1. Purpose

The aim of this policy is to ensure that all PECB certified professionals maintain an adequate level of knowledge and competence in their respective fields and engage in relevant Continual Professional Development (CPD) activities for further improvement of their knowledge. 

2. Scope

This policy is applicable to all PECB certified professionals. The following credentials do not require maintenance: Foundation, Provisional, and Transition.

3. Overview

PECB certified professionals who follow this policy and successfully comply with its requirements will be able to continually demonstrate competence, broaden knowledge, and consequently renew their certification(s). 

The CPD requirements are set and overseen by the PECB Scheme Committee.

4. Recertification Requirements

PECB Certifications are valid for three years. In order to maintain a certification, PECB certified professionals must comply with the following requirements:

• Submit CPDs
• Pay AMFs
• Adhere to the PECB Code of Ethics 

For CNIL certification, the recertification requirements are:

• Passes a new written test
• Demonstrates that the candidate has professional experience of at least one year, acquired over the last three years, in projects, activities or tasks related to the missions of the DPO with regard to data protection or information security, certified by a third party (employer or client)

5. How to Renew the Certification?

To be able to renew a certification, PECB certified professionals will need to demonstrate that they are maintaining their certification(s) by submitting CPDs and AMFs throughout the three-year certification cycle. Upon meeting these requirements, your certification will be renewed at the end of the third year.

PECB certification(s) can be renewed online through the PECB Dashboard, by logging into the dashboard (https://pecb.com/en/login), clicking My Certifications, and then the Renew button. If after three years the recertification requirements are met, the certification will be renewed.

5.1 Continuing Professional Development (CPD) 

Continuing Professional Development is a portfolio structure for demonstrating, documenting, and tracking the skills, knowledge, and experience acquired by professionals after their initial certification.

CPDs are important for updating professional experience, acknowledging achievements, and demonstrating professional activities conducted.

In order to support certified professionals earn CPD credits, PECB continually organizes webinar sessions, provides opportunities for writing articles, participating in trainings and events, and more. For more information, please read the CPD Policy.

5.2 Annual Maintenance Fees (AMF)

Annual Maintenance Fees are required to maintain a PECB certification. 

If the certified professional fails to fulfill either of these CPD or AMF requirements, the certification will be downgraded. 

Note: if the certified professional fails to fulfill the recertification requirements for ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager, and CNIL, the certification will be revoked.

6. How to Report CPDs and Pay AMFs?

6.1 Reporting of CPDs

PECB certified professionals will need to provide PECB with the required hours of auditing and/or implementation-related tasks they have performed and/or other CPD activities that are considered eligible. CPDs can be submitted at any time, by logging into your PECB dashboard, and clicking on My Certifications>CPD Info>Submit CPD.

6.2 Payment of AMF

A PECB certification requires the payment of the maintenance fee. For more instructions on how to submit CPDs and AMFs, please refer to this manual.

6.3 Notifications to submit CPDs and AMFs

PECB notifies each PECB certified professional to maintain their certification(s), throughout the certification cycle. 

PECB Certified Professionals that report CPD hours and submit the full AMF payments on time will receive a confirmation from PECB, which will include the hours required to qualify for the three year certification cycle.

7. Downgrade

A PECB Certification can be downgraded to a lower credential due to the following reasons:

• AMF has not been paid.
• CPD hours have not been submitted.
• Insufficient CPD hours have been submitted.
• Evidence on CPD hours has not been submitted upon request.

Note: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and CNIL downgrade is not applicable. 

8. Upgrade

PECB Professionals can apply for a higher credential once they provide evidence that proves that they fulfill the requirements of the higher credential. 

PECB Certifications can be upgraded online through your dashboard by logging here, clicking My Certifications and then the Upgrade button. 

The application fee for an upgrade is $100. 

Note: For downgraded certifications that need to be upgraded, an evaluation will be done to determine if an exam is required prior to obtain an upgraded certification.

9. Suspension

PECB can temporarily suspend the certification for the following reasons: 

• Failure to comply with recertification requirements
• PECB receives excessive or serious complaints by interested parties (suspension will be applied until the investigation has been completed.)
• The logos of PECB or accreditation bodies are willfully misused.
• The candidate fails to correct the misuse of a certification mark within the determined time by PECB.
• The certified individual has voluntarily requested a suspension.
• PECB deems appropriate other conditions for suspension of certification.

Individuals whose certification has been suspended, are not authorized to further promote their certification while it is suspended.

Note 1: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager, failure to submit the CPD and AMF payment during the cycle will result in a 12-month suspension period, during which you can address any outstanding AMFs and CPDs. If no action is taken during the suspension period, the certification will be revoked.

Note 2: For CNIL, failure to comply with the recertification requirements (work experience in data protection and passing the CNIL recertification exam) will result in a 12-month suspension period. If no action is taken during the suspension period, the certification will be revoked.

10. Revocation

PECB can revoke (that is, to withdraw) the certification if the candidate fails to satisfy its requirements. In such cases, candidates are no longer allowed to represent themselves as PECB Certified Professionals. Additional reasons for revoking certification can be if the candidates:

• Failure to reinstate the suspended certification within the given timeframe
• Violate the PECB Code of Ethics
• Misrepresent and provide false information of the scope of certification
• Break any other PECB rules

Individuals whose certification has been revoked, are not authorized to use any references to a certified status.

Note 1: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager, failure to submit the CPD and AMF payment during the cycle will result in a 12-month suspension period, during which you can address any outstanding AMFs and CPDs. If no action is taken during the suspension period, the certification will be revoked.

Note 2: For CNIL, failure to comply with the recertification requirements (work experience in data protection and passing the CNIL recertification exam) will result in a 12-month suspension period. If no action is taken during the suspension period, the certification will be revoked.

11. Others Statuses

Besides being active, suspended, or revoked, a certification can be voluntary withdrawn, or designated as Emeritus. More information about these statuses and the permanent cessation status, and the application procedure, please visit Certification Status Options. 

12.  PECB Code of Ethics

All PECB Professionals are required to adhere to the PECB Code of Ethics. Failure to do so can result in investigations and/or disciplinary measures. The PECB Code of Ethics can be reviewed here: https://pecb.com/en/pecb-code-of-ethics.

---

CPD Requirements

Certification	Activities	3-Year/Total CPD hours
Foundation, Provisional, and Transition	None	None
Implementer	Hours of project experience, implementation or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	60 hours
Auditor, Assessor	Hours of audit or assessment-related experience, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	60 hours
Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	60 hours
EBIOS, MEHARI	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	60 hours
Six Sigma Green Belt	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	60 hours
Lead Implementer	Hours of project experience, implementation, or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
Senior Lead Implementer	Hours of project experience, implementation, or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	180 hours
Lead Auditor, Lead Assessor	Hours of auditing or assessment-related experience, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
Senior Lead Auditor	Hours of auditing or assessment-related experience, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	180 hours
Lead Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
Senior Lead Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	180 hours
Risk Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	60 hours
Senior Risk Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	180 hours
Lead Risk Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
Senior Lead Risk Manager	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	180 hours
CLFE	Hours of project experience related to certification field, assessment-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
CLPI	Hours of project experience, implementation, or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
CDPO	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
CLSIP	Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	90 hours
Master	Hours of implementation, management, or auditing-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities	270 hours

AMF Requirements

Certification	AMF (rate per 3-year)
Foundation, Provisional, and Transition	None
All other certifications	$360

 

Download PECB Certification Maintenance Brochure