CERT-CSIH: Renewal Process

January 9, 2019 by Fakhar Imam

Note: The CERT-CSIH certification is being retired on April 30, 2021. Browse current IT and security certifications.

“The SEI will be retiring this CSIH certification program and exam on April 30, 2021. After that date, the SEI will no longer process any candidate applications or certification renewals, it will no longer grant any new CERT CSIH certifications, and the CSIH certification exam will no longer be available for certification candidates. The SEI will maintain existing CERT CSIH certifications on the certified professionals list until they have expired.” — Software Engineering Institute at Carnegie Mellon University

In the evolving world of technology, innumerable unforeseen cyber-crimes occur every day. Under such circumstances, a Certified Security Incident Handler, or CSIH, plays a pivotal role in ensuring that these incidents are contained in an effective and timely manner. For this to be done effectively, CSIH professionals must actively engage in practices related to computer security incident handling, expand their skill set in risk assessment and participate in training that enhances their professional growth. As a CSIH professional, your role is to work closely with CSIRT in order to receive, review and respond promptly to incidents pertaining to computer security. The point is to solve these cyber-threats before they wreck a business’s IT infrastructure.

The CERT-CSIH certification is valid from the time it was earned to the end of that same month three years later. This means that if you earned your certificate on August 15th, it will be valid until August 31st three years later. The renewal process helps CSIH professionals to keep their certification active. In addition, meeting renewal requirements also ensure that you stay current with the latest incident-response knowledge in the wake of ever-changing technological advances.

In this article, we will examine CERT-CSIH renewal requirements, CERT-CSIH maintenance requirements, renewal activity logs, an audit of renewal activity logs, how long CERT-CSIH certification is good for and how to retake the exam.  

What Are the CERT-CSIH Renewal Requirements?

Once a candidate gets a CERT-CSIH certification, it is valid for a period of three years; after this, it is the responsibility of the CSIH to renew the certification again. The renewal process requires professional to complete 60 PDUs during a three-year life cycle and pay a renewal fee of $150. Additionally, completion of the CSIH certification renewal log is required, along with documentation that supports the PDU activities.

All these requirements are to be submitted 30 days prior to the date when the certification is set to expire. The candidates have to provide all PDUs-related detail on a form and submit it to

What Are the CERT-CSIH’s Maintenance Requirements?

As mentioned above, it is required that a CERT-CSIH professional accumulate and track 60 PDUs during a three-year certification life cycle. To meet maintenance requirements, a candidate should participate in professional growth activities that are identified by the SEI.

For this purpose, SEI developed four (4) categories of incident handling related activities. Below is the description of these activities.

  1. Professional activities require up to 40 PDUs/renewal period
  2. Continuing education requires up to 23 PDUs/renewal period
  3. Teaching, presentations, and development requires up to 20 PDUs/renewal period
  4. Authoring activities require up to 30 PDUs/renewal period

What Are Renewal Activity Logs?

Every CSIH professional is held responsible for maintaining their Certification Renewal Activity Log, which lists all the PDU-related activities that play a key role in supporting the renewal process. The Renewal Activity log has to provide accurate data for identification of the submitted activity.

During the review of the logs, the Software Engineering Institute (SEI) may see to clarify log data by requesting additional evidence. If the SEI is not able to make confirmations for meeting the renewal criteria upon review, they will call on the CSIH professional to discuss probable discrepancies in the number of PDUs earned. If the renewal activity log is rejected, the CSIH professional is required to send additional documentation to support their activity log, or is asked to obtain additional PDUs or further correct any discrepancies in the activity log.

How Is the Audit of Renewal Activity Performed?

The SEI audit at least 5% of all submitted logs annually in order to ensure that all submitted activities fulfill the requirements of the certification program. The CSIH professionals selected for the audit process are then notified by a letter and are required to supply any additional information or documentation to support the data on their renewal Activity Log.

How Long Is the CERT-CSIH Certification Good for?

As said above, your CERT-CSIH certification is good for three years. However, to keep it active continuously, you need to meet the renewal requirements of every renewal cycle. In addition, paying a renewal fee of U.S. $150 is also necessary.

In the world of cyber-warfare, information security threats are growing. Thus, incident handling professionals are in high demand. Since the proliferation of IT threats is a never-ending phenomenon, the demand for incident handlers will rather grow by leaps and bounds. Having the CERT-CSIH certification will boost your IT career and make you aware of the modern incident-handling activities.

Do I Have to Retake the CSIH Exam?

The CSIH proctored examination is held at numerous Kryterion Testing Centers around the world. However, if this testing center is unavailable within your region, the SEI offers an Alternative Testing Center to host SEI-proctored exams via Kryterion Secure Online System.

If a candidate fails to pass the exam in the first attempt, then they can schedule up to a maximum of two additional attempts within 12 months of the first attempt. During each attempt, the candidate is required to pay the standard examination fee.

In the event that all three attempts fail, you must seek permission from the SEI Certification Program to retake the exam. The SEI can grant you two additional attempts. If you fail these attempts as well, you are required to wait for another two calendar years before you can re-apply to the SEI Certification Program for another exam. This time, you have to provide evidence of further security-handling experience and training.

What Are the Benefits of Maintaining CERT-CSIH Certification?

The CERT-CSIH certification is highly beneficial for IT professionals who want to advance their careers and stay current on recent innovations and research in computer security incident-handling activities. CSIH professionals are skilled and knowledgeable about the latest practices in the cybersecurity. They can also help enterprises to achieve their business goals with less disruption.

After successful completion of the certification, a CSIH professional can list accomplishments on the SEI site as an SEI-certified individuals.


Knowing the fact that most organizations are prone to cyber-incidents, it is important that we have CSIH professionals to thwart these attempts. CSIH professionals give their employers confidence that they have the right knack and skillset to ensure that in case of any cyber-incident aimed at threatening their company, they can handle it effectively. That is why the CSIH exam is conducted: to test candidates’ ability on a plethora of topics with regard to incident response and incident-handling activities.


  1. Credentials, Software Engineering Institute
  2. How to Renew Computer Security Incident Handler (CSIH), Software Engineering Institute
  3. CERT-Certified Computer Security Incident Handler (CSIH), Security Boulevard
Posted: January 9, 2019
Fakhar Imam
View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.