Continuing Professional Education (CPE) policies & guidelines


The SECO-Institute is an independent certification and accreditation organisation. We hold the body of knowledge of the Cyber Security & Governance Certification Program.

SECO-Institute certifies professionals in the field of Information Security, IT-Security, Data Protection, Business Continuity and Crisis Management. Our goal is to improve the profession of security & continuity through our globally recognized Cyber Security & Governance professional development courses. Once a student has passed the certification exam he can claim his certification title at the SECO-Institute. Each certification level has overall three-year Continuing Professional Education (CPE) hours requirements that must be met in order to maintain the certification.

This CPE Policies & Guidelines document describes the CPE requirements and activities necessary during each year of a member’s three-year certification cycle. The CPE requirements are audited to ensure that members are in good standing to maintain their SECO-Institute certifications. These guidelines give our members an overview of a variety of activities which count for CPE credits. Members may use these guidelines to help calculate their CPE credits.

General CPE Requirements

To maintain their certifications, members are required to earn and submit a minimum number of CPE credits during each of their three-year certification cycle. The total number of CPE credits earned must add up to the minimum CPE credits required during a three-year certification cycle.

All CPE activities must be completed or earned during the three years of each certification cycle and no later than the certification expiration date (the end of member’s certification cycle).

At the end of the three-year certification cycle, when both required CPE credits and Annual Maintenance Fee (AMF) payment requirements are met, members’ renewal to a new three-year certification cycle will be processed. Members will receive a new certificate and digital badge.

Multiple Credentials

If a member holds more than one SECO-Institute credential, the CPEs he/she submits will automatically be counted toward all of his/ her active credentials.

Failure to Meet the Requirements

Failure to meet the three-year CPE and AMF requirements within 90-days following the certification expiration date will result in decertification, i.e., member’s certification/designation will be terminated. SECO-Institute will notify members by email to inform the them that he/she has been decertified. If members feel they are in jeopardy of not meeting certification renewal requirements by the deadline, they should contact SECO-Institute for assistance.

Required Number of Required CPE Credits

The minimum number of CPEs required each year and during a three-year certification cycle is determined by the type of certification or designation members hold. See the below tables for detailed requirements:

Title 3-Year Total CPE Points
Information Security Practitioner (S-ISP) 60
IT-Security Practitioner (S-ITSP) 60
Data Protection Practitioner (S-DPP) 60
Ethical Hacking Practitioner (S-EHP) 60
Secure Programming Practitioner (S-SPP) 60
Business Continuit Practitioner (S-BCP) 60
Crisis Management Practitioner (S-CMP) 60
Information Security Management Expert(S-ISME) 120
IT-Security Expert (S-ITSE) 120
Data Protection Expert (S-DPE) 120
Ethical Hacking Expert (S-EHE) 120
Secure Programming Expert (S-SPE) 120
Business Continuity Management Expert (S-BCME) 120
Crisis Management Expert (S-CME) 120
Certified Information Security Officer (S-CISO) 120
Certified IT-Security Officer (S-CITSO) 120
Certified Data Protection Officer (S-CDPO) 120
Certified Ethcial Hacking Expert (S-CEHL) 120
Certified Secure Programming Expert (S-CSPL) 120
Certified Business Continuity Officer (S-CBCO) 120
Certified Crisis Management Officer (S-CCMO) 120

CPE Activities

CPE credits are earned for participating in activities where members gain knowledge from the experience. The activities should be related directly to the areas of the SECO-Institute Cyber Security & Governance Certification Program Tracks:

– Information Security Management
– IT-Security
– Privacy & Data Protection
– Ethical Hacking
– Secure Software
– Business Continuity
– Crisis Management

Calculating CPE Credits

CPE credits are weighted by activities. Shown below are common categories of activities and the number of credits members can earn for each activity. Typically, a member will earn one-hour CPE credit for one-hour time spent in an educational activity. However, some activities are worth more credits due to the depth of study or amount of ongoing commitment involved. In general, CPE credits are not earned for day-to-day normal on-the- job activities.

Attending educational/training courses, seminars and conferences

Educational training courses, seminars and conferences related to the SECO-Institute Cyber Security & Governance Certification Program Tracks will qualify for one CPE credit for each hour of attendance. Training courses and seminars that are not related to the SECO-Institute Cyber Security & Governance Certification Program Tracks are not qualify for CPE credits.

Reading white papers, books and articles

Reading white papers, books or articles related to the SECO-Institute Cyber Security & Governance Certification Program Tracks will qualify for one CPE credit for 150 pages reading.

Teaching/ presenting

Instructors, teachers or professors can earn CPE credits for the time spent in teaching courses directly related to the SECO-Institute Cyber Security & Governance Certification Program Tracks. One hour teaching qualifies for one CPE credits.

Preparing new or updating existing training seminar or classroom material

Instructors, teachers or professors can earn CPE credits for the time spent in preparing security, business continuity or crisis management training or course material to teach in training seminars or academic classes. The material must be new but not recycled or repeated one. CPE credits are not earned for the time spent for presenting the material. Members could claim credits when the coursework or training material is directly related to one of the SECO-Institute Cyber Security & Governance Certification Program Tracks. CPE credits are calculated based on the length of the training, seminar. Each hour of training qualifies for one CPE credit.

Publishing an article

CPE credits are earned for the first publication of an article placed/published in a journal or magazine. The article must be related to the domains of a member’s credential. The article may be printed or in electronic form. Every A4 written page stands for one CPE credit with a maximum of 5 CPE credit per article/ publication.

Record Keeping

Members are not required to provide proof of CPE credit activities to SECO-Institute upon submission. However, they should retain proof of credits earned for at least 12 months after their current certification cycle expires.
Proof of CPE credits earned may be in the form of course transcripts, awarded diplomas, certificates or receipts of attendance, research/prep notes for speaking or teaching, copies of official meeting minutes, or rosters or documentation of registration materials. For online courses that do not provide any of the above, a screenshot is sufficient.

Appeal Process

Any SECO-Institute member whose request for CPE credit is denied by SECO-Institute management has the right to appeal the decision. In the event of a dispute regarding CPE status, CPE credit value or any other related issues, members may submit their complaints in writing to the SECO-Institute Board within three months (90 days) from the date of denial. Members must provide the rationale of their appeal in writing of no more than two pages along with any relevant documentation to be considered and send to SECO-Institute. The appeal will be presented to the Board at its next regularly scheduled meeting for a decision and written response. The decision of the Board shall be considered final.

To submit your CPE points, go to this page.