USA
India
APAC
Middle East
Global
Facebook
Linkedin 
X
Youtube
CPE Policy
Objective
SISA’s certification schemes are designed for digital payment industry security professionals to safeguard the payment ecosystem through effective deployment of technology controls. These certifications are awarded to individuals who meet specific criteria and are valid for three years.
To maintain the certification, this policy emphasizes the importance of Continuing Professional Education (CPE), ensuring that certified professionals stay current, competitive, and eligible for recertification through ongoing learning and skill enhancement.
Scope
This CPE and Recertification Policy applies solely to individuals who hold the CPISI
certification issued by SISA. At present, professionals holding other SISA certifications are not
subject to this policy and remain exempt until further notice.
Definitions
- CPISI: Certified Payment Industry Security Implementer a designation offered by SISA to professionals with demonstrated knowledge in PCI DSS implementation.
- CPE (Continuing Professional Education): Learning activities that help certification holders maintain competence and stay up to date with developments in the field of information security.
- CPE Credit Point: A unit of measurement equivalent to one hour of qualified professional development activity.
- Recertification Cycle: A fixed 3-year period in which CPISI professionals must meet the minimum CPE requirements.
- Certification Expiration Date: The date on which a CPISI certification will lapse unless recertification is achieved.
- Recertification Assessment: A formal evaluation or structured interview to verify continuing competency, applicable to randomly selected individuals during audit.
Continuing Professional Education:
Continuing Professional Education (CPE) refers to the ongoing learning activities that
professionals engage in to maintain and enhance their knowledge, skills, and
competencies in their field. It is especially important in dynamic industries like digital payment security, where technologies and threats evolve rapidly. CPE ensures that
certified professionals remain current with industry standards, regulatory
requirements, and best practices. By participating in CPE, individuals not only uphold the credibility of their certifications but also demonstrate a commitment to
professional growth and excellence.
Recertification Cycle
The recertification process will comprise of 6 key elements as shown in the following
“Recertification Cycle”.
CPE Requirements:
All individuals holding the CPISI certification are
required to complete a minimum of 45 Continuing Professional Education (CPE) hours over a three-year certification cycle. To ensure consistent professional development, a minimum of 10 CPE hours must be earned in each year of the cycle.
This requirement is intended to help certified professionals stay current with evolving
technologies, industry standards, and best practices in digital payment security,
thereby maintaining the relevance and integrity of their certification.
Eligible Activities:
The following list of activities serves as a guideline for CPISI-certified professionals
seeking recertification. These activities are recognized as valid forms of Continuing
Professional Education (CPE) and are intended to help candidates meet the required
CPE credit hours. While this list is not exhaustive, it provides a reference framework
to ensure that learning efforts are aligned with the objectives of maintaining
professional competence and staying current with developments in the digital payment
security domain.
| # | Activities Description | CPE Credits | Maximum Credits allowed Per Year |
|---|---|---|---|
| 1 | Attending technology conferences or symposiums on Cloud Security, Risk Management, AI in Cybersecurity and allied infosec domains | 2 credits per hour | 10 credits per year |
| 2 | Publishing a peer-reviewed white paper or article on payment security | 5 credits per article | 10 credits per year |
| 3 | Delivering training or speaking at conferences on security and compliance related topics | 2 credits per hour | 6 credits per year |
| 4 | Taking relevant industry training related to Payment Security, Business Continuity, Resilience Building, Software Architecture, Audit Management, Risk Management, Securing AI etc. | 1 credit per hour | 10 credits per year |
| 5 | Active participation in PCI Council working groups or forums | 3 credits per year | 3 credits per year |
| 6 | Attending online webinars on IT/security topics | 1 credit per webinar | 5 credits per year |
Documentation and Evidence:
Certified professionals are required to maintain
accurate and verifiable records of all completed Continuing Professional Education
(CPE) activities. Acceptable forms of documentation include, but are not limited to,
certificates of attendance, event agendas, proof of participation, and official
transcripts. These records must be retained for the duration of the certification cycle
and may be subject to audit or verification by SISA as part of the recertification
process.
Reporting and Submission:
To ensure proper tracking and validation of
Continuing Professional Education (CPE) credits, certified professionals must submit
details of their completed CPE activities to the certifying body. This submission can
be made through SISA’s designated online portal or by completing the prescribed
CPE submission form. Alternatively, professionals may email their documentation
directly to recertification@sisainfosec.com for review. Submissions must include all
relevant supporting documents, such as certificates of completion, event agendas, or
proof of participation. It is the responsibility of the certified individual to ensure that
all information is accurate, complete, and submitted within the required timeframe to
be considered for recertification.
Audit and Verification:
All CPE evidence submitted by certification holders
shall undergo an independent review conducted by the Certification Manager or a
designated representative. This review process is designed to ensure the authenticity,
accuracy, and relevance of the submitted activities. As part of the verification mechanism, SISA reserves the right to conduct random or scheduled audits of CPE submissions. These audits may include requests for additional documentation or clarification to validate compliance with the CPE requirements outlined in this policy.
Recertification:
Upon successful review of the submitted CPE evidence, if all
required parameters and criteria are met, the Certification Manager or designated reviewer shall recommend the renewal or extension of the certification’s validity. This
recommendation will be forwarded to the respective Business Unit Head for final
approval. Recertification will be subject to the candidate completing the applicable
recertification fee payment. Once approved and payment is confirmed, the list of
professionals whose certifications have been renewed or extended shall be
documented and presented during the Monthly Management Review Meetings for organizational visibility and governance oversight.
Revocation of Certification Credential:
The CPISI certification may be subject to revocation under specific conditions, including failure to fulfil the Continuing Professional Education (CPE) requirements within the designated three-year cycle, submission of falsified or misleading CPE records, non-payment of applicable recertification fees, or involvement in ethical misconduct as determined by SISA. In the event of revocation, the individual will lose their certified status and must reapply and successfully complete the full CPISI certification process, including all assessments and requirements, to regain certification.
Reconsideration and Appeal:
Certified professionals whose CPISI recertification
is denied or whose certification has been revoked have the right to appeal the
decision. Appeals must be formally submitted to SISA within 30 calendar days from
the date of notification of the decision. The appeal must include a detailed written
statement outlining the grounds for the appeal, along with all relevant supporting
documentation or evidence. Appeals submitted after the deadline or without adequate
justification may not be considered. All appeals will be reviewed by the designated
Appeals Committee, and SISA’s final decision on the matter shall be binding and not
subject to further review.
CPE Application Form
SISA is a Leader in Cybersecurity Solutions for the Digital Payment Industry. As a Global Payment Forensic Investigator of the PCI Security Standards Council, we leverage forensics insights into preventive, detective, and corrective security solutions, protecting 1,000+ organizations across 40+ countries from evolving cyberthreats.
Our suite of solutions from AI-driven compliance, advanced security testing, agentic detection/ response and learner focused-training has been honored with prestigious awards, including from Financial Express, DSCI-NASSCOM and The Economic Times.
With commitment to innovation, and pioneering advancements in Quantum Security, Hardware Security, and Cybersecurity for AI, SISA is shaping the future of cybersecurity through cutting-edge forensics research.
