Disclaimer: “Certified” refers to ISO/IEC 17024 certifications’ requirements, and “Certificate holder” refers to ASTM E2659 certificate programs’ requirements.
For each application, two professional references are required. Professional references shall be individuals who have worked with you in a professional environment and can validate your expertise in the respective field, current, and previous work history. You cannot use as a referee the persons who fall under your supervision or are a relative of yours.
Note: References do not apply for Foundation, Transition, and Provisional certificates.
Candidates shall provide complete information regarding their professional experience, including job titles, commencement and end dates, job descriptions, and more. Candidates are advised to summarize their previous and current assignments, providing sufficient details to describe the nature of the responsibilities that they have had. More detailed information can be included in the résumé.
A pre-evaluation step will be done, before the certification process is implemented for all candidates that will apply for ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and DPO Certification Schemes. This will be carried out to confirm if the candidate meets the work experience specified within the certification scheme.
Work experience does not apply for Foundation, Transition and Provisional certificates.
Note: ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and DPO-CNIL certification schemes do not have Provisional credentials.
The candidate’s audit log will be checked to ensure that the candidate has the required number of audit hours. The following audit types constitute valid audit experience: pre-audit, gap analysis, internal audits, second-party audits, third-party audits, or opinion audits.
The candidate’s project log will be checked to ensure that the candidate has the required number of implementation hours.
The Certification Department will evaluate each application to validate the candidate’s eligibility for certification or certificate program. A candidate whose application is being reviewed will be notified in writing and given a reasonable time frame to provide any additional documentation if necessary. If a candidate does not respond by the deadline, or does not provide the required documentation within the given time frame, the Certification Department will validate the application based on the initial information provided, which can eventually lead to the downgrade of it to a lower credential or it can be declared ineligible. At the end of the evaluation of the application, if all requirements are met, a certificate and a digital badge are issued to the candidate.
Note 1: Downgrade is not applicable for Foundation, Transition, and Provisional certificates.
Note 2: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and CNIL downgrade is not applicable.
PECB can deny certification/certificate program if candidates:
Any concerns regarding the denial of certification/certificate program can be appealed in writing to the Certification Board.
The application payment for the certification/certificate program is nonrefundable. This is because of the process of verifying the application, the evidence submitted by the candidates, and the engagement of the relevant departments in this process.
PECB can temporarily suspend certification if the candidate fails to satisfy the requirements of PECB. Additional reasons for suspension can be if:
Note 1: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager, failure to submit the CPD and AMF payment during the cycle will result in a 12-month suspension period, during which you can address any outstanding AMFs and CPDs. If no action is taken during the suspension period, the certification will be revoked.
Note 2: For CNIL, failure to comply with the recertification requirements (work experience in data protection and passing the CNIL recertification exam) will result in a 12-month suspension period. If no action is taken during the suspension period, the certification will be revoked
PECB can revoke (that is, to withdraw) certification if the candidate fails to satisfy the requirements of PECB. Candidates are then no longer allowed to represent themselves as PECB certified professionals. Additional reasons can be if candidates:
Individuals whose certification has been revoked, are not authorized to use any references to a certified status.
Note 1: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager, failure to submit the CPD and AMF payment during the cycle will result in a 12-month suspension period, during which you can address any outstanding AMFs and CPDs. If no action is taken during the suspension period, the certification will be revoked.
Note 2: For CNIL, failure to comply with the recertification requirements (work experience in data protection and passing the CNIL recertification exam) will result in a 12-month suspension period. If no action is taken during the suspension period, the certification will be revoked
PECB shall invalidate a certificate if the person it was issued to is found to have not fulfilled the certificate program requisites.
All candidate applications shall be evaluated objectively without regard to age, sex, race, religion, national origin, or marital status. PECB will allow for reasonable accommodations (1) as required by the Americans with Disabilities Act (ADA) (2) or an equivalent national law. A candidate who needs special accommodations must make the request in writing and allow an extra two weeks for processing of the application. Click here to download the Special Accommodations for Candidates with Disabilities Form.
Any complaint that a candidate has must be made no later than 30 days after their certification/certificate program has been denied. Within 30 working days after receiving the complaint, PECB will provide a written response to the candidate. Should the response from PECB not be satisfactory, the candidate has the right to file an appeal. For more detailed information, please refer to the PECB Complaint and Appeal Policy.
1. Professional References
2. Professional Experience
3. Audit Experience
4. Project Experience
5. Evaluation of Applications
6. Denial of Certification/Certificate Program
7. Suspension of Certification
8. Revocation of Certification
9. Invalidation of Certificate
10. Non-discrimination and Special Accommodations
11. Complaint and Appeal
