Maintaining Your CGEIT Certification: Renewal Requirements

April 23, 2018 by Ifeanyi Egede


The CGEIT certification is offered by the Information System Audit and Control Association (ISACA). It is based on the framework for governing enterprise IT with focused areas including strategic management, benefits realization, and risk and resource optimization.

The certification is very useful for professionals working in industries like media, finance, and health. Acquiring CGEIT requires registration on ISACA’s platform [1]. A candidate must have at least five years of relevant work experience in the field of Information Technology to apply for this certification.

Renewal Requirements

CGEIT certification is valid for a period of three years. To maintain it, the one must fulfill specific renewal requirements. For example, certification holders are required to keep knowledge base up to date with the current IT governance knowledge.

The CGEIT’s Continuing Professional Education (CPE) policy is specifically designed for this purpose. It demands that CGEIT’s professionals carry out CPE related activities to validate their knowledge and expertise in IT governance. This then must be reported to the certifying authorities.

ISACA offers CPE credits through a variety of activities including training courses, journal quizzes, webinars, and conferences. The CGEIT professional needs to take at least 20 CPE hours annually or 120 CPE hours for a three-year period. The CPE hours must be reported online to the certification committee. The individual must comply with ISACA’s code of professional ethics [2] to retain the CGEIT certification.

CGEIT Maintenance Fee

CGEIT certification renewal requires annual maintenance fee that can be submitted online through ISACA sends the invoice copy to the certificate owners in the hard form and via email in the third quarter of each calendar year.

CGEIT CPE Requirements

The CGEIT Certification Board is responsible for setting up the CPE requirements. ISACA may even ask the professionals to submit their CPE activities for audit. In that case, the professionals need to submit the CPE related documents to the CGEIT committee.

The CPE hours must be reported online via the ‘Mycertification’ portal [3] on the ISACA.Org website. Once they are reported, CPE activities are then locked so no further modifications can be made. If for any reason, someone wants to edit the CPE activity, he needs to contact ISACA through

Annual Compliance Notification

After submitting the annual maintenance fee and updating the CPE hours, the ISACA headquarters then sends a confirmation message to the certification holders. This message includes the information about the CPE hours reported by the user, the CPE hours accepted by the ISACA, and the CPE hours required to qualify for the three years certification. If there is any error or omission found in the annual compliance notification, it is the responsibility of the applicant to inform the ISACA.

CPE Hours Auditing

Each year a specific number of CGEIT certification holders are selected for random audit. They are required to submit copies of supporting documents to the CGEIT Certification Committee. It is important to note that the original documents should not be submitted, only copies of them.

The reported activities in the provided documents must be in accordance with the criteria mentioned in the Qualifying Professional Education Activities. The committee reviews the reported hours for specific Professional Education Activities. If the selected members fail to comply with the audit, their CGEIT certification is then revoked.

To regain the CGEIT certification back, the candidates must retake the entire exam [4]. To have their application reconsidered, they need to pay an additional fee after the sixty (60) days of certification revocation.

Maintaining Non-active CGEIT Certification

ISACA exempts professionals from CPE hours reporting who are no longer active in the field but still want to keep the certification. These CGEITs are assigned the status of (a) Retired or (b) Non-practicing CGEITs.

People can apply for the Retired CGEIT status if they are permanently retired or unable to perform the IT governance-related tasks due to permanent disability. Similarly, those who are no longer working in the IT governance profession can apply for the non-practicing CGEIT status.

The application for the non-practicing CGEIT must be submitted before January 1st along with the required annual fee. Although people with the non-practicing CGEIT status no longer need to report the CPE hours, they still need to pay the annual maintenance fee. Individuals with non-practicing status can return to an active status mode via a specific application process to the Certification Department.

Qualified CPE Activities

To maintain the CGEIT certification, certification holders must choose the activities that are aligned with the IT governance profession. These activities may include both the technical and management training aspects.

Other CPE related activities include the following:

  1. Exams questions and answer development
  2. Teaching
  3. Publication of books/articles/journals
  4. Professional education activities and meetings
  5. Mentoring
  6. Sales/marketing presentations
  7. Self-study courses

The CGEIT certification holders are required to maintain the documents in support of reported CPE activities. They must be retained for the three-year reporting cycle. These documents must also be in the form of official attestation letters, certificates of completion, etc. They must have activity titles, as well as the various descriptions and dates of activities, the total CPE hours that have been earned, and the name of the sponsoring organization hosting that activity.


Posted: April 23, 2018
Articles Author
Ifeanyi Egede
View Profile

Ifeanyi Egede is an experienced and versatile freelance writer and researcher on security related issues with tons of published works both online and in the print media. He has close to a decade of writing experience. When he is not writing, he spends time with his lovely wife and kids. Learn more about how Ifeanyi Egede could be of help to your business at