Continuing Education Policy

The 2IAP continuing education policy requires the attainment of training hours over an annual and three-year certification period.

Failure to comply with these certification requirements will result in the revocation of an individual’s certification(s). In addition, all certificates are owned by 2IAP, if revoked, the certificate must be destroyed immediately. Certification holders must comply with the following requirements to retain certification:

  • Attain and report an annual minimum of twenty (20) training hours. These hours must be appropriate to the advancement of the Information Assurance or Information Security professions. The use of these hours towards meeting the continuing education policy requirements for multiple 2IAP certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
  • Attain and report a minimum of one hundred and twenty (120) training hours for a three-year reporting period.
  • Respond and submit required documentation of activities.
Annual and Three-Year Certification Period

The annual reporting period begins on January 1st of each year. The three-year certification period varies and will always start one year following the certification being granted.

Use of 2IAP Certification Logo’s

Individual use of the certification logo’s (on items such as business cards, web sites, marketing or promotional materials) is not permitted because it can imply endorsement or affiliation on 2IAP’s behalf of that person’s products or services. Individuals can use 2IAP certification acronym(s) after their name (e.g., John Doe, IABP, IARE).



Payment of Maintenance Fee and Reporting of Training Hours

Payment of the annual maintenance fee and reporting of training can be done online or by submitting the information on the annual renewal invoice.

Qualified Training Activities

Training hours must be related to the exam content of your certification. Training hours are not accepted for on-the-job activities. Training in information assurance, information security or business related functions like project management will qualify towards training hours. Every hour in training will count towards your 120 hour 3 year total. Below are areas that can be counted towards your continuing education:

  • Professional Education training or activities (e.g., ISSA meetings, College courses in information assurance or information security)
  • Self-Study courses (Certification courses that provide a certificate of completion)
  • Teaching/lecturing/presenting in Information assurance or information security. The topic must be related to any of the topics within your exam content.
  • Publications of books, articles, magazines, in information assurance or information security and must be related to any of the topics within your exam content.
  • Passing other certification exams that relate to information assurance or information security. Hours will be based on actual exam length.