Continuing professional education is an important component of PCI SSC Qualification. Staying up to date with the latest knowledge, techniques, and insights helps support the Program Participant’s ability to effectively conduct the tasks and responsibilities associated with a PCI SSC Qualification. We sit down with Elizabeth Terry, Community Engagement Manager, to answer some common questions regarding Continuing Professional Education Credits (CPEs).
Q: Are CPEs restricted to PCI SSC activities only?
A: The short answer is no. While most PCI SSC events can be used to earn CPEs, e.g., attending a PCI SSC Community Meeting or other forum, taking a PCI SSC training or attending a PCI SSC webinar, there are many other non-PCI SSC specific activities that can also be used to earn CPE credits. In fact, most efforts to improve and promote your education around security and compliance or technology could garner CPE credits. Any relevant industry conference or computer-based training may qualify for CPE credit. You may even use self-study to earn CPEs. For example, listening to industry-related podcasts, attending security-related webinars, reading books on security or technology can all be used to help meet your CPE requirements.
Q: Is there a cap on the number of CPEs I can claim?
A: You should be aware that there are some (but not many) activities where a cap is placed on the number of CPEs that you can claim. Details about this can be found within the CPE Maintenance Guide downloadable from the PCI SSC Document Library.
Q: How do I record my CPE credits for PCI SSC certifications?
A: Recording CPEs in the portal is easy. You must record the start and end dates for these activities and the total number of CPE credits you are claiming. Once you’ve completed your required annual CPEs, your submission of the credits will be sent to your primary contact for approval. As an assessor, your primary contact must approve them to be accepted for program acceptance. Another note on assessors, your primary contact cannot approve your CPEs until all required items have been entered, for example certificate numbers for required industry certifications. PCIPs may submit their CPEs at the end of year three (3).
Read more posts from Community Engagement Manager Elizabeth Terry
Q: What are acceptable forms of evidence for CPEs?
A: Evidence must demonstrate that you participated in the activities recorded. Acceptable evidence for CPEs is a certificate or course transcript for professional training, proof of attendance for a conference, research and prep notes for a speaking or teaching engagement, etc. It is important that the evidence includes information such as the date, description, type of activity, your name, and the name of the sponsoring organisation (if applicable). You must retain evidence for all claimed CPEs for a minimum of 12-months following each CPE cycle. The Council may choose to audit the evidence for your CPEs. Should that occur, you will want to have evidence available to demonstrate you did participate in the activities you have recorded in the portal.
Q: How many CPEs does my PCI program require?
A: CPE requirements vary by program. Below is a chart that outlines CPE requirements:
|
Minimum CPE Requirements |
||
|
Program |
Annual |
Rolling 3-year Cycle |
|
ASV |
20 |
120 |
|
CPSA (Physical Assessor with no industry certifications) |
10 |
30 |
|
CPSA (Logical Assessor) |
There is no requirement to submit evidence of CPEs |
|
|
PCIP |
10 |
30 |
|
QPA |
20 |
120 |
|
QSA |
20 |
120 |
|
Associate QSA |
20 |
120 |
|
PFI, PA-QSA, 3DS Assessor, QSA (P2PE) and PA-QSA (P2PE) |
There are no additional CPE requirements beyond those established for QSAs. |
|
|
ISA*** |
There is no requirement to submit evidence of CPEs |
|
***Recommendation: Adhere to CPE requirements established for QSAs
