the 2-year suspension period.

    4.3 Once a member/associate has confirmed the intent to file an appeal, an appeal form must be completed. The appeal form along with the written statement and supporting documentation should then be provided to Member Services at membersupport@isc2.org, This written statement should explain in detail the circumstances that occurred which prevented recertification requirements from being met prior to suspension or termination.

    4.3.1 All information and documentation regarding the appeal will be collected and provided to Member Services Manager for review and consideration in a timely manner.

    4.3.2 Member Services Coordinators will follow appeal through to completion including monitoring account activity for renewal requirements submission if appeal is granted. Review of appeals typically takes 7-10 business days.

    4.4 If extension or appeal is approved, the individual must fulfill extension/appeal approval information. If extension or appeal is disapproved, the individual must retest to regain certification/designation.

    4.5 ISC2 understands that occasionally there are certain extenuating circumstances that occur preventing members from completing all their recertification requirements by their expiration date. Some examples for such extenuating circumstances are the following:

    • Personal/Immediate family, or household person’s medical issues
    • Extended involuntary unemployment
    • Military deployment
    • Natural disaster
    • Unexpected personal calamity
    • Death of Immediate Family Member (For purposes of this policy, "immediate family" is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)

    4.6 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to a medical or military issue that prevents the certified member or associate from fulfilling the AMF and CPE requirements on time. If certified members and associates have experienced hardships throughout their three-year certification cycle, they must contact Member Services at membersupport@isc2.org.

  1. Purpose

    This policy provides the guidelines for upgrading associate designation to full certification and ISC2 membership.

  2. Revision History

    Version 3.0

  3. Scope

    This policy applies to all Associates of ISC2 upgrading to full certification and ISC2 membership.

  4. Policy

    4.1 For an associate designation to be upgraded to a certified member, the individual must have passed an ISC2 examination and currently hold the Associate of ISC2 designation. The individual must submit the certification application before the last day of the last year that they can hold the associate designation (see 4.2).

    4.2 Associates will have a specific time frame to obtain cumulative work experience in the domains of their target certification and to complete the certification application process. The specific time frames for each certification are as follows:

    • CISSP & CCSP up to six years
    • CSSLP up to five years
    • CGRC up to three years
    • SSCP up to two years

    4.3 Upon gaining the required work experience, associates will need to submit a certification application. Once the application is reviewed and approved, the associate will receive an email confirmation (Next Step email) outlining the next steps towards certification. They will be instructed to log in to their dashboard to pay the difference of U.S. $85, assuming that the U.S. $50 associate AMF has been paid for the year – from the associate to certified Annual Maintenance Fee – before they become certified. Once complete, ISC2 membership and the three-year certification cycle will begin.

    4.3.1 If the certification application is not approved, the associate will receive an email from ISC2 customer service team stating why they did not meet the requirements and advising when they can reapply.

    4.4 The associate’s cycle will be terminated under the termination reason ‘Upgrade Associate.’ A three-year certification cycle will start on the first of the following month after the upgrade fee payment is made. The associate Credly badge will be terminated, and a new credential badge will be issued which demonstrates their certification.

    4.5 Associate AMF is non-refundable and subject to change based on ISC2’s discretion.

  1. Purpose

    The purpose of this policy is to establish guidelines on the issuance of digital badges associated with new and existing members and associates.

  2. Revision History

    Version 4.0

  3. Scope

    This policy applies to all members and Associates of ISC2.

  4. Policy

    4.1 Newly certified members/associates are issued a digital badge for the certifications they’ve earned. Once a candidate passes their ISC2 examination and successfully completes the endorsement application process, they will be able to claim their Credly Badge. Candidates who fail the endorsement process can apply for the associate designation and once approved, they will be issued an associate badge.

    4.2 These digital badges based on open badge standards enable newly-certified members to manage, share and verify their certifications digitally.

    4.2.1 Certified members are in complete control of the information they wish to make public. All certification information can be configured in the Credly account.

    4.2.2 Digital badges are uniquely linked to data hosted on the Credly platform. This link to verified data makes Credly digital badges more reliable and secure than a traditional paper-based credential. It also eliminates the possibility of anyone claiming a member’s credential and associate identity.

    4.2.3 Every certification and profile on the Credly platform has a unique URL that can be embedded on a resume or website. The platform also offers seamless integration with several popular social and professional networking platforms for the display of certifications as open badges. Sharing to LinkedIn enables the earner to display the achievement within their profile with single click verification.

    4.3 New members are notified through email to claim their badge within two weeks of earning their certification.

    4.4 Certified members/associates can claim a digital badge for each active certification they hold or exam passed.

    4.5 For questions related to the status of your Credly badge, members can contact badges@isc2.org. For questions related to the status of certification, members can contact membersupport@isc2.org.

  1. Purpose

    This policy establishes the requirements for ISC2 Certified Members and Associates of ISC2 to maintain their certification(s) or associate status. For ISC2 Candidate maintenance requirements, please refer to the Candidate Maintenance Policy found here.

  2. Revision History

    Version 7.0

  3. Scope

    This policy applies to all ISC2 certified members and associates.

  4. Policy

    To maintain certification or associate status, ISC2 certified members and associates must earn a minimum amount of continuing professional education (CPE) credits for each of their cycles, as well as pay an annual maintenance fee (AMF). Both maintenance requirements must be in compliance to ensure that certification or associate status remains in good standing.

    4.1 Continuing Professional Education (CPE) Maintenance Requirement

    4.1.1 Certified members are required to earn and submit CPE credits over their three-year certification cycle. All CPE credits must be earned and completed no later than 90 days after the member’s certification expiration date. For specific CPE requirements, refer to the ISC2 Certification Maintenance Handbook (also available in Chinese, Japanese and Korean).

Certification Type Suggested Annually Required 3-Year Total
CC Group A 15 45
Group A or B -- --
Total 15 45
 
CISSP Group A 30 90
Group A or B 10 30
Total 40 120
 
CSSLP, CCSP Group A 20 60
Group A or B 10 30
Total 30 90
 
SSCP, CGRC Group A 15 45
Group A or B 5 15
Total 20 60
 
ISSAP, ISSEP, ISSMP
With CISSP*
Without CISSP
 
Group A
Group A
 
20
47
 
60
140
*If you hold a CISSP and an ISSMP, ISSEP or ISSAP, 20 CPE credits of the total number of Group A CPE credits required in the CISSP three-year cycle must be directly related to the ISSMP/ISSEP/ISSAP. If you hold more than one of these certifications, you must earn 20 CPE credits in each of them. CPE requirements for ISSMP, ISSEP and ISSAP are automatically counted toward the CISSP CPE requirement.

4.1.2 Associates of ISC2 are required to earn and submit 15 CPE credits annually. All CPE activities must be completed or earned no later than 90 days after the expiration date of the annual associate cycle. For more information on CPE requirements and activities, please refer to the ISC2 Certification Maintenance Handbook (also available in Chinese, Japanese and Korean).

Designation Type Required Annually 3-year Total
Associates of ISC2 Group A 15 N/A

4.1.3 ISC2 allows certified members and associates a 90-day grace period after the cycle expiration date to earn and submit required CPE credits.

4.1.4 If a certified member or associate fails to submit the required CPE credits before the 90-day grace period expires, the certified member or associate will be placed in suspended status.

4.2 Annual Maintenance Fee (AMF) Requirement

4.2.1 Certified members (single-certified or multi-certified), with the exception of members holding the Certified in Cybersecurity (CC) certification, are required to pay an AMF in the amount of U.S. $135 that is due on the member’s certification cycle start date and subsequent annual anniversaries. Members who hold only the CC certification are required to pay an AMF in the amount of U.S. $50 due on the member’s certification cycle start date and subsequent annual anniversaries.

Individuals who pass their exams and have their certification application approved must pay their first AMF before certification is granted.

Associates of ISC2 are required to pay the AMF of U.S. $50, which is due annually on the anniversary date of the associate’s cycle. Individuals who pass their exams and are applying for associate designation must pay their first year’s AMF of U.S. $50 before their associate designation is granted.

4.2.2 For certified members with multiple certifications on multiple cycle dates, the initial ISC2 certification anniversary will be the start date for all certifications held and AMF due date. For example, if a member obtained the CISSP certification Sept. 1, 2010, and a CGRC certification on Jan. 13, 2012, the member’s certification anniversary would be Sept.1 each year.

4.2.3 After the 90-day grace period expires and if they have failed to pay the past due AMF, the member’s certification or associate designation will be suspended. This applies for each year of the three-year certification cycle for certified members and annually for Associates of ISC2.

4.2.4 Once suspended, individuals may no longer be allowed to use the certification or associate designation, display the certificate or imply in any way that they are currently certified or an associate.

4.2.5 AMF payments are non-refundable and subject to change based on ISC2’s discretion.

4.3 Reinstatement Requirements

4.3.1 To be reinstated once a certification or associate designation is suspended, ISC2 certified members and associates are required to submit all outstanding CPE credits and pay all outstanding year AMFs.

4.3.2 Suspended status may be maintained for up to two consecutive years. After two years, suspended members and associates will be terminated.

4.3.3 Terminated certified members who seek reinstatement will be required to submit at least 5 CPE credits for each domain of the certification being reinstated, along with 40 CPE credits in their primary domain of practice, and a total of 120 CPE credits. CPE activities for terminated member reinstatement must be obtained within a 12-month period.

4.3.4 Alternatively, terminated certified members may seek reinstatement through reexamination.

4.3.5 Terminated associates may only be reinstated through reexamination. For questions or assistance, terminated associates can contact ISC2 Customer Service.

4.4 Hardship

4.4.1 ISC2 understand that occasionally there are certain extenuating circumstances that occur preventing certified members and associates from completing all their maintenance requirements by their due date. Some examples for such extenuating circumstances are the following:

  • Personal/immediate family medical issues (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)
  • Death of immediate family member
  • Extended involuntary unemployment
  • Military deployment
  • Declared natural disaster (by government agency)
  • Declared pandemic (by government agency)

4.4.2 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to circumstances that prevent the certified member or associate from timely completing AMF or CPE requirements. Documentation requirements for grace period extension will vary based on rationale and length of requested extension.

4.4.3 Certified members and associates who seek extension of the 90-day grace period under this hardship policy must contact ISC2 Customer Experience to apply for consideration and approval.

  1. Purpose

    This policy provides the usage rules and enforcement of the rules for the ISC2 Community at community.isc2.org.

  2. Revision History

    Version 1.0

  3. Scope

    This policy applies to all ISC2 Community users (both ISC2 members and non-members).

  4. Policy

    Located publicly online at https://community.isc2.org/t5/Welcome/ISC-Community-Usage-Policy-Guidelines-Updated-August-2020/m-p/38340

    4.1 Open Forum

    a. One of the primary purposes of this Community is to raise awareness for cybersecurity issues and the profession. As such, this is an open forum. Post on the community knowing that what you share is viewable by the public and search engines. Only a limited number of closed groups are private and not visible to all users, including non-registered Community members.

    b. Only registered Community users can post messages. Create your Community account.

    c. Community users often share personal experiences and might offer peer-to-peer support. Keep in mind, that these are personal opinions and do not necessarily represent the position of ISC2. Questions requiring a formal answer should be directed to ISC2 staff. When answering questions regarding ISC2 policies or procedures, it is best to link to the appropriate ISC2 policy page and not try to summarize or paraphrase ISC2 policies as it can risk misunderstandings. It is fair to share your experiences and offer sources of support (such as emailing membersupport@isc2.org or flagging a Community manager), but ISC2 staff are aware of the latest policies, procedures and systems status, and are best equipped to officially and accurately address questions on the Community.

    • Our Community Champions are here to encourage current and future members and to share their extensive expertise in information security to help facilitate discussions. We appreciate the support they volunteer to help the Community, but please respect their time and direct member and candidate support questions to ISC2 staff.

    d. The Community is a forum for honest, constructive discussion about the ISC2 association, including governance, processes, policies and systems. Be mindful that ISC2 members are the heart of the association. Everything ISC2 members post on this forum is an extension of the association. Help your association grow and thrive by being a welcoming and helpful place for members, certification candidates and interested parties looking for solutions to today’s security challenges.

    e. As an open forum, community users respond to questions/posts with advice on topics. While we will attempt to correct any misunderstandings or outdated advice, ISC2 is not responsible for inaccurate information posted. Regarding questions about ISC2 policy and practices, we recommend users refer directly to the policies and procedures page.

    4.2 Protect Privacy

    a. Don’t share any information about yourself or your organization you do not want made public. Do not share personal information. Personal information includes your home address, full name, ISC2 member/ID number, credit card numbers, social security numbers, email address, etc. In addition, do not request the personal information of other users. Keep in mind, as with any online forum, that even the Community’s Private Message function is no guarantee of privacy of your online exchanges.

    b. If you have any issues with your ISC2 account, contact Member Services with your specific issue, account number and contact information at membersupport@isc2.org or visit www.isc2.org/contact-us for additional resources.

    c. In the course of your interactions with ISC2, you may come in contact with staff members through various communications channels. Do not publicly share the email addresses, phone numbers or other information about ISC2 staff other than their user profiles on the Community. When addressing association issues, do not identify specific staff members you feel may be responsible. Please escalate issues through appropriate channels and through Community managers.

    d. ISC2 reserves the right to promote posts and conversations in public discussion boards within the Community on other channels such as Twitter, LinkedIn, Facebook and its magazine InfoSecurity Professional to help encourage more diverse input and awareness about topics.

    4.3 Honestly Represent Yourself

    a. Have fun with your username and avatar; however, remember this is a professional forum

    b. Do not purposely misrepresent yourself

    c. Do not impersonate other people, including ISC2 staff

    d. Do not use copyright-protected photos for your avatar

    4.4 Be Respectful

    a. Respect others’ time and attention with well-thought-out questions and discussion by keeping your tone positive and maintaining constructive criticism. Personal attacks or criticism of another’s abilities will not be tolerated. Insults, swear words, vulgar language, legal threats, controversial political statements, discriminatory remarks, ridicule, and/or illegal content is not allowed.

    b. Attempting to deliberately circumvent moderation tools and content filters in place to prevent inappropriate content is counter-productive and disrespectful of an administrator’s time. It will not be tolerated. Redacting or obfuscating offensive words when discussing threats and tactics used by threat actors is an appropriate way to address these valuable topics and information sharing.

    4.5 Be Relevant

    a. Keep discussions relevant to our Community’s mission and specific topic areas. Search to see if your question has already been posted to avoid duplication. If you are unsure if a topic is relevant to the Community, please do not hesitate to ask one of the Community team members at community@isc2.org. Do not reply with off-topic comments; instead, create a new post and link to the original if needed. Don’t post the same message in multiple areas.

    b. External links (including those in a signature) should only be posted when related to the content in the thread and not link to irrelevant or off-topic content

    c. Professional signatures including your name, certifications and link to your Credly badge or a reputable professional network like LinkedIn are permissible

    4.6 Be Lawful

    a. Do not any violate any laws or break any contractual agreements you have made (copyright, trade secret, nondisclosure agreements or others)

    4.7 Adhere to ISC2 Exam Confidentiality

    a. Discussing ISC2 examination items, answers and responses with other individuals is a violation of the ISC2 Examination Non-Disclosure Agreement that is signed prior to taking an ISC2 examination. Any posts related to this will be removed, and users found to be in violation may face penalties.

    b. General discussions about exams that do not share specific exam items are permissible. We encourage Community members to help candidates prepare themselves for success and share their own experiences without disclosing any information that could compromise the integrity of the exam process.

    4.8 Be Responsible With Vulnerability Disclosures

    a. This Community is not to be used as a forum for public disclosure of vulnerabilities. Ethical disclosure is important; however, this Community is not the appropriate place for original disclosures.

    b. It is appropriate to discuss publicly disclosed vulnerabilities and how security professionals should respond.

    4.9 Promote Ideas, Not Products

    a. Solicitation or advertisement of goods or services in posts, links, private messages, or any other means of communication is prohibited, and Community users who violate these guidelines may also be subject to further action, including a permanent ban from the Community.

    4.10 Be Concise

    a. Lengthy posts can be intimidating on a forum and might discourage people from reading. Summarize your thoughts or question into a short paragraph with a few points to start a discussion within the Community. When reposting information from a blog, contributed article, or other information, provide a brief overview and include a link to the original source. We require compliance with “fair use” when reposting.

    4.11 Be Vigilant

    a. Flag inappropriate content if you notice anything that violates these guidelines. To flag, use the menu at the top right of a post and select “Report Inappropriate Content.” It will be reviewed by a Community team member. In addition to flagging content that is vulgar, hateful and/or off-topic, this extends to non-helpful, ridicule and baseless jokes as well. This Community is intended to be a tool for cybersecurity professionals to work together to solve problems. When in doubt, refer to our Code of Ethics Canons:

    1. Protect society, the common good, necessary public trust and confidence, and the infrastructure
    2. Act honorably, honestly, justly, responsibly, and legally
    3. Provide diligent and competent service to principals
    4. Advance and protect the profession

    4.12 Escalate Issues Responsibly

    a. Alert the ISC2 Community managers to any issues you are experiencing or send an email to community@isc2.org.

    b. Members and certification candidates seeking assistance should contact membersupport@isc2.org for assistance.

    4.13 Enforcement of Guidelines

    a. By using the ISC2 Community, you agree to the above stated guidelines, as well as the Website Access Policy for the ISC2 Community. Content that violates the Website Access Policy or the Community Guidelines will be removed or edited. Users violating Community Guidelines will be warned. If users continue to violate guidelines, they will face a temporary, 30-day ban. If violations persist after reinstatement, users will be banned permanently. Hate speech, personal attacks and spam posts will not be tolerated, and may result in the permanent ban of the user immediately and without formal notice.

  1. Purpose

    This policy provides the requirements for Member Emeritus.

  2. Revision History

    Version 3.0

  3. Scope

    This policy applies to all ISC2 certified members.

  4. Policy

    4.1 ISC2 allows a certified member who wishes to retain his/her affiliation with ISC2 to be granted a designation upon his/her retirement from the information security profession.

    4.2 The Member Emeritus designation is defined as follows:

    • A Member Emeritus will enjoy all the rights of full ISC2 membership, including, but not limited to:
      • Access to member magazine
      • Access to security reports
      • Option to attend free virtual events
      • Vulnerability Central
      • Member discounts
      • All ISC2 official communications
    • A Member Emeritus will:
      • keep their same ISC2 ID number
      • agree to follow ISC2 Logo Usage Guidelines
      • maintain contact information in the ISC2 Member Dashboard
    • A Member Emeritus will be unable to:
      • vote in ISC2 elections
      • hold an ISC2 office
      • participate in ISC2 exam development activities

    4.3 To obtain Member Emeritus designation, a certified member must meet the following requirements:

    • Be a certified member in good standing
    • No longer practicing or employed as an information security professional (including consulting, private and public sector work)
    • Has been a credential holder of the certification associated with the emeritus status in good standing for at least 9 years.
    • Not be the subject of a current ISC2 ethics action/investigation

    4.4 Member must complete a Member Emeritus Application Form (form can be requested from MemberSupport@isc2.org)

    4.5 Member must pay a one-time application fee. The application fee will be equal to three (3) times the current certified member AMF. Application fees are non-refundable.

    4.6 Reinstatement to active status is not anticipated; however, a Member Emeritus must meet all the following qualifications/requirements before reinstating to active status.

    4.6.1 If the Member Emeritus is held for two years or less (the two-year timeframe begins at the date the Member Emeritus was approved. The Member Emeritus must:

    • Contact ISC2 Customer Experience
    • Report up to 60 CPE credits earned within the previous 12 months (actual amount of CPE required for reinstatement based on length of Member Emeritus status and is accrued monthly)
    • Agree to abide by and adhere to the ISC2 Code of Ethics.

    4.6.2 If Member Emeritus is held for more than two years (the two-year timeframe begins at the date the designation was approved), the Member Emeritus must apply for reinstatement following certification and membership maintenance policy.

    4.6.3 A Member Emeritus that is reinstated to active credential holder will have their Member Emeritus status rescinded.

    4.6.4 Once Member Emeritus is granted; he/she may be reinstated only once to active status.

  1. Purpose

    This policy provides guidelines and requirements of the endorsement and application review process for candidates to obtain their ISC2 credential after passing an ISC2 exam.

  2. Revision History

    Version 4.0

  3. Scope

    This policy applies to all candidates for ISC2 credentials, except for Certified in Cybersecurity (CC).

  4. Policy

    4.1 Individuals who pass an ISC2 examination must go through an endorsement process in order to obtain the credential for the examination they passed. Once these individuals receive notification that they have successfully passed the exam, they may start the online endorsement application.

    4.1.1 Endorsement applications are submitted through an online form available on the ISC2 website at https://www.isc2.org/Endorsement. If an individual is not able to submit their application via the online form, they will be provided with a PDF application via email.

    4.2 All candidates who pass an ISC2 credential examination must complete the endorsement process within a time period of no longer than nine (9) months.

    4.2.1 A percentage of the candidates who pass an ISC2 examination and submit endorsements will be randomly subjected for audit and required to submit additional information, as required, for verification. Those candidates will be notified via email if their application is selected for audit.

    4.3 All credential endorsement applications must be reviewed and endorsed by an ISC2 certified member in good standing. The ISC2 member does not have to hold the same credential.

    4.3.1 The ISC2 certified professional is anyone who:

    • Is able to attest to the candidate’s professional experience
    • Is an active ISC2 credential holder in good standing

    4.4 If the candidate does not know an ISC2 certified professional in good standing, ISC2 can provide endorsement assistance to act as the endorser. Candidates may request assistance with the endorsement requirement by submitting additional documentation with their endorsement form so that ISC2 staff may review their qualifications and consider endorsing the candidate.

    4.5 The endorser will attest the individual’s assertions that his/her professional experience are true to the best of the endorser’s knowledge, and that the individual is in good standing within the cybersecurity industry. The endorser’s certification number and surname is needed when filling out the online application.

    4.6 Once a candidate’s endorsement application has been approved, the final step in the process is to pay their first Annual Maintenance Fee (AMF). If the candidate already holds an ISC2 certification, they will not have to pay an additional AMF for the latest certification.

  1. Purpose

    This policy establishes the requirements for reinstatement and reactivation of membership and provides the procedure to reinstate a terminated renewal billing record and reactivate a membership.

  2. Revision History

    Version 3.0 (Updated March 2022)

  3. Scope

    This policy applies to all ISC2 certified members and associates of ISC2.

  4. Policy

    ISC2 allows a suspended or a terminated member or associate to regain certification.

    4.1 Suspension Status

    4.1.1 Members and Associates are given a 90-day period from the due date (earliest date of certification) to pay their Annual Maintenance Fees. Failure to pay within the 90-day period will result in certification suspension. Once suspended, individuals may no longer be allowed to use the certificate designation, display the certificate itself, or imply at any way that they are presently certified.

    4.1.2 Once certification is suspended, individuals are required to submit all outstanding CPE credits and pay all past due AMFs through the member portal prior to certification being reinstated.

    4.1.3 Suspension status may be maintained for up to two consecutive years. After two years, members or associates of ISC2 will be terminated, and all membership rights will be revoked.

    4.2 Terminated Status

    4.2.1 Suspended members and associates who do not recertify after two years will be terminated.

    4.2.2 To be reinstated once a certification or designation is suspended, ISC2 certified members and associates are required to submit all outstanding CPE credit and pay current year AMFs.

    4.2.3 Suspension status may be maintained for up to two consecutive years. After two years, suspended members and associates will be terminated.

    4.2.4 Terminated certified members who seek reinstatement will be required to submit at least 5 CPE credits for each domain of the certification being reinstated, along with 40 CPE credits in their primary domain of practice and a total of 120 CPE credits. CPE activities for terminated member reinstatement must be obtained with a 12-month period.

    4.2.5 Terminated associates may only be reinstated through reexamination.

    4.2.6 Terminated certified members may alternately seek reinstatement through reexamination.

    4.3 Hardship

    4.3.1 ISC2 understands that occasionally there are certain extenuating circumstances that occur preventing certified members and associates from completing all their maintenance requirements by their expiration date. Some examples for such extenuating circumstances are the following:

    • Personal/Immediate family medical issues (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)
    • Death of immediate family member
    • Extended involuntary unemployment
    • Military deployment
    • Declared natural disaster (by government agency)
    • Declared pandemic (by government agency)

    4.3.2 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to circumstances that prevent the certified member or associate from timely completing AMF or CPE requirements. Documentation requirements for grace-period extension will vary based on rational and length of requested extension.

    4.3.3 Certified members and associates who seek extension of the 90-day grace period under this hardship policy must contact ISC2 Customer Experience to apply for consideration and approval.

ISC2 is a non-profit membership organization identified as the leader in certifying individuals in cybersecurity. All ISC2 certifications are ANAB ISO/IEC 17024 accredited. ISC2 does not provide cybersecurity services, but focuses on the training, education, and certification of information and application security professionals.

These regulations have been developed to assist you in featuring the certification marks in print, multimedia, and online communications, including business cards, letterhead, advertising, presentation materials, personal promotional literature, signage, and websites. The ISC2 certification marks and badges (collectively the “Marks”) may only be used as described in this guide.

The proper usage of a Mark is important when you are communicating with your employer and current or prospective clients. When used appropriately, the Marks represent standards of excellence for information security in its respective areas.

The Marks are not equivalent to an educational degree, a professional designation, or a title. Instead, the Marks represent that you have met the standards set by ISC2, including completing the required work experience, adhering to the ISC2 Code of Ethics, and passing an examination. You are therefore entitled to use the Mark to which you have been certified, in conjunction with your name, to demonstrate this accomplishment so long as you abide by the rules outlined in these guidelines.

These rules should not be taken lightly. Since every ISC2 certification holder worked hard to achieve the right to use their Mark(s), we expect all members will want to protect their integrity. Thank you for your assistance in protecting the Marks and making ISC2 certifications the standard for information security globally.

Using the Marks

Only those individuals that have met the specific certification requirements established by ISC2 are certified by ISC2. Those who meet these standards ("Certified") are authorized to use the appropriate Mark(s). The Marks identify those who have met the strict criteria for certification and are able to demonstrate professional judgment and abilities in information security. Use of the Mark indicates Certified’s acceptance of the terms in the agreement executed upon applying to sit for the corresponding examination and these guidelines. Use of the Mark must be discontinued immediately if the individual does not maintain their certification.

Rules for Proper Usage of Certification Marks

These rules apply to all ISC2 certification marks, registered or unregistered. Although these examples show only one certification, the rules are applicable to all ISC2 certification marks: ISSAP, ISSEP, ISSMP, CISSP, CCSP, CSSLP, HCISPP, CGRC, SSCP, and CC.

  • Certified may only use the Mark for which they have successfully completed the certification requirements (e.g. A CISSP certification holder may not use SSCP, nor may a SSCP certification holder use CISSP, unless they have completed the appropriate requirements).
  • The Mark must be clearly associated with the individual(s) certified by ISC2.
    • Correct Use: John Zhao, CISSP
    • Misuse: ABC Partnership employs three (3) CISSPs.
  • The Mark must appear in all capital letters and without periods between the letters.
    • Correct Use: Jasmine Domingo, CISSP
    • Misuse: Jasmine Domingo, C.I.S.S.P.
  • If an individual holds multiple certifications, the Marks should be listed in order from the highest experience to the lowest: ISSAP, ISSEP, ISSMP, CISSP, CCSP, CSSLP, HCISPP, CGRC, SSCP, CC
    • Correct Use: Jasmine Domingo, ISSMP, CISSP, CGRC, SSCP
    • Misuse: Jasmine Domingo, SSCP, CISSP
  • Certified may use the Mark only on business cards, letterhead, marketing material, and resumes to indicate that they are an ISC2 certification holder. Certified may not use the Mark on any product or product-related material or in a trade or business name, domain name, product or service name, email address, logo, trade dress, design, or slogan.
  • Certified may not combine the Mark with any other object, including, but not limited to, other logos, icons, words, graphics, photos, slogans, numbers, design features, symbols, or website audio files (i.e. mixing another logo with a Mark to create a variation).
  • Certified may not alter a badge in any way other than to increase or decrease size.
  • Marks may not be translated or otherwise localized into any other language. Any localized versions of these must be provided by ISC2.
  • Certified may not use the Marks in any manner that is derogatory to, or critical of, ISC2 or its certifications.
  • The Mark may not be used in any manner that expresses or might imply ISC2's affiliation, sponsorship, endorsement, certification, or approval, unless approved by ISC2 in writing.
  • The Logo may not be imitated in any manner.
  • The respective Marks (e.g. "CISSP" or "SSCP", etc.) shall always be accompanied by ® except where prohibited by size constraints (i.e. business cards).
  • Certified may not use the badge in any manner other than as a link on Certified’s website or social media to www.isc2.org.
  • Associates of ISC2 are NOT certified and may not use any Mark or description other than "Associate of ISC2”. An Associate of ISC2 badge will show the examination that they passed, but until they complete the endorsement requirements, Associates are not allowed to utilize the Marks. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any ISC2 certification.
  • Marks may not be used in any way other than as specified in these guidelines. Failure to comply with these instructions shall constitute a breach of the ISC2 Examination Agreement.

Rules for Proper Usage of ISC2 Logo

These rules apply to the use of the ISC2 logo.

  • On all full-color communications materials, the ISC2 logo should be reproduced with black and Pantone 2426C or 2426U Green or reversed out in white. When necessary, the logo can be produced using CMYK, RGB and HEX. As an alternative the ISC2 logo may also be used all black.

ISC2 Logo Usage

  • It is important to keep the logo area clear of any distracting elements. Please allow a minimum of clear space equal to the height of the ISC2 “I”, as shown.

ISC2 Logo Usage Illustration

  • The ISC2 logo may not be used in any manner that expresses or might imply ISC2's affiliation, sponsorship, endorsement, certification, or approval, unless approved by ISC2 in writing.

Compliance with Guidelines

ISC2 reserves the right to spot-check all marketing and promotional materials bearing the Marks and ISC2 logo and may periodically send out requests for samples. Misuse of the Marks and/or ISC2 logo must be corrected. Refusal to correct such misuse as directed by ISC2 could result in a revocation of the right to use the Marks and/or ISC2 logo and ISC2 taking any actions it deems necessary to ensure compliance with these guidelines.

Badge Artwork

Electronic artwork files for the Marks are available for download:

Download ISC2 Logos / Marks

Questions related to the badge artwork should be directed to:

E-mail: membersupport@isc2.org

Mail: Attn: Member Support
ISC2, Inc.
625 N. Washington Street, Suite 400
Alexandria, VA, 22314
United States

For questions about these guidelines or to request permission to use a Mark or the ISC2 logo, use the following contact information:

E-mail: legal@isc2.org

Mail: Attn: Legal
ISC2, Inc.
625 N. Washington Street, Suite 400
Alexandria, VA, 22314
United States

 

Additional Membership Information

The following resources offer more details and information on navigating ISC2 membership.