CGRC Recertification 2027: Requirements, Costs & Timeline

CGRC Recertification Overview

The Certified in Governance, Risk and Compliance (CGRC) certification from ISC² is a prestigious credential that demonstrates your expertise in governance, risk management, and compliance. However, maintaining this certification requires ongoing commitment through the recertification process. Understanding the requirements, costs, and timeline for CGRC recertification is crucial for professionals who have invested in this valuable certification.

The CGRC certification maintains its value through ISC²'s rigorous recertification process, which ensures that certified professionals stay current with evolving industry standards, regulations, and best practices. This ongoing professional development requirement distinguishes CGRC holders as committed professionals who maintain cutting-edge knowledge in their field.

Recertification Requirements

ISC² has established clear requirements for maintaining your CGRC certification. The recertification process is designed to ensure that certified professionals continue to grow their knowledge and skills throughout their careers. The primary requirements include:

• Continuing Professional Education (CPE) Credits: Earn 60 CPE credits over the three-year certification cycle
• Annual Maintenance Fee: Pay the required annual maintenance fee to ISC²
• Code of Ethics Compliance: Maintain adherence to ISC²'s Code of Ethics
• Professional Experience: Continue working in a role relevant to governance, risk, and compliance

These requirements ensure that CGRC holders remain engaged with the profession and continue to develop their expertise. The combination of formal education, practical experience, and ethical conduct maintains the integrity and value of the certification.

Certification Cycle Structure

The CGRC certification operates on a three-year cycle, beginning from the date you first earned the certification. This cycle structure allows professionals sufficient time to accumulate the required CPE credits while maintaining flexibility in how and when they pursue continuing education opportunities.

Year	CPE Credits Due	Minimum Credits	Maximum Credits per Category
Year 1	20 credits recommended	No minimum	Up to 40 Group A
Year 2	40 credits recommended	No minimum	Up to 40 Group A
Year 3	60 credits total required	20 Group A minimum	Up to 40 Group B

Continuing Professional Education (CPE) Credits

The cornerstone of CGRC recertification is the accumulation of 60 CPE credits over the three-year certification period. ISC² categorizes these credits into two groups: Group A and Group B, each serving different educational purposes and having specific requirements.

Group A Credits (Minimum 20 Required)

Group A credits represent formal education directly related to the seven CGRC domains. These activities must have clear learning objectives and demonstrate measurable outcomes. Examples include:

• Professional conferences and seminars
• Formal training courses
• University coursework
• Vendor training programs
• Professional webinars with learning objectives

Group A activities must be directly relevant to at least one of the CGRC domains, including Security and Privacy Governance, Risk Management, Scope of the System, Selection and Approval of Framework Controls, Implementation of Security and Privacy Controls, Assessment/Audit of Security and Privacy Controls, System Compliance, and Compliance Maintenance.

Group B Credits (Maximum 40 Allowed)

Group B credits encompass professional activities that contribute to your overall competence but may not have formal learning objectives. These activities include:

• Self-study using relevant books, articles, or online resources
• Teaching or presenting on relevant topics
• Writing articles or blog posts
• Volunteer work in professional organizations
• Mentoring other professionals

Recertification Costs and Fees

Understanding the financial commitment required for CGRC recertification is essential for career planning and budgeting. The costs associated with maintaining your certification extend beyond the basic maintenance fee to include education and professional development expenses.

ISC² Annual Maintenance Fee

The primary cost is ISC²'s annual maintenance fee, which is currently $125 per year for CGRC certification holders. This fee must be paid annually to maintain your certification in good standing. The fee structure may vary based on your geographic location and ISC² membership status.

CPE Education Costs

The cost of earning 60 CPE credits varies significantly based on your chosen educational activities. Professional conferences can range from $500 to $2,000 per event, while online training courses might cost $50 to $500 each. Many professionals find that their employers support professional development expenses, making the overall investment in CGRC certification more manageable.

CPE Activity Type	Average Cost per Credit	Total for 60 Credits	Quality Rating
Professional Conferences	$25-50	$1,500-3,000	High
Online Training	$10-25	$600-1,500	Medium-High
Self-Study (Books/Articles)	$5-15	$300-900	Medium
Professional Webinars	$5-20	$300-1,200	Medium

Recertification Timeline

Successfully managing your CGRC recertification requires careful planning and adherence to specific deadlines. Understanding the timeline helps you avoid last-minute rushes and ensures continuous certification status.

Three-Year Cycle Management

Your certification cycle begins on the date ISC² awards your CGRC certification. You have exactly three years from this date to complete all recertification requirements. ISC² provides several reminders and notifications throughout the cycle, but ultimate responsibility lies with the certification holder.

Annual Maintenance Schedule

While CPE credits are evaluated on a three-year cycle, annual maintenance fees must be paid each year. ISC² typically sends renewal notices 60 days before your annual deadline, with payment due by your certification anniversary date.

1. First Year: Focus on establishing a CPE earning routine and paying your first annual maintenance fee
2. Second Year: Continue accumulating credits and assess progress toward the 60-credit goal
3. Third Year: Complete remaining credits and submit recertification application before the deadline

How to Earn CPE Credits

Earning CPE credits effectively requires strategic planning and understanding of what activities qualify. The most successful CGRC professionals develop diverse learning portfolios that enhance their expertise while meeting recertification requirements.

Formal Education Opportunities

Professional conferences represent one of the most valuable sources of CPE credits. Events like the ISC² Security Congress, ISACA conferences, and industry-specific governance and compliance summits offer high-quality Group A credits while providing networking opportunities and exposure to cutting-edge practices.

University courses, whether for credit or audit, provide substantial CPE credits and deep knowledge development. Many universities now offer online programs specifically designed for working professionals in governance, risk, and compliance roles.

Self-Directed Learning

Self-study activities offer flexibility and cost-effectiveness for busy professionals. Reading industry publications, studying regulatory updates, and reviewing case studies all qualify for Group B credits. The key is documenting your learning activities and connecting them to specific CGRC domains.

Professional Contribution Activities

Teaching, writing, and presenting offer dual benefits: sharing knowledge with the professional community while earning CPE credits. Many professionals find that preparing presentations or writing articles deepens their own understanding of complex topics.

• Speaking at professional conferences or local chapter meetings
• Writing articles for industry publications
• Developing training materials for your organization
• Mentoring junior professionals
• Participating in professional standards development

Annual Maintenance Process

The annual maintenance process involves more than simply paying fees. It's an opportunity to assess your professional development progress and ensure alignment with career objectives. ISC² has streamlined the process through their online portal, making it easier for certification holders to track their status and submit required information.

Online Portal Navigation

ISC²'s member portal serves as your central hub for managing certification maintenance. Through this portal, you can track CPE credits, pay annual fees, update contact information, and submit recertification applications. Familiarizing yourself with the portal early in your certification cycle prevents confusion and delays later.

The portal automatically tracks Group A and Group B credits, calculates your progress toward the 60-credit requirement, and provides alerts about upcoming deadlines. Regular portal visits help you stay organized and identify any gaps in your recertification plan.

Documentation Requirements

Proper documentation is crucial for successful recertification. For each CPE activity, you must maintain records including:

• Activity description and learning objectives
• Date and duration of the activity
• Number of CPE credits claimed
• Verification of completion (certificates, transcripts, etc.)
• Relevance to specific CGRC domains

ISC² conducts random audits of recertification submissions, so maintaining complete and accurate records is essential. Store documentation electronically for easy access and backup.

Consequences of Non-Compliance

Understanding the consequences of failing to meet recertification requirements emphasizes the importance of staying on track with your professional development obligations. ISC² has established clear policies regarding certification maintenance failures and the steps required for remediation.

Certification Suspension

If you fail to complete recertification requirements by the deadline, ISC² will suspend your CGRC certification. Suspended certifications cannot be used on resumes, business cards, or professional profiles. This suspension can significantly impact your professional standing and career opportunities.

Reinstatement Process

Suspended certifications can be reinstated within one year of the original deadline by completing all outstanding requirements plus a reinstatement fee. After one year, suspended certifications are permanently revoked, requiring you to retake the full CGRC examination to regain certification status.

The reinstatement process includes:

1. Completing all missing CPE credits for the suspended period
2. Paying all outstanding annual maintenance fees
3. Submitting a reinstatement fee (typically $100-150)
4. Providing documentation for all claimed activities

Best Practices for Maintaining Certification

Successful CGRC recertification requires proactive planning and consistent effort throughout the three-year cycle. Professionals who view recertification as an investment in their career rather than a burden find the process more manageable and rewarding.

Planning and Organization

Create a recertification plan early in your certification cycle. Identify preferred learning methods, budget for education expenses, and schedule activities throughout the three-year period. This proactive approach prevents last-minute scrambling and ensures higher-quality learning experiences.

Consider creating a professional development calendar that aligns with your organization's training budget cycles and industry conference schedules. Many professionals find that spacing activities evenly across the three years provides better knowledge retention and career impact.

Leveraging Employer Support

Many employers recognize the value of certified professionals and provide support for maintaining certifications. This support might include:

• Reimbursement for conference attendance and training costs
• Paid time off for educational activities
• Corporate memberships in professional organizations
• Internal training programs that qualify for CPE credits
• Tuition assistance for relevant university courses

Work with your manager to document how certification maintenance supports organizational objectives. The salary premium associated with CGRC certification often justifies employer investment in maintenance activities.

Building a Learning Network

Connecting with other CGRC professionals creates opportunities for shared learning experiences and mutual support. Local ISC² chapters, LinkedIn groups, and professional associations provide platforms for networking and collaborative learning.

Study groups and peer networks can share costs for bringing in speakers, purchasing group training materials, or attending conferences together. These relationships often provide career benefits beyond recertification support.

Quality Over Quantity Approach

While meeting the 60-credit requirement is essential, focusing on high-quality educational experiences provides greater career value. Choose activities that challenge you intellectually, expose you to new perspectives, and provide practical skills you can apply immediately.

Consider the long-term impact of your educational choices. The value of your CGRC certification increases when your ongoing education makes you a more effective professional, not just when you meet minimum requirements.

For those considering the initial certification, understanding the maintenance requirements is part of evaluating whether the effort required for CGRC certification aligns with your career goals and professional development preferences.

Practice with our comprehensive CGRC practice tests to maintain your knowledge and stay sharp throughout your recertification cycle. Regular practice helps identify knowledge gaps that can guide your CPE selection choices.