Continuing Professional Education (CPE) Policies & Guidelines


The SECO-Institute is an independent certification and accreditation organisation. Our Cyber Security & Governance Certification Program certifies professionals in seven interrelated disciplines within security & continuity: Information Security, IT-Security, Data Protection, Ethical Hacking, Secure Programming, Business Continuity and Crisis Management.

Our mission is to certify competent professionals who can effectively improve their organisations’ resilience and who drive excellence in the overall field of security & continuity. Stimulating Continuing Professional Education (CPE) is core to this mission. SECO-certified professionals at the Practitioner, Expert and Certified Officer level must meet annual CPE requirements to maintain their certifications, thereby demonstrating their commitment to professional development and their ability to provide quality professional services.

These CPE Policies & Guidelines describe how CPE credits can be earned and how many CPE credits are required for each certification. These guidelines can be used by all SECO professionals to calculate their CPE credits.

General CPE Requirements

Continuing Professional Education (CPE) credits are points you collect through participating in activities that are relevant to your certification and contribute to your professional knowledge and skills development. During your certification year, you build up CPE credits by attending events, completing courses, or performing other professional development activities. At the end of your certification year, you report the CPE credits you have earned to re-certify for your next certification year.

After you submit your CPE credits, we will verify whether your reported CPE activities comply with these CPE Policies & Guidelines. If your CPEs are approved and your annual maintenance fee is paid, we will automatically renew your certification.

Multiple Credentials

If you hold more than one credential (for example, you are Information Security Practitioner and IT Security Practitioner-certified), the CPEs you report for one credential will be automatically counted toward all of your active credentials. You only have to report your CPE activities once.

Failure to Meet the Requirements

Failure to meet CPE and annual maintenance fee requirements within 90-days after your certification’s expiration date will result in decertification, i.e. loss of your SECO certification title and digital badge. We regularly remind members of CPE submission deadlines to prevent this from occurring. If you have difficulties collecting your CPE credits, please contact the SECO-Institute for assistance.

Required Number of CPE Credits

The minimum number of required CPEs is determined by the type of your certification. The table below lists CPE requirements per certification:

Title CPE credits required/year
Information Security Practitioner (S-ISP) 20
IT-Security Practitioner (S-ITSP) 20
Data Protection Practitioner (S-DPP) 20
Ethical Hacking Practitioner (S-EHP) 20
Secure Programming Practitioner (S-SPP) 20
Business Continuit Practitioner (S-BCP) 20
Crisis Management Practitioner (S-CMP) 20
SOC-CMM Certified Assessor (SOC-CA) 20
Threat Analyst (S-TA) 20
ISO 27001 Certified Implementer Certification 20
Information Security Management Expert(S-ISME) 40
IT-Security Expert (S-ITSE) 40
Data Protection Expert (S-DPE) 40
Ethical Hacking Expert (S-EHE) 40
Secure Programming Expert (S-SPE) 40
Business Continuity Management Expert (S-BCME) 40
Crisis Management Expert (S-CME) 40
Certified Information Security Officer (S-CISO) 40
Certified IT-Security Officer (S-CITSO) 40
Certified Data Protection Officer (S-CDPO) 40
Certified Ethcial Hacking Expert (S-CEHL) 40
Certified Secure Programming Expert (S-CSPL) 40
Certified Business Continuity Officer (S-CBCO) 40
Certified Crisis Management Officer (S-CCMO) 40

CPE Activities

CPE credits are earned by participating in activities that contribute to your professional knowledge and skills development. In general, you cannot earn CPE credits by performing your regular job activities. CPE activities should be directly related to the disciplines covered in the SECO-Institute’s Cyber Security & Governance Certification Program:

– Information Security Management
– IT-Security
– Privacy & Data Protection
– Ethical Hacking
– Secure Software
– Business Continuity
– Crisis Management

Calculating CPE Credits

CPE credits are weighted by activities. Typically, one hour spent in a professional development activity is worth one CPE credit. However, some activities may be worth more credits due to the depth of study or amount of commitment involved. Below is a list of common CPE activities and the number of credits you can earn for each activity.

Attending educational/training courses, seminars and conferences

By attending educational training courses, seminars and conferences related to the SECO-Institute’s Cyber Security & Governance Certification Program, you can earn one CPE credit for each hour of attendance. Training courses and seminars that are not related to the SECO-Institute’s Cyber Security & Governance Certification Program do not qualify for CPE credits.

Reading white papers, books and articles

By reading white papers, books or articles related to the SECO-Institute’s Cyber Security & Governance Certification Program you can earn one CPE credit for each 150 pages read.

Teaching/ presenting

Instructors, teachers and professors can earn CPE credits for teaching courses directly related to the SECO-Institute’s Cyber Security & Governance Certification Program. One hour of teaching qualifies for one CPE credit.

Developing new or updating existing training seminar or classroom material

Instructors, teachers and professors can earn CPE credits for creating or updating security, privacy, business continuity or crisis management training materials to be taught in training seminars and academic classes. To qualify for CPE credits, the material must be the author’s own creation. Where CPE credits are claimed for creating/updating such materials, no further CPE credits should be claimed for presenting the same materials. All materials must be directly related to a discipline covered in the SECO-Institute’s Cyber Security & Governance Certification Program. One hour’s worth of training material is worth one CPE credit.

Publishing articles, white papers and research papers

CPE credits can be earned for the first publication of an article/paper in a journal/magazine or on a website. The article must be relevant to the author’s certification domain. Every A4 page written qualifies for one CPE credit, with a maximum of 5 CPE credits per publication.

Record Keeping

You are not required to provide proof of the CPE activities you report to the SECO-Institute. However, we kindly ask you to retain proof of your CPE activities for at least 12 months after your certification’s expiration date. Proof may include course transcripts, diplomas/certificates, attendance receipts, research/preparation notes, copies of meeting minutes, registration forms or screenshots.

Appeal Process

Any SECO-Institute member whose request for CPE credit is denied by the SECO-Institute has the right to appeal the decision. In the event of a dispute regarding CPE status, CPE credit value or any other related issue, you may submit your complaints in writing to the SECO-Institute within three months (90 days) from the date of denial. You must explain the rationale of your appeal in writing, in no longer than two pages. Attach any relevant documentation to be considered, and submit your appeal to the SECO-Institute. The Board will assess your appeal at their next regularly scheduled meeting, and notify you of their decision. The Board’s decision shall be considered final.

To submit your CPE credits, go to our membersite.