1. Purpose
The purpose of this PECB Certification Maintenance Policy is to ensure that all PECB-certified professionals uphold a high standard of knowledge and competence within their field. This policy encourages continuous professional development (CPD) to further enhance skills and expertise.
2. Scope
This policy applies to all PECB-certified professionals. Note that Foundation, Provisional, and Transition certifications do not require maintenance.
3. Overview
PECB-certified professionals who comply with the Certification Maintenance Policy and meet its requirements will consistently demonstrate their competence, expand their knowledge, and renew their certifications. CPD requirements are established and monitored by the PECB Scheme Committee.
4. Recertification Requirements
PECB certifications are valid for three years. To maintain certification, professionals must:
- Submit CPD activities
- Pay Annual Maintenance Fees (AMFs)
- Comply with the PECB Code of Ethics
For CNIL certification, recertification requires:
- A new written exam
- Demonstration of at least one year of professional experience (within the past three years) in data protection or information security, verified by a third party (employer or client)
5. How to Renew Certification
To renew PECB certifications, professionals must submit CPDs and AMFs during the three-year certification cycle. Upon meeting these requirements, certifications will be renewed at the end of the cycle.
To renew online, log into the PECB Dashboard (https://pecb.com/en/login), go to My Certifications, and click “Renew.”
5.1 Continuing Professional Development (CPD)
CPD is essential for demonstrating, tracking, and updating the skills, knowledge, and experience gained after certification. CPD activities include project work, training, coaching, seminars, and conferences.
PECB supports certified professionals in earning CPD credits by organizing webinars, offering writing opportunities, and promoting training and events. For more details, refer to the CPD Policy.
5.2 Annual Maintenance Fees (AMF)
AMFs are necessary to maintain PECB certifications. Failure to meet CPD or AMF requirements will result in certification downgrade.
For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and CNIL certifications, failure to meet recertification requirements will result in revocation.
6. How to Report CPDs and Pay AMFs
6.1 Reporting CPDs
PECB-certified professionals must report their CPD hours through the PECB Dashboard by logging in, navigating to My Certifications > CPD Info > Submit CPD.
6.2 Paying AMFs
AMF payment is required for certification maintenance. Refer to the provided manual for instructions on submitting CPDs and AMFs.
6.3 CPD and AMF Notifications
PECB will notify certified professionals to submit CPDs and AMFs throughout the certification cycle. Professionals who submit CPDs and pay AMFs on time will receive a confirmation from PECB, listing the required CPD hours for renewal.
7. Downgrade
Certifications may be downgraded to a lower credential for failure to:
- Pay AMFs
- Submit required CPD hours
- Submit evidence of CPD hours upon request
Note: Downgrading does not apply to ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and CNIL certifications.
8. Upgrade
PECB-certified professionals may apply for a higher credential once they meet the requirements. Upgrades can be completed online through the PECB Dashboard under My Certifications > Upgrade.
The upgrade application fee is $100.
Note: Evaluations for candidates with downgraded certifications may require additional exams before an upgrade.
9. Suspension
Certifications may be temporarily suspended due to:
- Non-compliance with recertification requirements
- Serious complaints against the individual (pending investigation)
- Misuse of PECB logos or certification marks
- Voluntary suspension requests by the certified professional
Note: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and CNIL certifications, failure to submit CPDs or AMFs results in a 12-month suspension. If not resolved, certification will be revoked.
10. Revocation
PECB may revoke certifications if the individual:
- Fails to address suspension issues
- Violates the PECB Code of Ethics
- Misrepresents their certification status
- Breaches other PECB regulations
Note: For ISO/IEC 27005:2022 Risk Manager/Lead Risk Manager and CNIL certifications, failure to resolve CPD and AMF issues within the suspension period will result in revocation.
11. Other Statuses
Certifications can be voluntarily withdrawn or designated as Emeritus. For more information on certification statuses, including permanent cessation, visit the Certification Status Options page.
12. PECB Code of Ethics
All PECB-certified professionals must adhere to the PECB Code of Ethics. Violations can result in disciplinary actions. Review the Code of Ethics at PECB Code of Ethics.
CPD Requirements
Certification | Activities | 3-Year/Total CPD hours |
Foundation, Provisional, and Transition | None | None |
Implementer | Hours of project experience, implementation or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 60 hours |
Auditor, Assessor | Hours of audit or assessment-related experience, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 60 hours |
Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 60 hours |
EBIOS, MEHARI | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 60 hours |
Six Sigma Green Belt | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 60 hours |
Lead Implementer | Hours of project experience, implementation, or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
Senior Lead Implementer | Hours of project experience, implementation, or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 180 hours |
Lead Auditor, Lead Assessor | Hours of auditing or assessment-related experience, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
Senior Lead Auditor | Hours of auditing or assessment-related experience, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 180 hours |
Lead Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
Senior Lead Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 180 hours |
Risk Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 60 hours |
Senior Risk Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 180 hours |
Lead Risk Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
Senior Lead Risk Manager | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 180 hours |
CLFE | Hours of project experience related to certification field, assessment-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
CLPI | Hours of project experience, implementation, or consulting-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
CDPO | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
CLSIP | Hours of project experience related to the certification field, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 90 hours |
Master | Hours of implementation, management, or auditing-related tasks, training, private study, coaching, attendance of seminars and conferences, or other relevant activities | 270 hours |
AMF Requirements
Certification | AMF (rate per 3-year) |
Foundation, Provisional, and Transition | None |
All other certifications | $360 |