CFCM, CICRA, CICA, CBCA, CBCS, CBCM, CFCP, CFCM, CISSP, certified fraud examiner, lead auditor
cfca, cfcp, cfcm, cicra, cica, cbcs, cbca, cbcm

Maintain Your Credential

To remain "in good standing" as a member of CIS' Body of Certified Professionals, a credential holder must:

  • Abide by the CIS Code of Ethics. See below for details.
  • Maintain an active membership in the CIS Body of Certiifed Professionals
  • Obtain and submit the required Continuing Professional Education credits (CPEs).
    Ensuring continued competence is accomplished by meeting the Continuing Professional Education hours required by the board. Credential holders must earn the minimum number of Continuing Professional Education credits (CPEs) annually during each year of the three-year certification cycle. Although members may earn more than the minimum number of CPE credits required for credential maintenance for the three-year cycle, they are still required to earn and submit the minimum annual number to maintain their certification in “good standing.” See below for details.
  • Submit Certification Annual Maintenance Fees (AMFs) upon receipt of annual invoices.
    Payment of Annual Maintenance Fees (AMFs) ensures that the organization has the necessary financial resources to maintain member records, ensures certification continues to meet the needs and requirements of the market, and ensures that the organization will continue to be a functional, dynamic entity far into the future. See below for details.
  • Code-of-Ethics
  • AMFs and CPEs
  • Re-Activating Suspended Certification

  • Code of Ethics

    All professionals who are certified by Certified Information Security (CIS) recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all CIS members are required to commit to fully support this Code of Ethics (the "Code"). CIS members who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. CIS members are obligated to follow the ethics complaint procedure upon observing any action by a CIS member that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon IV, "Advance and Protect the Profession".

    There are only four mandatory canons in the Code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.

    Additional guidance is provided for each of the canons. While this guidance may be considered by the board of directors in judging behavior, it is advisory rather than mandatory. It is intended to help professionals identify and resolve the inevitable ethical dilemmas that they will confront during the course of their information security career.

    Code of Ethics Preamble:
    • Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
    • Therefore, strict adherence to this Code is a condition of certification.
    Code of Ethics Canons:
    • Protect society, the commonwealth, and the infrastructure.
    • Act honorably, honestly, justly, responsibly, and legally.
    • Provide diligent and competent service to principals.
    • Advance and protect the profession.
    The following additional guidance is given regarding pursuit of these goals.
    Objectives for Guidance
    • In arriving at the following guidance, the committee is mindful of its responsibility to:
    • Give guidance for resolving good versus good and bad versus bad dilemmas.
    • To encourage right behavior such as:
      • Research
      • Teaching
      • Identifying, mentoring, and sponsoring candidates for the profession
      • Valuing the certificate   
    • To discourage such behavior as:
      • Raising unnecessary alarm, fear, uncertainty, or doubt
      • Giving unwarranted comfort or reassurance
      • Consenting to bad practice
      • Professional association with non-professionals
      • Professional recognition of or association with amateurs
      • Associating or appearing to associate with criminals or criminal behavior  

    These objectives are provided for information only; the professional is not required or expected to agree with them. In resolving the choices that confront him or her, the professional should keep in mind that the following guidance is advisory only. Compliance with the guidance is neither necessary nor sufficient for ethical conduct. Compliance with the preamble and canons is mandatory. Conflicts between the canons should be resolved in the order of the canons. The canons are not equal and conflicts between them are not intended to create ethical binds.

    Protect society, the commonwealth, and the infrastructure
    • Promote and preserve public trust and confidence in information and systems.
    • Promote the understanding and acceptance of prudent information security measures.
    • Preserve and strengthen the integrity of the public infrastructure.
    • Discourage unsafe practice.
    Act honorably, honestly, justly, responsibly, and legally
    • Tell the truth; make all stakeholders aware of your actions on a timely basis.
    • Observe all contracts and agreements, express or implied.
    • Treat all members fairly. In resolving conflicts, consider public safety and duties to principals, individuals, and the profession in that order.
    • Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be truthful, objective, cautious, and within your competence.
    • When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service.
    Provide diligent and competent service to principals
    • Preserve the value of their policies, authorized business processes, and code of ethics.
    • Respect their trust and the privileges that they grant you.
    • Avoid conflicts of interest or the appearance thereof.
    • Render only those services for which you are fully competent and qualified.
    Advance and protect the profession
    • Sponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.
    • Take care not to injure the reputation of other professionals through malice or indifference.
    • Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others.

  • Annual Maintenance Fees and Continuing Educational Credit Requirements

    Payment of Annual Maintenance Fees (AMFs) ensures that the organization has the necessary financial resources to maintain member records, ensures certification continues to meet the needs and requirements of the market, and ensures that the organization will continue to be a functional, dynamic entity far into the future.

    • CFCMs, CICAs, and CBCMs are required to earn and post a minimum of 20 CPE credits (of the 120 CPE credits required in the three-year certification cycle) and pay the AMF of US$85 during each year of the three-year certification cycle.
    • CFCPs, CBCSes, and CBCAs are required to earn and post a minimum of 10 CPE credits (of the 60 CPE credits required in the three-year certification cycle) and pay the AMF of US$65 during each year of the three-year certification cycle.
    • CFCAs, and CICRAs are required to earn and post a minimum of 10 CPE credits (of the 60 CPE credits required in the three-year certification cycle) and pay the AMF of US$45 during each year of the three-year certification cycle.
    For any certifications starting after 30 September of the current year, AMF requirements shall be waived for the first subsequent year. This means that if you achieve your certification after 30 September 2012, no Annual Maintenance Fees shall be required until 2014.

  • Certification Re-Activation

    Suspension of certification can only be lifted when the minimum annual CPE and AMF requirements are met. From the date of suspension, members will have a grace period of 90 days to get their CPE credits and AMFs up to date. Following the third consecutive suspension, a notification from CIS will automatically be sent via email to inform the member that he or she has been de-certified.