journal features

more on ISACA's certifications

the journal of Michael Werneburg

twenty-seven years and one million words

Toronto, 2015.02.11

I work in information risk management; there's a bevy of certifications in the field, but grandfathering is a big black eye. Grandfathering is where an organization deploys a certification that normally requires a qualification process including some form of examination, then waives the qualifications for certain people during the roll-out period for the certification. This trick is deployed to get the numbers of certification-holders up, and to throw a bone to the loyal membership (who have access to the grandfathering program). ISACA, one of the major publishers of guidance in the field, does this with its certifications when it rolls them out.

My problem with this is that if a portion of the holders of the certification do not go through a qualification process, how can anyone determine which type of certification-holder you are? A big portion of the certification-holders I've met over the years were grandfathered in. I've decided that although I hold a particularly difficult industry certification, I won't pursue any of the certifications with high grandfathering rates. I've written about before, but today I discovered this four-year-old comment on another blog.

THEREFORE, I feel that ISACA should change its grandfathering provision to allow the candidate to only keep it for 3 years and then they HAVE TO take the exam to keep it. Only thereafter the CPE rule would apply. Might cut into residual revenue for the credentialing organization – but that’s all the more incentive to develop its BOK and get industry buy-in and not waste time with things that are flashy but hollow.

Well said, Frankly Frank.

rand()m quote

A university is a collection of mutually repellent individuals held together only by a common interest in parking

—-George F. Will