Frequently Asked Questions

Below are answers your most common questions about the scheme:

Q: What should I do first if I want to apply for a CCP Certification?
A: Download and read the latest version of the “CESG Certification for IA Professionals" the reason we say to do this first is because it will help you to identify the CCP role(s) and level most appropriate to your skills.  Don’t just look at the role title as it maybe that another role, when you read the skills is better suited to you.

Q: Can I apply for more than one role or level?

A: Yes, you can apply for as many roles or levels as you believe you can support. However, we suggest that only one role is applied for per application form.  The reason we suggest this is because experience is showing that when applying for more than one role per application form, in many cases there is insufficient evidence to support both of the roles. 

If applying for two roles at the same level on the same form, we do expect sufficient evidence to support both of the roles.  The evidence should meet the Headline Statement for the chosen roles, role definitions and skill levels as defined in the CESG Certification for IA Professionals.


Q: What is included in the CCP Certification fee?
A: From July 2015 the IISP have fallen in line with the other Certification Bodies (CBs) and are now charging the full 3 year CCP fee upfront.  This fee includes: administration of the CCP Application, including an internal review, before it is sent for assessment; a Certificate; invitations to IISP CCP specific briefings; administering the annual CCP CPD and Surveillance; membership at the awarded level for the duration of the CCP and the benefits this brings. For those who have not yet moved to the three year fee, you must pay an annual CCP fee (which includes membership) for years 2 and 3. 

Q: How long does my certification last for?
A: All CCP Certifications are valid for three years, your CCP Certificate shows the validation dates. Applicants will need to recertify every three years. To maintain your CCP certification an annual CCP CPD and Surveillance form should also be submitted on the anniversary of the award of all CCP Certifications held.  So if you achieved your CCP in July 15 the CCP CPD and Surveillance form should cover August 15 – July 16 and be submitted in August 16. 

Q: Will I receive receive Associate (A.Inst.ISP) or Full Membership (M.Inst.ISP) of the Institute if I am certified by this scheme?
A: The IISP include membership as a benefit of achieving a CCP Certification. Candidates who are certified at Practitioner or Senior Practitioner level will receive Associate membership of the IISP and will be able to use the post nominal A.Inst.ISP.  Similarly, candidates who are certified at Lead Practitioner level will receive Full Member status and will be able to use the post nominal M.Inst.ISP. 
In some cases those certified at Senior Practitioner may at the discretion of the Accreditation Committee (AC) be awarded Full Member status, it should be noted that there may be an upgrade fee to pay.

Q: I have noticed that some roles require candidates to hold qualifications or pass examinations. Please tell me more?
A: The IISP have the following prerequisites:

IA Auditor Role:
 we require you to hold or have attended one of the following:

 Practitioner Level              

Introduction to ISO 27001 Course
Implementing ISO 27001 Course
IIA Diploma (PIIA)


Senior / Lead Level 

ISO 27001 Lead Auditor (BS7799 Lead Auditor)
IIA Advance Diploma (MIIA)
IIA IT Auditing Certificate (QiCA)
CISA - Certified Information Systems Auditor

Note: The IISP will accept any of the prerequisites listed in the Senior and Lead table for Practitioner level. Those listed in the Practitioner table are the minimum requirements. 

IA Architect Role Senior / Lead: we require you to have passed the CREST Registered Technical Security Architect (CRTSA) examination run by our Consortium Partner CREST. Information on the CRTSA examination can be found here. If you require additional information please contact our Consortium Partner at info@crest-approved.org


Q: Can I transfer my CCP certification to another Certification Body (CB)?

A: The processes for assessing candidates for CCP and the timeframe for the on-going re-validation process are subtly different for each CB.  This means that it is not practical to move from one CB to another during the 3 year period of certification.  When your certification is due for renewal (after three years) then each CB will recognise your previous certification and essentially use their re-certification process to provide you with a new three year certificate.  This will entail looking at the last three years of work and related CPD etc. depending on the process for the relevant CB.  You can of course at any time register with another CB to be re-assessed for an existing role or to add an additional certification to your current one(s) but this will be charged at the usual new assessment rate.

Q: What is required for recertification?
A: The IISP has tried to make the recertification process less onerous. Firstly, the IISP Guidance for completing the recertification application is within the form. With regard to evidence we require two pieces of evidence and this is only for the CORE skills for the role you are looking to recertify against. The evidence should be from the 3 year period during which you have held your CCP certification and we recommend when compiling your evidence that you use the STAR (Situation, Task, Action, Result) Model. We also require you to provide one piece of surveillance that details how you have met the headline statement for the role and level being recertified. In addition, we require you to attach a reference from someone who can validate the surveillance evidence and is willing, if required, to be contacted by one of the IISP’s assessors. The onus is on you to submit the reference to the IISP with your application. The completed recertification form and reference will be reviewed by IISP CCP Certified assessors and referees may be contacted. Senior Applicants may be called for interview if additional verification is required and all Lead applicants will be interviewed. We can only recertify a role that has not yet expired, therefore we recommend application forms should be submitted and paid for at least 6 weeks before the expiry of the certification being recertified. 

Q: Where can I find more information?
A: Please visit www.iisp.org, email ccpadmin@iisp.org or call the IISP on 0203 384 0399 option 2.