How to get CISM certified

You’ve prepared by doing the work, taken the exam and are now ready to apply for your CISM® Certification. Let’s make sure you have everything you need:

Members save on CPEs, renewals, and exams

JOIN

CISM certification requirements

CISM Logo

Successfully complete the CISM examination

The CISM exam is open to anyone who has an interest in information security. You can still take the CISM exam even if you haven’t met the experience requirements yet, although you’ll have to meet those before getting certified. When you take the CISM exam, we’ll send you your results, and if you passed, the details you need to apply for your CISM certification. Candidates have five years from the passing date to apply for certification.

Demonstrate the minimum required work experience

A minimum of 5-years of professional information security management work experience within the CISM job practice areas—as described in the CISM job practice areas—is required for certification. Work experience for the CISM certification must be gained within the 10-year period preceding the application date for certification. Candidates have 5-years from the passing date to apply.

Earn & report CPE hours

Attain and report a minimum of 120 Continuing Professional Development (CPE) hours during a three-year reporting period, completing a minimum of 20 CPE hours per year. If these CPEs satisfy the requirements for other ISACA certifications, they may also count toward those designations.

Adhere to the Code of Professional Ethics

Members of ISACA and/or holder of the CISM designation, you’ll need to agree to a Code of Professional Ethics to guide your professional and personal conduct.

Already certified and need to maintain your certification?