Continuing professional education is an important component of PCI SSC Qualification. Staying up to date, even during the COVID-19 pandemic, with the latest knowledge, techniques, and insights helps support the Program Participant’s ability to effectively conduct the tasks and responsibilities associated with a PCI SSC Qualification. We sit down with Elizabeth Terry, Senior Manager, Community Engagement, to answer some common questions regarding maintaining Continuing Professional Education Credits (CPEs) during COVID-19.
With worldwide travel restrictions and stay at home orders in place, many are concerned about maintaining the required CPEs for the professional certifications. Are CPEs limited to in person events or training?
Elizabeth Terry: The short answer is no. While most in person events could be used to earn CPEs, e.g., attending a PCI SSC Community Meeting or other industry conference or taking a PCI SSC or other industry training, there are many other activities that can also be used to earn CPE credits which do not require in person attendance. In fact, most efforts to improve and promote your education around security and compliance or technology could garner CPE credits. Any relevant virtual industry conference or computer-based training may qualify for CPE credit. You may even use self-study to earn CPEs. For example, listening to industry-related podcasts, attending security-related webinars including PCI SSC webcasts, reading books on security or technology can all be used to help meet your CPE requirements. In addition, any CPEs you acquire to maintain another industry certification, such as CISSP or CEH, will count for PCI SSC certification CPEs.
Are there limits on the number of CPEs I can record for different activities (e.g. reading books, attending webinars)?
Elizabeth Terry: You should be aware that there are some (but not many) activities where a cap is placed on the number of CPEs that you can claim. Details about this can be found within the CPE Maintenance Guide downloadable from the PCI SSC Document Library.
How do I record my CPE credits for PCI SSC certifications?
Elizabeth Terry: Recording CPEs in the portal is easy. You must record the start and end dates for these activities and the total number of CPE credits you are claiming. Once you’ve completed your required annual CPEs, your submission of the credits will be sent to your primary contact for approval. As an assessor, your primary contact must approve them to be accepted for program acceptance. Another note on assessors, your primary contact cannot approve your CPEs until all required items have been entered, for example certificate numbers for required industry certifications. PCIPs may submit their CPEs at the end of year three (3).
Also on the blog: Read More From PCI SSC on Covid-19 Topics
What are acceptable forms of evidence for CPEs?
Elizabeth Terry: Evidence must demonstrate that you participated in the activities recorded. Acceptable evidence for CPEs is a certificate or course transcript for professional training, proof of attendance for a conference, research and prep notes for a speaking or teaching engagement, etc. It is important that the evidence includes information such as the date, description, type of activity, your name, and the name of the sponsoring organisation (if applicable). You must retain evidence for all claimed CPEs for a minimum of 12-months following each CPE cycle. The Council may choose to audit the evidence for your CPEs. Should that occur, you will want to have evidence available to demonstrate you did participate in the activities you have recorded in the portal.
How many CPEs does my PCI SSC program require?
Elizabeth Terry: CPE requirements vary by program. Below is a chart that outlines CPE requirements:
Minimum CPE Requirements:
|
Program |
Annual |
Rolling 3-year Cycle |
|
ASV |
20 |
120 |
|
CPSA (Physical Assessor with no industry certifications) |
10 |
30 |
|
CPSA (Logical Assessor) |
There is no requirement to submit evidence of CPEs |
|
|
PCIP |
10 |
30 |
|
QPA |
20 |
120 |
|
QSA |
20 |
120 |
|
Associate QSA |
20 |
120 |
|
PFI, PA-QSA, 3DS Assessor, QSA (P2PE) and PA-QSA (P2PE) |
There are no additional CPE requirements beyond those established for QSAs. |
|
|
ISA*** |
There is no requirement to submit evidence of CPEs |
|
|
SSF Assessors |
There are no requirements to submit evidence of CPEs |
|
***Recommendation: Adhere to CPE requirements established for QSAs
Are CPEs based on calendar year or based on date of certification anniversary?
Elizabeth Terry: CPEs are based on the certification requalification anniversary date. For example, if I certified for PCIP on 9 July 2017 – meaning my requalification will be every three years or 9 July 2020. I must have 10 CPEs for each year from 2017 to 2020 for a total of 30 CPEs by 9 July each year after initial certification.
What if I have more questions? Who do I contact?
Elizabeth Terry: For any additional questions, please contact the appropriate Program Manager (e.g. PCIP@pcisecuritystandards.org, QSA@pcisecuritystandards.org).
