Does a practicum count for recertification?
Yes. As long as it is industrial security or information security related it is a continued phase of the training process.
Do examinations and quizzes count for recertification?
No, this is an assessment of the learning process.
I took a class through the agency I work for (Army, Navy, commercial training agency such as SANS, etc.) and am not sure if the training qualifies for recertification. Can I get it evaluated for CEU award prior to my recertification date?
Yes, send the agenda and course description to request an evaluation.
If I do not agree with a CEU award decision can I request a second review?
Yes, submit the review request to Kyle Fernley (kyle@mmco1.com) with comments describing why a second review is warranted. The ISP® Committee will then complete a second review.
If I did not recertify can I continue to use the ISP® in my signature block?
No.
What happens if I do not recertify?
Your name is removed from the current ISP® list and you are no longer recognized as a current ISP®. Additionally, you are not authorized to the privileges bestowed upon a current ISP®.
I did not recertify. How do I regain my ISP® status?
You must submit a completed ISP® examination package and pass the ISP® examination again.
I did not receive my recertification notification package from NCMS HQ containing my recertification instructions. Do I still have to recertify by my established recertification expiration
date?
Yes, it is a personal responsibility to know your recertification expiration date and submit it in a timely manner. All recertification instructions and the application are included on the ISP® website.
I created and presented an original presentation for my company. Does that qualify for CEU
award?
Yes, if it is an original presentation, relates to industrial security, and is at least 45 minutes in length (to earn 5 CEU). Updating an existing presentation is not considered an original presentation. NOTE: An original presentation can only be counted once in the recertification cycle.
Does the 5-to 10-minute question and answer period that typically follows a presentation count as part of the 45 minutes needed to qualify as one CEU award as an attendee?
Yes.
How do I obtain a replacement ISP® pin?
Contact Sue Morris (sue@mmco1.com) for a replacement pin.
I have the older (original) pin. How do I get the new (current style) pin?
Contact Sue Morris (sue@mmco1.com) for a replacement pin.
I am an EPP Mentor/SME. How do I claim CEUs for the EPP mentoring?
Submit a list of EPP sessions you participated in. CEU credit is one CEU per hour supported.
Can my entire CEU award be from CDSE STEPP courses?
Yes, just provide completion certificates and course descriptions.
Can I get CEU credit for taking the same course multiple times in the same recertification cycle?
No, you can only count CEU credit for the class once in the recertification cycle. If you take the class again in a different recertification cycle, it will count again but only once.
I’ve looked at the ISP® Recertification Credit Guide on the NCMS website, and I am worried recertification will be too difficult for me to achieve. I don’t think I qualify for anywhere near the amount of CEUs I will need. Is it really worth the work and hassle to recertify?
It certainly IS worth the “hassle” to recertify! If you haven’t noticed it already, the security world is
waking up to this accredited certification. Employers are now much more discerning when selecting a security manager or other security professional for their security staff, and those security professionals who have the ISP®, or any other professional certification, are more likely to get the position over someone who doesn’t. Government customers are also realizing that someone who has prepared for and passed the ISP® test ranks as being more professional, versus someone who “works in security”. A better security position, due to the ISP® certification, also comes with higher-level responsibilities, elevated status in the company and a better paycheck. Use your successful ISP® recertification as part of your Annual Appraisal Review and remind your company that you are indeed a true security professional! The ISP® recertification is not that difficult to achieve. The CEUs add up quickly just through regular security work accomplished on a daily basis. Any security courses you take, seminars you attend, and briefings or articles you write/present are worth CEUs. A certification is worth any amount of work when
you consider how easy it really is to recertify.
Can I get CEUs for belonging to NCMS, and if so, for how many years may I claim CEUs?
This is one of the easiest ways to earn CEUs. If you belong to NCMS or any other chartered, professional security organization such as ISAC, ASIS, etc., you can receive 5 CEUs for each year. If you’ve been a member for all 3 years, you can claim 15 CEUs, which is the maximum amount you can receive for membership. If you belong to NCMS and choose to claim CEUs for that organization, your membership is already on file at NCMS corporate offices. If you choose another organization, you will need to submit documented proof that you are a paid member in good standing for each year. See, you’re off to a good start already…. You only need 45 more CEUs!!
What if I am not a member of any security organization such as those listed above? I don’t think my company will reimburse me for the dues, and I’m just too busy anyway to go to all those meetings or volunteer. I got through my ISP® test as a non-member.
First of all, joining NCMS is highly recommended, as well as any other professional security
organization! Joining one of these organizations is priceless when you consider the education, training, networking and up-to-the-minute information on national policy that comes with your membership. If your company won’t reimburse your dues annually and you can afford it, join anyway. The benefits will far outweigh the cost! Too busy for meetings or to volunteer – all security professionals are very busy; it’s the very nature of what we do in security – protecting our Nation’s defense information. Chapter meetings and seminars are held at various times and locations throughout the year, and the National Seminar is held annually in June. Everyone can find time to fit in at least one meeting at a location near you. But the bottom line is–while you do not have to be a member of any security organization to recertify…the benefits of membership are invaluable!
I attended a non-NCMS function and was told I could be awarded CEU credit. Is that true?
Yes, it is! Please see the rules for individual CEU Review requests below.
I attended some training that I THINK may qualify for CEU credit. How can I find out if I can claim this training for CEUs?
If you attended an event that was not NCMS-sponsored, you can still earn CEU credits if it relates to industrial security and meets the criteria. Send the agenda with the date(s) (Word format, please) to the NCMS National Office (kyle@mmco1.com) for CEU Review. The CEU Review Subcommittee Chair will then make the CEU determination. The CEUs being awarded will be sent to you, with a copy to the NCMS office. Proof of attendance/completion is required in order to claim the CEU award.
I know I’ve attended meetings, seminars and even the NCMS National Seminar a couple years ago after I passed my certification test, but I can’t locate the training certificate I was given. What
can I do?
Right after you certify or recertify, it’s a good practice to either add the documentation to your “ISP® Recertification Documents” folder and keep it in a safe place OR go ahead and upload them into your on line application as they are received. Then, when it is time for you to complete your on-line application, it should almost be complete! However, if you do need to locate some documentation, you can contact your local chapter’s secretary and request a duplicate copy be sent to you. For NCMS National Seminars, you do not need to submit a copy of the certificate(s) as the NCMS National Office maintains attendance records.
Since I certified with my ISP®, I have gone back to school for my bachelor/master’s degree(s). Under what conditions can I use these courses for recertification?
College courses are a SUPER way to earn CEUs. Not only are you getting a great education, you may be able to use those courses to recertify. A point of clarification – the courses submitted for CEUs to recertify MUST be security-related from an accredited college or university (online schools count!). You can earn 15 CEUs for ONE course (must be a 3 credit hour college course), and there is no limit! To claim security-related courses from college, you must submit documentation that shows you registered for and completed the course, a course description and transcript with grade received for the course.
I’m unsure if some of the courses I’ve taken for my degree program are security-related and would qualify for recertification such as those taken for Criminal Justice or an MBA; many of my courses aren’t specific to security.
Those courses that may fall on the borderline of being security-related may be submitted to the ISP® CEU Review Subcommittee for review and determination. Direct your question to the NCMS National Office (kyle@mmco1.com), and the CEU Review Subcommittee will make a determination. Please allow time (at least 5 business days although the review is typically accomplished within 1 to 2 days) for those on the Committee to research your question/course and provide a response via the NCMS site. You will then have time to pull documentation together to prove you took the course if you receive approval to claim the course for CEU credit.
I’ve attended security seminars and meetings before I took my ISP® certification test. Can I claim those for CEUs? How far back am I allowed to go?
You can only claim CEU credit for those security meetings, seminars, college courses, or briefings that took place during your recertification period, which begins on the day following your ISP® exam (for the first recertification period). Anything prior to your test date cannot be used for recertification. For subsequent recertification periods, you can only claim CEUs earned during the three-year period, which begins on the first of the month following the month you took the exam.
Since I’ve passed my ISP® test, I’ve moved on to private employment and left the DoD industry. I don’t see how I can keep my ISP® if I’m no longer involved in the DoD.
Within NCMS, we have many people who have taken new positions outside of the DoD, but have
preferred to keep their ISP® certification current. As long as you abide by the ISP® Code of Ethics and obtain 60 CEUs, you can achieve recertification and keep your ISP® certification you worked so hard for.
What is the correct order for listing ISP® in your signature block? Would it come before or
after your DCSA certifications or other professional certs like PMP?
NCMS does not designate any particular order for listing your professional certifications.
Are Export Control subjects considered Industrial Security-related?
Yes. There are requirements outlined in the NISPOM that directly relate to industrial security.
I have a question regarding STEPP courses and exams. If a course is 8 hours for the training but the test is an hour, do you get 8 CEU’s for going through the training or just 1?
If the STEPP course is 8 hours in duration, you will receive 8 CEU credits for successfully completing and passing it. However, CEUs are not awarded for tests or exams. The number of CEUs you can receive for courses of this type are unlimited, and CEUs are based on the posted “average hours to complete”.
Certificates of attendance from local NCMS training events state number of CEUs and list the topic covered. Is an agenda still needed?
Yes, an agenda is still needed for any local NCMS training longer than two hours, or two CEUs.
Would getting a commendable or superior on DCSA Assessments ever be counted as an accomplishment?
No, this does not qualify for any recertification CEUs. This is, however, a testament to the knowledge you acquired as an ISP®.
I know you said that if we attend Non-NCMS Industrial Security organization meetings, they are good for CEUs…but did you mean “EACH” meeting I attend would qualify? And if I’m on the Board of Directors of such an organization that counts also?
If the non-NCMS Industrial Security organization meetings are with ASIS, InfraGard, or other chartered professional organization, and have a minimum of ONE (1) speaker, lasting for 45-60 minutes, this qualifies for one (1) CEU per hour. However, Chapter meetings that do NOT have speakers do not count. Seminars (multiple topics, 8+ hours) and mini-seminars (multiple topics, 4+ hours) and workshops (single topic, 4+ hours) count as ONE (1) CEU per hour. Service as an elected member of the Board of Directors (BOD) also qualifies for CEU credit. You may earn 15 CEUs per year, and no more than 30 CEUs for the 3-year accreditation period.
Agendas for ASIS or (ISC) 2 Security Congress are quite lengthy. Do you really want the entire agenda?
When submitting very lengthy agendas such as described, submit only the portion(s) that deal with Industrial Security for which you are seeking CEU credits. If the entire agenda is Industrial Security related and you attended the entire conference/seminar/meeting, submit the entire agenda.
What is a NISP certification – first time I heard of this.
The NISP Certification and Accreditation Process is a course that is available within STEPP. This course offers training on the policies and requirements used to protect information within your facility’s computer systems. CFR Part 117 is referred to as the National Industrial Security Program Operating Manual (NISPOM) and serves as the reference document for the NISP.
Is there a grade restriction on courses that you attend and wish to use for ISP® recert?
Presently, there is no grade restriction on courses for which you wish to earn CEU credit. You must “pass” any course you plan to submit for credit, along with a transcript showing you took and successfully passed the course.
What is the earliest date we should submit our recert package?
Do not send ISP® recertification packages earlier than six months in advance. Candidates must recertify by the last day of the month in which the candidate originally became certified.
What are the forms of payment for recertification?
The forms of payment accepted for recertification are by check or credit card. NCMS accepts
MasterCard, VISA, or American Express (AMEX).
Can we get credit for our membership in our local Infragard?
Yes, InfraGard is a chartered, professional security organization and will be accepted for CEU credit. You may be granted 5 CEUs for one year or 15 CEUs per 3 year certification cycle. Remember only one organization can be counted per year. This means if you are a member of both NCMS and Infragard you can receive credit for membership for one or the other.
Why do you have to pass a course but not a presentation?
A course is a block of instruction in which you are learning a security topic, usually as part of a degree or other learning event and the requirement for credit is to pass the course, usually after taking a test to measure your learning ability. When attending a presentation there usually is no requirement to test on the information.
If we take a CDSE course is an agenda required to be submitted with the certificate?
Agendas are not issued for CDSE courses. You would therefore need to provide a course description, which can be found on the CDSE website, along with your certificate.
Does NCMSLive count as a CEU?
Yes, it does but only if you attended at least 45 minutes of the training. After the event is over, the NCMSLive committee reviews the attendance roster and provides certificates (good for 1 CEU) to those
individuals who attended at least 45 minutes of the training. Because this is an NCMS sponsored event and all NCMSLive webinars have been previously approved for CEU credit, you do not need to provide an agenda when providing an NCMSLive certificate towards your ISP® reaccreditation. NCMSLive webinars that discuss the ISP® program do not count.
Does Information System Security fall under the Information Security category? Or is Information Security just referring to the security around data/information and not technology?
Information System Security does fall into the Information Security category. As an ISSO, you are
expected to have specific security knowledge for knowing how hackers can infiltrate classified networks, security audits are set up and completed, as well as how to be aware of insiders performing malicious acts on government or other classified computer systems. By having the knowledge and experience demonstrated through certifying as an ISP® and maintaining that certification, you are projecting yourself as having “above average” security knowledge and, therefore, gaining the competitive edge over other ISSOs.
If you have a certificate that lists the number of CEUs do you still provide the agenda?
Yes, an agenda is required, unless this is an NCMS training event, the number of CEU is two or less, and is signed off by the chair for a chapter meeting, reflecting up to two hours of training.
60 CEUs? Is that per year or the total of three years? Average of 20 per year, right?
Do not worry about the average…it is a total for the three years.
Our previous chapter chair would not issue attendance certificates. So, have I lost those meeting training credits?
No, just go back to your chair and ask him/her to issue an attendance certificate with the appropriate CEUs…see the ISP® web page for a template your chair can use.
Will the recertification application eventually tally all the CEUs an ISP® submits so that they will know how many they have and how many are needed? That would be a great feature!
NO, this is currently not in place at this time due to additional funding needed to make those changes.
What are the ways an ISP® can lose their designation?
- Not complying with the ISP® Code of Ethics
- Not completing their recertification application within acceptable timelines
- Not obtaining adequate CEUs to recertify
If I was certified in June 2022 after passing the exam at the NCMS Seminar, does that NCMS conference count towards my renewal credits?
Yes. That is why the exam is given prior to seminar so that successful candidates can get CEU award for attending the seminar.
Is it preferred that the ISP® recertification sheet be updated as the training is taken, or can I update it all at once when I have to re-certify?
The best method is to upload training and other CEU award events to the on-line application as they occur. You can always do the data entry/document upload when the recertification is due, but you will find it much easier to use your personal document repository linked to your recertification application and update in real-time. The on-line recertification process is straightforward and you should not encounter any problems in
submitting your application. Contact the Certification Subcommittee Chair should you need assistance. For the recertification application, the max size is 10 MB. However, this becomes very unmanageable, so we request you keep the file size to 4 MB. Currently, there is no capability to print the application. We are researching with our technical team to determine if this capability can be added in the future.
Can an ISP® certificate holder maintain certification by attending approved workshops or seminars and earn continuing education units? If so: How are workshops/seminars approved for CEUs? How many CEUs are required per year?
Yes, if the material is industrial security-related and is at least 45 continuous minutes. CEUs are awarded literally hour for hour of qualifying training. The complete training must be at least 45 minutes to earn one CEU. Thereafter, it can be .5 increments. For example, a 90-minute session would be 1.5 CEUs. A 30-minute session does now qualify for .5 CEU (effective in 2022). A recipient can receive an unlimited number of CEUs; however, only 60 are validated for recertification and unused CEUs do not carry forward. CEU certificates and other supporting documentation are uploaded in the on-line recertification application. To have CEU Review determinations made, follow the process on the ISP® webpage.
Is there a template for assigning CEU awards for seminars, workshops, etc., and for CDSE courses? The question has to do with knowing how to assign CEUs to security events attended when the certificate of attendance does not specify CEU credits.
There is no template for a “standard” CEU award for seminars, workshops or CDSE courses other than the National NCMS seminar. CEUs are awarded on a case-by-case basis, depending on the time allotted and their relevancy to industrial security. For CDSE courses, the course summary on their website provides the number of hours for the course; this is the number of CEUs awarded down to the .5 CEU.
While my recertification is undergoing the approval process (submitted by applicant and awaiting final approval), can I enter any new CEU awards? If not, when can I resume entering the new CEUs for the next recertification cycle?
Your new recertification cycle starts the following month when your previous recertification was due. Any CEUs you may have earned from the time you submitted your application to your recertification month are not counted for the next cycle. If you are short for your Recertification current period, the ones you earn prior to your recertification month (still within your recertification cycle) can be counted. Your application is locked immediately after being submitted and no further additions can be made until the form is unlocked by the administering agency (MMCo) for additional information to complete the application or the application is approved and reset for the next 3-year recertification cycle. You will be advised via email if additional information is needed and when the approval is complete.
How long does it typically take to complete the recertification application process once submitted? How am I notified that the approval is final?
An email is sent to advise you of the recertification approval and also a package is mailed in
approximately 4 weeks. The typical timeframe for processing for approval is 5 to 10 business days. However, MMCo typically has a faster turnaround time. If there are issues with the application, then it depends upon the issue and the processing time for completion varies. That is why we encourage everyone to submit their package as early as possible within the six-month expiration window to allow plenty of time for processing.
I recently recertified my ISP®. Is my recertification due three years from the original ISP® date or three years from the recertification date?
You would have recertified three years to the month of your original certification. Candidates must recertify every three years by the last day of the month in which the candidate originally became certified.
Is there an automatic / reminder e-mail when our recertification deadline approaches? (We receive multiple WebEx reminders, for example 😉 Obviously, not too difficult to monitor our own suspense.
Yes, you are notified via USPS six months, three months and then by email one month prior to the recertification month. However, we recommend that you keep track of your recertification deadline yourself.
Is it possible to review what has been entered in the ISP® Recert to prevent redundant entries?
Yes, just click on the inputs on the online application.
I have been an officer all three years since my last recertification. What do I use for documentation? How does one prove voluntary service at National?
You can have your chapter chair write a letter or send an email attesting to your service. Please remember to have him or her include the specific dates of your term(s). There is also a new volunteer verification form (see the Forms page on the NCMS website) that can be used for documentation.
What if we submit, say 75 CEUs, but only 55 are accepted. Can we then take actions (classes etc.) to make up the missing CEUs before our time limit is up?
Yes, although they must be completed before the end of your recertification cycle.
If we presented to our leadership the RMF process can we use those trainings as CEU’s if we show the presentation and the meeting dates?
No, this as an information only briefing and normal day to day activities you would be briefing your bosses on information like this.
Can you restate the 30-day policy on CEUs?
Send in the CEU request 30 days prior to the event to ensure you gain max credits.
If I include attendance at a non-NCMS training seminar, do I have to request review of the agenda/program for credit BEFORE I submit my recertification package, or will it be reviewed as
part of the recertification package?
Send it to the sub-committee first. You do not want to take a chance that it does not get the credit you may wish for.
To clarify on the NCMS Annual Training Seminar, the certificate received is all that is required to claim the applicable CEUs?
Yes.
I thought I already started uploading my attendance certificates and training records. I logged into the ISP® re-certification site but I can only see empty boxes – link to see previously submitted
records did not show any.
Check with your system admin for it. If they cannot assist, contact NCMS HQ. Remember to scroll down to the bottom of the form and select ‘Save Application’.
After-the-fact training submittals. I recently submitted for training I attended. I only received the certificate and agenda AFTER I attended the class. How can I submit 30 days prior?
You can, and most do, by getting a hold of the instructor before the event and getting the syllabus to ensure you get what you need. If they will not give it to you, evaluate if you still want to go.
Can we submit training taken in STEPP?
Yes, submit the detail sheet showing hours accumulated; the amount of time posted for the course description shows how long the course will take. Include that sheet and the certificate showing you completed the course. The exam time cannot be included, and if you take longer for the course than posted, you do not receive extra CEUs.
Can we claim any credit for hosting a DCSA audit?
No.
Is there a place where we can look to see if a course has already been evaluated for CEU credit? For example, the ASIS Security Executive Development Program at Wharton Business School?
No. Each submission is different depending upon who went to what units.
I’m confused, do I submit my training to the CEU committee first and then complete the
recertification form on-line after I receive an answer from the NCMS committee? I have attended NSI IMPACT conference and I don’t know how many CEUs it is worth.
Yes, you should submit the agenda to the committee first so you know how many CEUs it was worth before completing the application. Don’t forget to include your completion certificate.
I’m assuming I do not need an agenda for attending one of the NCMSLive sessions, is that
correct?
Correct.
Do Security events, e.g., showing the Betrayed DVD regarding insider threat to the employees, count for credit if there is a sign in sheet, Q & As etc.?
Yes, as long as it is a minimum of 45 minutes and can include Q&As.
Are any courses taken on the DCSA education Portal count as CEU….Risk Management Framework and etc.?
Yes, if they meet the requirements submit the request; they are not automatic. See STEPP question 66 above.
With Risk Based Security Oversight (RISO) [formerly DSS in Transition (DiT)], will this affect the ISP® program?
No. The ISP® certification is still valuable and sets you apart from those without the certification.
When I complete the online form for training, what am I supposed to put in the comment section?
A brief summary of the instruction/training is helpful.
If during an ISP® recertification period, an ISP® attends the entire NCMS Annual Seminar each year for three years, have they earned 72 CEUs for recertification (and therefore need no more CEUs to recertify)?
Beginning with the 2023 Annual Seminar, the CEU Subcommittee is now reviewing the agenda to determine the number of CEU that will be awarded for each event. It is no longer automatically worth 24 CEU. Please check with the CEU Subcommittee or ISP® Leadership if you are unsure how many CEU the Seminar you attended is worth.
If during an ISP® recertification period, an ISP® attends the entire NCMS Annual Seminar each year for three years, have they earned 72 CEUs for recertification (and therefore need no more CEUs to recertify)?
Beginning with the 2023 Annual Seminar, the CEU Subcommittee is now reviewing the agenda to determine the number of CEU that will be awarded for each event. It is no longer automatically worth 24 CEU. Please check with the CEU Subcommittee or ISP® Leadership if you are unsure how many CEU the Seminar you attended is worth.
I took the ISP® exam at the 2022 Seminar and have attended all the seminars since (including this year’s next week). Sounds like attendance at these three seminars will add up to the 60 credits, correct?
Please refer to question #74 regarding how Annual Seminars are now being evaluated (effective 2023).
What documentation is needed for CDSE courses other than the completion certificate?
The course summary that is offered when you first look up the course…it says View Details on the page.
Would a Security+ certification qualify for CEUs? It is required for privileged users on some of
our ISs.
As long as it meets the national requirements, and you must recertify to maintain it by taking continuing education, it should count.
I attended the IMPACT 2018 Conference. I was given a letter stating I attended the training. Is this enough?
No, an agenda is also required which documents the timing and descriptions of the training including breaks and lunch etc. Attendance only is almost never the only thing you need. An exception here is the National Seminar for NCMS.
Can all 60 CEU come from training?
Yes.
Is credit acceptable for attendance of Intrusion Detection Systems Courses (such as CCure or Johnson Controls) since it supports Industrial Security?
If it is associated with any type of sales pitch, the answer is no.
Is it 5 CEUs for the CDSE SFPC Certification I achieved after becoming ISP certified?
Item 2.5 of the CEU Credit Guide shows 15 CEUs for obtaining a security-related certification other than the ISP®.
Do I reach out to Kyle (MMCo) if I want to check on a recertification package?
Yes, he may be contacted at kyle@mmco1.com