Top of Page

Membership Policies and Procedures

The following policies and procedures assist and guide members and Associates of (ISC)² through their membership.

  • (ISC)² Certification Maintenance Policy (ISC)² Certification Maintenance Policy
    1. Purpose

      This policy establishes the requirements for (ISC)² certified members and Associates of (ISC)² to maintain their certification(s) or associate status.

    2. Revision History

      Version 6.0

    3. Scope

      This policy applies to all (ISC)² certified members and associates.

    4. Policy

      To maintain certification or associate status, (ISC)² certified members and associates must earn a minimum amount of continuing professional education (CPE) credits for each of their three-year or one-year cycles, as well as pay an annual maintenance fee (AMF). Both maintenance requirements must be in compliance to ensure that certification or associate status remains in good standing.

    4.1 Continuing Professional Education (CPE) Maintenance Requirement

    4.1.1 Certified members are required to earn and submit CPE credits over their three-year certification cycle. All CPE must be earned and completed no later than 90 days after the member’s certification expiration date. For specific CPE requirements, refer to the (ISC)² CPE Handbook.


    Certification Type Suggested Annually Required 3-Year Total
    CC Group A



    Group A or B



    Total Required



    CISSP Group A



    Group A or B



    Total Required



    CSSLP, CCSP Group A 20 60
    Group A or B 10 30
    Total Required 30 90
    SSCP, CGRC, HCISPP Group A 15 45
    Group A or B 5 15
    Total Required 20 60
    CISSP Concentrations Group A -- 20*
    Total Required   20*
    *For CISSP concentration holders, 20 Group A CPE credits related to each concentration held are required during in the CISSP three-year cycle. CPE required for a concentration automatically counts toward the CISSP CPE requirement.
    Associate Program Type Required Annual 3-year Total
    Associates of (ISC)² Group A 15 --


    4.1.2 Associates of (ISC)² are required to earn and submit 15 CPE credits annually. All CPE activities must be completed or earned no later than 90 days after the expiration date of the annual associate cycle. For more information on CPE, please refer to the (ISC)² CPE Handbook (also available in Chinese, Japanese and Korean).

    4.1.3 (ISC)² allows certified members and associates a 90-day grace period after the cycle expiration date to earn and submit required CPE activity.

    4.1.4 If a certified member or associate fails to submit the required CPE before the 90-day grace period expires, the certified member or associate will be placed in suspended status.

    4.2 Annual Maintenance Fee (AMF) Requirement

    4.2.1 Certified members (single certified or multi-certified) are required to pay an AMF in the amount of U.S. $125 that is due on the member’s certification cycle start date and subsequent annual anniversaries

    Candidates who pass their exams and whose endorsements have been approved for (ISC)² certification must pay their first AMF of $125 before certification is granted.

    Associates of (ISC)² are required to pay an AMF in the amount of $50, which is due annually on the anniversary date of the associate’s cycle.

    Candidates who pass their exams and are applying for associate designation must pay their first year’s AMF of $50 before their associate designation is granted.

    4.2.2 For certified members with multiple certifications on multiple cycle dates, the initial (ISC)² certification anniversary will be the start date for all certifications held and AMF due date. For example, if a member obtained the CISSP certification Sept. 1, 2010, and a CGRC certification on Jan. 13, 2012, the member’s certification anniversary would be Sept.1 each year.

    4.2.3 After the 90-day grace period expires and if they have failed to pay the past due AMF, the member’s certification or associate designation will be suspended. This applies for each year of the three-year certification cycle.

    4.2.4 Once suspended, individuals may no longer be allowed to use the certificate or associate designation, display the certificate or imply in any way that they are currently certified or an associate.

    4.2.5 AMF payments are non-refundable.

    4.3 Reinstatement Requirements

    4.3.1 To be reinstated once a certification or designation is suspended, (ISC)² certified members and associates are required to submit all outstanding CPE credit and pay current year AMFs.

    4.3.2 Suspension status may be maintained for up to two consecutive years. After two years, suspended members and associates will be terminated.

    4.3.3 Terminated certified members who seek reinstatement will be required to submit at least 5 CPE credits for each domain of the certification being reinstated, along with 40 CPE credits in their primary domain of practice and a total of 120 CPE credits. CPE activities for terminated member reinstatement must be obtained with a 12-month period.

    4.3.4 Terminated associates may only be reinstated through reexamination.

    4.3.5 Terminated certified members may alternately seek reinstatement through reexamination.

    4.4 Hardship

    4.4.1 (ISC)² understands that occasionally there are certain extenuating circumstances that occur preventing certified members and associates from completing all their maintenance requirements by their expiration date. Some examples for such extenuating circumstances are the following.

    • Personal/Immediate family medical issues (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)
    • Death of immediate family member
    • Extended involuntary unemployment
    • Military deployment
    • Declared natural disaster (by government agency)
    • Declared pandemic (by government agency)

    4.4.2 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to circumstances that prevent the certified member or associate from timely completing AMF or CPE requirements. Documentation requirements for grace-period extension will vary based on rational and length of requested extension.

    4.4.3 Certified members and associates who seek extension of the 90-day grace period under this hardship policy must contact (ISC)² Customer Experience to apply for consideration and approval.

  • (ISC)² Associate Designation Upgrade Policy (ISC)² Associate Designation Upgrade Policy
    1. Purpose

      This policy provides the guidelines for upgrading associate designation to full certification.

    2. Revision History

      Version 2.0

    3. Scope

      This policy applies to all Associates of (ISC)² upgrading to full certification.

    4. Policy

      4.1 For an associate designation to be upgraded to a certified member, the individual must have passed an (ISC)² examination and currently hold the Associate of (ISC)² designation. The individual must submit the endorsement application before the last day of the last year that they can hold the associate designation.

      4.2 Associates will have a specific time frame to obtain cumulative work experience in the domains of their target certification and to complete the endorsement. The specific time frames for each certification are as follows:

      • CISSP and CCSP up to six years
      • SSCP up to two years
      • CSSLP up to five years
      • HCISPP and CGRC to three years

      4.3 Associates will need to submit an endorsement application. Once the application is reviewed and approved, the associate will receive an email confirmation (Next Step email) outlining the next steps towards certification. They will be instructed to log in to their dashboard to pay the upgrade AMF of U.S. $75 before a three-year certification cycle can be started.

      4.4 The associate’s cycle will be terminated under the termination reason ‘Upgrade Associate.’ A new three-year certification cycle will start once upgrade payment is received. The associate acclaim badge will be terminated, and a new credential badge will be issued.

  • (ISC)² Endorsement Review Policy (ISC)² Endorsement Review Policy
    1. Purpose

      This policy provides guidelines and requirements of the endorsement and application review process for candidates to obtain their (ISC)² credential after passing an (ISC)² exam.

    2. Revision History

      Version 3.0

    3. Scope

      This policy applies to all candidates for (ISC)² credentials.

    4. Policy

      4.1 Individuals who pass an (ISC)² examination must go through an endorsement process in order to obtain the credential for the examination they passed. Once these individuals receive notification that they have successfully passed the exam, they may start the online endorsement application.

      4.1.1 Endorsement applications are submitted through an online form available on the (ISC)² website at CISSP concentrations do not require an endorser. If an individual is not able to submit their application via the online form, they will be provided with a PDF application via email.

      4.2 All candidates who pass an (ISC)² credential examination must complete the endorsement process within a time period of no longer than nine (9) months.

      4.2.1 A percentage of the candidates who pass an (ISC)² examination and submit endorsements will be randomly subjected for audit and required to submit additional information, as required, for verification. Those candidates will be notified via email if their application is selected for audit.

      4.3 All credential endorsement applications must be reviewed and endorsed by an (ISC)² certified member in good standing. The (ISC)² member does not have to hold the same credential.

      4.3.1 The (ISC)² certified professional is anyone who:

      • Is able to attest to the candidate’s professional experience
      • Is an active (ISC)² credential holder in good standing

      4.4 If the candidate does not know an (ISC)² certified professional in good standing, (ISC)² can provide endorsement assistance to act as the endorser. Candidates may request assistance with the endorsement requirement by submitting additional documentation with their endorsement form so that (ISC)² staff may review their qualifications and consider endorsing the candidate.

      4.5 The endorser will attest the individual’s assertions that his/her professional experience are true to the best of the endorser’s knowledge, and that the individual is in good standing within the cybersecurity industry. The endorser’s certification number and surname is needed when filling out the online application.

      4.6 Once a candidate’s endorsement application has been approved, the final step in the process is to pay their first Annual Maintenance Fee (AMF). If the candidate already holds an (ISC)² certification, they will not have to pay an additional AMF for the latest certification.

  • (ISC)² Badge Policy (ISC)² Badge Policy
    1. Purpose

      The purpose of this policy is to establish guidelines on the issuance of digital badges associated with new and existing members and associates.

    2. Revision History

      Version 4.0

    3. Scope

      This policy applies to all members and Associates of (ISC)².

    4. Policy

      4.1 Newly certified members/associates are issued a digital badge for the certifications they’ve earned. Once a candidate passes their (ISC)² examination and successfully completes the endorsement application process, they will be able to claim their Credly Badge. Candidates who fail the endorsement process can apply for the associate designation and once approved, they will be issued an associate badge.

      4.2 These digital badges based on open badge standards enable newly-certified members to manage, share and verify their certifications digitally.

      4.2.1 Certified members are in complete control of the information they wish to make public. All certification information can be configured in the Credly account.

      4.2.2 Digital badges are uniquely linked to data hosted on the Credly platform. This link to verified data makes Credly digital badges more reliable and secure than a traditional paper-based credential. It also eliminates the possibility of anyone claiming a member’s credential and associate identity.

      4.2.3 Every certification and profile on the Credly platform has a unique URL that can be embedded on a resume or website. The platform also offers seamless integration with several popular social and professional networking platforms for the display of certifications as open badges. Sharing to LinkedIn enables the earner to display the achievement within their profile with single click verification.

      4.3 New members are notified through email to claim their badge within two weeks of earning their certification.

      4.4 Certified members/associates can claim a digital badge for each active certification they hold or exam passed.

      4.5 For questions related to the status of your Credly badge, members can contact For questions related to the status of certification, members can contact

  • (ISC)² Membership Reinstatement Policy (ISC)² Membership Reinstatement Policy
    1. Purpose

      This policy establishes the requirements for reinstatement and reactivation of membership and provides the procedure to reinstate a terminated renewal billing record and reactivate a membership.

    2. Revision History

      Version 3.0 (Updated March 2022)

    3. Scope

      This policy applies to all (ISC)² certified members and associates of (ISC)².

    4. Policy

      (ISC)² allows a suspended or a terminated member or associate to regain certification.

      4.1 Suspension Status

      4.1.1 Members and Associates are given a 90-day period from the due date (earliest date of certification) to pay their Annual Membership Fees. Failure to pay within the 90-day period will result in certification suspension. Once suspended, individuals may no longer be allowed to use the certificate designation, display the certificate itself, or imply at any way that they are presently certified.

      4.1.2 Once certification is suspended, individuals are required to submit all outstanding CPE credits and pay all past due AMFs through the member portal prior to certification being reinstated.

      4.1.3 Suspension status may be maintained for up to two consecutive years. After two years, members or associates of (ISC)² will be terminated, and all membership rights will be revoked.

      4.2 Terminated Status

      4.2.1 Suspended members and associates who do not recertify after two years will be terminated.

      4.2.2 Terminated members and associates of (ISC)² will be required to retake the examination applicable to their terminated certification and pass the examination to become certified once again. They must sit for the exam within 90 days of their certification expiration date. In addition, they must pay all outstanding AMFs prior to registering for the exam. They can register for the exam at

      4.2.3 Records are terminated for not meeting renewal requirements (AMF and CPE) for an (ISC)² certification/associate credential. Member/Associate may file an extension request or appeal the termination of certification. If extension or appeal is approved, the individual will need to fulfill extension/appeal approval information.

      4.3 Hardship

      4.3.1 (ISC)² understands that occasionally there are certain extenuating circumstances that occur preventing members from completing all their recertification requirements by their expiration date. Some examples for such extenuating circumstances are the following:

      • Personal/Immediate family, or household person’s medical issues
      • Extended involuntary unemployment
      • Military deployment
      • Natural Disaster
      • Unexpected personal calamity
      • Death of Immediate Family Member (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)

      4.3.2 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to a medical or military issue that prevents the certified member or associate from fulfilling the AMF and CPE requirements on time. If certified members and associates have experienced hardships throughout their three-year certification cycle, they need to contact Member Services at

  • (ISC)² Appeal Policy (ISC)² Appeal Policy
    1. Purpose

      This policy establishes the requirements to appeal a certification/designation that has been suspended or terminated.

    2. Revision History

      Version 3.0 (Updated March 2022)

    3. Scope

      This policy applies to all (ISC)² certified members and Associates of (ISC)².

    4. Policy

      4.1 (ISC)² certified members and associates whose certification/designation status are suspended or terminated may file an extension request or appeal the suspension or termination of their certification/designation.

      4.2 All appeals need to be submitted prior to the end of the 2-year suspension period.

      4.3 Once a member/associate has confirmed the intent to file an appeal, an appeal form must be completed. The appeal form along with the written statement and supporting documentation should then be provided to Member Services at, This written statement should explain in detail the circumstances that occurred which prevented recertification requirements from being met prior to suspension or termination.

      4.3.1 All information and documentation regarding the appeal will be collected and provided to Member Services Manager for review and consideration in a timely manner.

      4.3.2 Member Services Coordinators will follow appeal through to completion including monitoring account activity for renewal requirements submission if appeal is granted. Review of appeals typically takes 7-10 business days.

      4.4 If extension or appeal is approved, the individual must fulfill extension/appeal approval information. If extension or appeal is disapproved, the individual must retest to regain certification/designation.

      4.5 (ISC)² understands that occasionally there are certain extenuating circumstances that occur preventing members from completing all their recertification requirements by their expiration date. Some examples for such extenuating circumstances are the following:

      • Personal/Immediate family, or household person’s medical issues
      • Extended involuntary unemployment
      • Military deployment
      • Natural disaster
      • Unexpected personal calamity
      • Death of Immediate Family Member (For purposes of this policy, “immediate family” is defined as the member’s or the member’s spouse’s parents, siblings, children, grandparents, grandchildren, the member’s spouse, and/or any other relative who resides in the member’s household)

      4.6 Extension of the 90-day grace period will be evaluated on a case-by-case basis as it relates to a medical or military issue that prevents the certified member or associate from fulfilling the AMF and CPE requirements on time. If certified members and associates have experienced hardships throughout their three-year certification cycle, they must contact Member Services at

  • (ISC)² Emeritus Status Policy (ISC)² Emeritus Status Policy
    1. Purpose

      This policy provides the requirements for Member Emeritus.

    2. Revision History

      Version 3.0

    3. Scope

      This policy applies to all (ISC)² certified members.

    4. Policy

      4.1 (ISC)² allows a certified member who wishes to retain his/her affiliation with (ISC)² to be granted a designation upon his/her retirement from the information security profession.

      4.2 The Member Emeritus designation is defined as follows:

      • A Member Emeritus will enjoy all the rights of full (ISC)² membership, including, but not limited to:
        • Access to member magazine
        • Access to security reports
        • Option to attend free virtual events
        • Vulnerability Central
        • Member discounts
        • All (ISC)² official communications
      • A Member Emeritus will:
        • keep their same (ISC)² ID number
        • agree to follow (ISC)² Logo Usage Guidelines
        • maintain contact information in the (ISC)² Member Dashboard
      • A Member Emeritus will be unable to:
        • vote in (ISC)² elections
        • hold an (ISC)² office
        • participate in (ISC)² exam development activities

      4.3 To obtain Member Emeritus designation, a certified member must meet the following requirements:

      • Be a certified member in good standing
      • No longer practicing or employed as an information security professional (including consulting, private and public sector work)
      • Has been a credential holder of the certification associated with the emeritus status in good standing for at least 9 years.
      • Not be the subject of a current (ISC)² ethics action/investigation

      4.4 Member must complete a Member Emeritus Application Form (form can be requested from

      4.5 Member must pay a one-time application fee. The application fee will be equal to three (3) times the current certified member AMF. Application fees are non-refundable.

      4.6 Reinstatement to active status is not anticipated; however, a Member Emeritus must meet all the following qualifications/requirements before reinstating to active status.

      4.6.1 If the Member Emeritus is held for two years or less (the two-year timeframe begins at the date the Member Emeritus was approved. The Member Emeritus must:

      • Contact (ISC)² Customer Experience
      • Report up to 60 CPE credits earned within the previous 12 months (actual amount of CPE required for reinstatement based on length of Member Emeritus status and is accrued monthly)
      • Agree to abide by and adhere to the (ISC)² Code of Ethics.

      4.6.2 If Member Emeritus is held for more than two years (the two-year timeframe begins at the date the designation was approved), the Member Emeritus must apply for reinstatement following certification and membership maintenance policy.

      4.6.3 A Member Emeritus that is reinstated to active credential holder will have their Member Emeritus status rescinded.

      4.6.4 Once Member Emeritus is granted; he/she may be reinstated only once to active status.

  • (ISC)² Voucher Policy (ISC)² Voucher Policy
    1. Purpose

      This policy details the terms of use, conditions, restrictions for (ISC)² vouchers as a form of payment for products and services, and outlines internal procedures that guides the issuance and use of vouchers.

    2. Revision History

      Version 1.0

    3. Scope

      This policy applies to all (ISC)² certified members, candidates and associates who wish to use vouchers as a form of payment for (ISC)²products and services.

    4. Policy

      (ISC)² allows vouchers to be used as a form of payment for Annual Maintenance Fee (AMF), examination fees and training fees. Voucher numbers are not issued and released until invoice is paid in full. The following outlines the guidelines for all types of vouchers issued by (ISC)².

    4.1 Exam and Training Vouchers

    4.1.1 Candidates can use the voucher to register for the exam and training of their choice.

    4.1.2 Vouchers have an expiration date – one year from the purchase date and cannot be extended. The candidate is responsible for tracking when the voucher expires; no notification will be sent.

    4.1.3 You must take your exam or training by the voucher expiration date. The examination and training fee will be forfeited on the date of expiration.

    4.1.4 Vouchers cannot be extended, refunded nor replaced. It cannot be used for any other certifications.

    4.1.5 Individuals using vouchers for payment for attendance at an examination or training session will be allowed to reschedule or cancel. However, the exam or training must be rescheduled for a date prior to the expiration date of the voucher.

    The standard U.S. $50 reschedule fee and U.S. $100 cancellation fee for exams will apply. Cancellations and reschedules must be done at least 24 hours prior to the exam start time by contacting Pearson VUE. If you are not in attendance to the exam, you will be marked as a “no-show” and the entire exam fee will be forfeited.

    4.2 Annual Maintenance Fee (AMF) Vouchers

    4.2.1 Corporations/companies can purchase multiple vouchers to pay for their employees’ AMF.

    4.2.2 Vouchers are purchased per individual/employee, and can be used as payment for their AMF.

    4.2.3 Membership vouchers have an expiration date – one year from the purchase date and cannot be extended. The individual who has been issued with a voucher is responsible for tracking when the voucher expires; no notification will be sent.

    4.2.4 The voucher must be used by the expiration date. It cannot be extended, refunded nor replaced.

    5.1 Responsibilities

    The (ISC)² Member Services Team works closely with Finance, Exams and Education Teams on the purchase, usage and administration of vouchers as form of payment for (ISC)2 products and services.

  • (ISC)² Community Usage Policy (ISC)² Community Usage Policy
    1. Purpose

      This policy provides the usage rules and enforcement of the rules for the (ISC)² Community at

    2. Revision History

      Version 1.0

    3. Scope

      This policy applies to all (ISC)² Community users (both (ISC)² members and non-members).

    4. Policy

      Located publicly online at

    5. 4.1 Open Forum

      a. One of the primary purposes of this Community is to raise awareness for cybersecurity issues and the profession. As such, this is an open forum. Post on the community knowing that what you share is viewable by the public and search engines. Only a limited number of closed groups are private and not visible to all users, including non-registered Community members.

      b. Only registered Community users can post messages. Create your Community account.

      c. Community users often share personal experiences and might offer peer-to-peer support. Keep in mind, that these are personal opinions and do not necessarily represent the position of (ISC)². Questions requiring a formal answer should be directed to (ISC)² staff. When answering questions regarding (ISC)² policies or procedures, it is best to link to the appropriate (ISC)² policy page and not try to summarize or paraphrase (ISC)² policies as it can risk misunderstandings. It is fair to share your experiences and offer sources of support (such as emailing or flagging a Community manager), but (ISC)² staff are aware of the latest policies, procedures and systems status, and are best equipped to officially and accurately address questions on the Community.

      • Our Community Champions are here to encourage current and future members and to share their extensive expertise in information security to help facilitate discussions. We appreciate the support they volunteer to help the Community, but please respect their time and direct member and candidate support questions to (ISC)² staff.

      d. The Community is a forum for honest, constructive discussion about the (ISC)² association, including governance, processes, policies and systems. Be mindful that (ISC)² members are the heart of the association. Everything (ISC)² members post on this forum is an extension of the association. Help your association grow and thrive by being a welcoming and helpful place for members, certification candidates and interested parties looking for solutions to today’s security challenges.

      e. As an open forum, community users respond to questions/posts with advice on topics. While we will attempt to correct any misunderstandings or outdated advice, (ISC)² is not responsible for inaccurate information posted. Regarding questions about (ISC)² policy and practices, we recommend users refer directly to the policies and procedures page.

      4.2 Protect Privacy

      a. Don’t share any information about yourself or your organization you do not want made public. Do not share personal information. Personal information includes your home address, full name, (ISC)² member/ID number, credit card numbers, social security numbers, email address, etc. In addition, do not request the personal information of other users. Keep in mind, as with any online forum, that even the Community’s Private Message function is no guarantee of privacy of your online exchanges.

      b. If you have any issues with your (ISC)² account, contact Member Services with your specific issue, account number and contact information at or visit for additional resources.

      c.In the course of your interactions with (ISC)², you may come in contact with staff members through various communications channels. Do not publicly share the email addresses, phone numbers or other information about (ISC)² staff other than their user profiles on the Community. When addressing association issues, do not identify specific staff members you feel may be responsible. Please escalate issues through appropriate channels and through Community managers.

      d. (ISC)² reserves the right to promote posts and conversations in public discussion boards within the Community on other channels such as Twitter, LinkedIn, Facebook and its magazine InfoSecurity Professional to help encourage more diverse input and awareness about topics.

      4.3 Honestly Represent Yourself

      a. Have fun with your username and avatar; however, remember this is a professional forum

      b. Do not purposely misrepresent yourself

      c.Do not impersonate other people, including (ISC)² staff

      d. Do not use copyright-protected photos for your avatar

      4.4 Be Respectful

      a. Respect others’ time and attention with well-thought-out questions and discussion by keeping your tone positive and maintaining constructive criticism. Personal attacks or criticism of another’s abilities will not be tolerated. Insults, swear words, vulgar language, legal threats, controversial political statements, discriminatory remarks, ridicule, and/or illegal content is not allowed.

      b. Attempting to deliberately circumvent moderation tools and content filters in place to prevent inappropriate content is counter-productive and disrespectful of an administrator’s time. It will not be tolerated. Redacting or obfuscating offensive words when discussing threats and tactics used by threat actors is an appropriate way to address these valuable topics and information sharing.

      4.5 Be Relevant

      a. Keep discussions relevant to our Community’s mission and specific topic areas. Search to see if your question has already been posted to avoid duplication. If you are unsure if a topic is relevant to the Community, please do not hesitate to ask one of the Community team members at Do not reply with off-topic comments; instead, create a new post and link to the original if needed. Don’t post the same message in multiple areas.

      b. External links (including those in a signature) should only be posted when related to the content in the thread and not link to irrelevant or off-topic content

      c. Professional signatures including your name, certifications and link to your Credly badge or a reputable professional network like LinkedIn are permissible

      4.6 Be Lawful

      a. Do not any violate any laws or break any contractual agreements you have made (copyright, trade secret, nondisclosure agreements or others)

      4.7 Adhere to (ISC)² Exam Confidentiality

      a. Discussing (ISC)² examination items, answers and responses with other individuals is a violation of the (ISC)² Examination Non-Disclosure Agreement that is signed prior to taking an (ISC)² examination. Any posts related to this will be removed, and users found to be in violation may face penalties.

      b. General discussions about exams that do not share specific exam items are permissible. We encourage Community members to help candidates prepare themselves for success and share their own experiences without disclosing any information that could compromise the integrity of the exam process.

      4.8 Be Responsible With Vulnerability Disclosures

      a. This Community is not to be used as a forum for public disclosure of vulnerabilities. Ethical disclosure is important; however, this Community is not the appropriate place for original disclosures.

      b. It is appropriate to discuss publicly disclosed vulnerabilities and how security professionals should respond.

      4.9 Promote Ideas, Not Products

      a. Solicitation or advertisement of goods or services in posts, links, private messages, or any other means of communication is prohibited, and Community users who violate these guidelines may also be subject to further action, including a permanent ban from the Community.

      4.10 Be Concise

      a. Lengthy posts can be intimidating on a forum and might discourage people from reading. Summarize your thoughts or question into a short paragraph with a few points to start a discussion within the Community. When reposting information from a blog, contributed article, or other information, provide a brief overview and include a link to the original source. We require compliance with “fair use” when reposting.

      4.11 Be Vigilant

      a. Flag inappropriate content if you notice anything that violates these guidelines. To flag, use the menu at the top right of a post and select “Report Inappropriate Content.” It will be reviewed by a Community team member. In addition to flagging content that is vulgar, hateful and/or off-topic, this extends to non-helpful, ridicule and baseless jokes as well. This Community is intended to be a tool for cybersecurity professionals to work together to solve problems. When in doubt, refer to our Code of Ethics Canons:

      1. Protect society, the common good, necessary public trust and confidence, and the infrastructure
      2. Act honorably, honestly, justly, responsibly, and legally
      3. Provide diligent and competent service to principals
      4. Advance and protect the profession

      4.12 Escalate Issues Responsibly

      a. Alert the (ISC)² Community managers to any issues you are experiencing or send an email to

      b. Members and certification candidates seeking assistance should contact for assistance.

      4.13 Enforcement of Guidelines

      a. By using the (ISC)² Community, you agree to the above stated guidelines, as well as the Website Access Policy for the (ISC)² Community. Content that violates the Website Access Policy or the Community Guidelines will be removed or edited. Users violating Community Guidelines will be warned. If users continue to violate guidelines, they will face a temporary, 30-day ban. If violations persist after reinstatement, users will be banned permanently. Hate speech, personal attacks and spam posts will not be tolerated, and may result in the permanent ban of the user immediately and without formal notice.

  • Unacceptable/Abusive Behavior Policy Unacceptable/Abusive Behavior Policy
    1. Policy Overview

      (ISC)² Member Services manages thousands of interactions with candidates, members and associates [hereafter, "(ISC)² Community"] on an annual basis without incident. (ISC)² Community feedback is integral to service improvements and enhancements, so we welcome all views, questions and recommendations about member services. There are times, however, when (ISC)² Community members (acting out of anger, frustration or distress) demonstrate unacceptable behavior. This policy is designed to assist Member Services staff in managing situations in which (ISC)² Community members demonstrate unacceptable behavior and provides guidance to staff on how to manage these behaviors. This guidance should be considered in conjunction with the (ISC)² Harassment Policy.

    2. Revision History

      Version 1.0

    3. Scope

      This policy applies to Member Services staff providing customer service and support and the (ISC)² Community receiving that support in all (ISC)² regions.

    4. Definitions

      Unacceptable – demonstrating unwelcome and intolerable behavior

      Persistence – continuing firmly on a course of action despite opposition or requests to cease

      Unreasonable – beyond the limits of acceptability, fairness or good sense

    5. Policy

      Aligned with our Customer Service standards, (ISC)² staff will deal fairly, respectfully and consistently with the (ISC)² Community. This includes those whose actions are considered to be unacceptable. All of our customers have a right to have their service requests considered and to be treated with respect.

      Staff of (ISC)² have that same right. This policy provides guidance to manage our (ISC)² Community with a service, even where it is considered that a person's behavior or actions are unacceptable. It aims to empower our staff to use this policy to deal with any unacceptable behavior and ensure that those who act in an unacceptable manner do not disadvantage themselves. It ensures that staff enjoy the same level of security whether their job involves them either working as a lone worker, in an office or an external environment.

    6. 5.1 Categories of Behavior

      5.1.1 Unacceptable Use of Language

      (ISC)² Member Services staff have the right not to be subjected or to suffer language that is abusive, offensive, threatening, derogatory nor discriminatory. Examples of this kind of language includes:

      • Yelling or shouting
      • Excessive profanity
      • Threats of violence
      • Bullying or intimidating
      • Remarks of a sexual nature
      • Unsubstantiated allegations
      • Remarks that are racist, homophobic, xenophobic or misogynistic

      5.1.2 Unreasonable Expectations and Persistence

      Sometimes (ISC)² Community members will not or cannot accept that Member Services is unable to assist them further or to provide the desired outcome. They may persist in disagreeing with the action or decision taken in relation to their concerns or they may persistently contact Member Services about the same issue(s). Note that the method some (ISC)² Community members use in contacting Member Services is often reasonable, but the persistence in doing so that becomes unreasonably forceful or demanding. In some of these case, the continual telephone calls and emails may be considered harassment. Examples include:

      • Making the same complaint despite the matter having been full addressed by support staff or management
      • Repeating complaints about a previous or historical matter that cannot be undone or remedied
      • Refusal to accept the decision of Member Services staff
      • Refusal to abide by (ISC)² Policies and Procedures
      • Continuing to contact Member Services (phone, email, letter) on the same issue(s) without providing any new information
      • Repeatedly changing the nature or focus of a complaint or desired outcome part way through an investigation or after a formal response has been provided
      • Amplification of issues on social media after Member Services has already provided a response

      5.1.3 Unacceptable Demands on Service

      Some members of the (ISC)² Community make unacceptable demands of Member Services due to the amount of information they ask for or the nature and scale of the service they expect. Examples include:

      • Refusal to end a telephone call
      • Sending the same or similar request to several members of staff
      • Demanding responses in an unreasonable timeframe
      • Requesting responses to correspondences that fall under the "Unacceptable Use of Language" category of behaviors
      • Demanding access to information not generally provided to (ISC)² Community Members
      • Insisting to speak to someone who is either not available or not the appropriate person (e.g. the CEO or Board of Directors)
      • Demanding that (ISC)² make unreasonable accommodations (fee waivers, refunds) based on their experience with any of our third-party partners (Pearson Vue)

      5.2 Managing Behavior

      Members of (ISC)² Community found demonstrating the above behaviors will be subject to sanctions up to, and including, restricting or banning access to (ISC)² services.

      In some cases, a single violation could result in sanctions. These include:

      • Threats of violence
      • Remarks that are racist, homophobic, xenophobic or misogynistic
      • Remarks of a sexual nature

      (ISC)² takes a zero-tolerance approach to these types of behaviors and therefore reserves the right to apply more serious sanctions even after a first instance of these behaviors

      5.2.1 A member of the (ISC)² community should always be given an opportunity to rectify his or her behavior and in the first instance, staff should explain that they find someone's behavior or language unacceptable and allow the person a chance to remedy, moderate or change the behavior.

      5.2.2 (ISC)² recognizes that a person's actions may be affected by disability, including mental health issues, substance misuse or other factors. (ISC)² will take these factors and any other relevant matters into account when implementing this policy.

      5.2.3 (ISC)² staff should be aware of and put into practice any service specific guidelines/policies on managing unacceptable behavior. If the behavior continues, employees are able and empowered to:

      • End telephone calls if the caller is considered aggressive, abusive or offensive. Employees should clearly explain why they are ending the call.
      • Report the threat, verbal abuse/harassment or persistent correspondence to the Member Services Supervisor/Manager. Some situations need to be escalated or consulted with the Department head to decide how to manage communications or contact with the person.
      • If Member Services leadership has exhausted all mechanisms to handle this member, the matter may be escalated to upper management/senior officers or Legal, if necessary. All background information and details of the situation should be provided to allow for thorough review and action.

(ISC)² Logos & Guidelines

  • (ISC)² Regulations Governing Use of Certification/Collective Logo Marks (ISC)² Regulations Governing Use of Certification/Collective Logo Marks

    (ISC)² is a non-profit membership organization identified as the leader in certifying individuals in cybersecurity. All of (ISC)²'s certifications are ANSI ISO/IEC 17024 accredited. (ISC)² does not provide cyber security services, but focuses on the training, education, and certification of information and application security professionals.

    Candidates who successfully complete any of the (ISC)² certification requirements may use the appropriate Certification Mark and Logo (collectively the "Logo") to identify themselves as having demonstrated the professional experience and requisite knowledge in the realm of cybersecurity. The following guidelines explain how (ISC)² Logos may be used.

    Using the Logo

    Only those who have demonstrated the requisite experience in cybersecurity, agree to be bound by the (ISC)² Code of Ethics, successfully passed the corresponding examination(s), and have had their experience and professionalism endorsed by an (ISC)² member are certified by (ISC)². Those who meet these standards ("Certified") are authorized to use the appropriate Logo(s). The Logo(s) identifies those who have met the strict criteria for certification and are able to demonstrate professional judgment and abilities in information security. Use of the Logo indicates the Certified's acceptance of the terms in the agreement executed upon applying to sit for the corresponding examination and these guidelines and that Certified has met the criteria to be a CISSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CGRC, CSSLP, SSCP, HCISPP, and/or CCSP and has maintained the requisite certification obligations..

    • Certified may use the Logo only on business cards, letterhead, marketing material and resume to indicate that they are an (ISC)² credential holder. Certified may not use the Logo on any product or product-related material.
    • Certified may only use the Logo for which they have successfully completed the certification requirements (e.g. CISSPs may not use SSCP, nor may SSCPs use CISSP, unless they have completed the appropriate requirements).
    • Certified may not alter the Logo artwork in any way other than to increase or decrease in size.
    • The Logo may not be translated or otherwise localized into any other language. Any localized versions of the Logo must be provided by (ISC)².
    • Certified may not display the Logo in any manner that suggests they are an employee of (ISC)² or in a manner that suggests "(ISC)²" is a part of their company name. Use of the Logo must clearly indicate that Certified is independent from (ISC)².
    • Certified may not use the Logo in any manner that is derogatory to or critical of (ISC)² or the certification.
    • Certified's name, trade name, or company name must appear on any materials where the Logo is used. The Logo cannot appear larger or more prominent than Certified's name, product or service name, trademark or service mark, logo or trade or company name.
    • The Logo may not be used in any manner that expresses or might imply (ISC)²'s affiliation, sponsorship, endorsement, certification, or approval, other than as set forth by the (ISC)² Application Agreement.
    • The Logo, or any elements thereof, may not be included in trade or business name, domain name, product or service name, logo, trade dress, design, slogan or other trademarks.
    • Certified may not combine the Logo with any other object, including, but not limited to, other logos, icons, words, graphics, photos, slogans, numbers, design features, symbols, or Website audio files. (i.e. Mixing another Logo with the CISSP Logo to create a variation)
    • The Logo may not be used as a design feature on any product or service materials.
    • The Logo may not be imitated in any manner.
    • On marketing material (exclusive of letterhead, business cards, and resumes), the Logo shall be attributed to the International Information Systems Security Certification Consortium with the following attribution clause in all materials where it is used: "CISSP (or appropriate certification) is a registered mark of the International Information Systems Security Certification Consortium in the United States and other countries."
    • The respective Logo (e.g. "CISSP" or "SSCP", etc.) shall always be accompanied by ® except where prohibited by size constraints (i.e. business cards).
    • Certified may not use the (ISC)2 Logo or mark in any manner other than as a link on Certified's Website to
    • Associates of (ISC)² are NOT certified and may not use any Logo or description other than "Associate of (ISC)²". Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)² certification.

    Logos may not be used in any way other than as specified in these guidelines. Failure to comply with these instructions shall constitute a breach of the (ISC)² Application Agreement.

    Compliance with Guidelines

    (ISC)² reserves the right to spot-check all marketing and promotion materials bearing the Logo and may periodically send out requests for samples. Certified must correct any deficiencies in use of the Logo. Refusal to correct such deficiencies or to cease publication or distribution could result in revocation of right to use the Logo.

    Logo Artwork

    Electronic artwork files for the Logo are available on the (ISC)²'s members-only Website.

    Use the following contact information to obtain clarification or permission:


    Mail: Attn: Logo Guidelines

    (ISC)², Inc.
    625 N Washington St., Suite 400
    Alexandria, VA 22314

  • Logos Download & Usage Logos Download & Usage
    The following are guidelines for using the (ISC)² approved marks on industry information. All credential holders in good standing are authorized to use the appropriate certification mark and/or logo subject to the guidelines found in the official (ISC)² Logo Usage Guidelines. Use of the (ISC)² mark and/or logo is restricted. View the official (ISC)² Logo Usage Guidelines for more details.

    (ISC)² Logo and Usage

    On all full-color communications materials, the (ISC)² logo should be reproduced in the following Pantone color (3298 CP) or reversed out in white. When necessary, the logo can be produced using CMYK, RGB and HEX. As an alternative the (ISC)² logo may be used in black.

    Logo Guidelines

    Logo Area

    It is important to keep the logo area clear of any distracting elements. Please allow at least 1/5" of clear space around the logo, as shown.

    Logo Guidelines

    Credential Usage

    Being a credential holder is a testament of one’s profession and expertise. When indicating your credentials in business correspondence, it is important to list your certifications in the appropriate order after your name. (ISC)² certifications should be listed from the highest experience level to the lowest: CISSP, CCSP, CSSLP, HCISPP, CGRC, SSCP, CC

    For example:
    Isabella Rodriguez, SSCP, CC
    Jim M. Smith, CISSP, SSCP
    Melinda Adams, CISSP, CGRC, SSCP

    When listing multiple CISSP concentration certifications, the order should be alphabetical as follows: CISSP-ISSAP, ISSEP, ISSMP. These credentials should be listed before the CCSP, CSSLP, HCISPP, CGRC, SSCP and CC certifications.

    For example:

    Official logo files are available for download as a self-extracting ZIP file.


Additional Membership Information

The following resources offer more details and information on navigating (ISC)² membership.