Dear All,
ISACA Global has announced an update to its Continuing Professional Education (CPE) Policy, which will apply to almost all certifications from 1 January 2027. The aim of the update is to provide a clearer structure for continuing professional development activities and greater flexibility in the recognition of CPE.
A key change is the introduction of two CPE categories:
- Category 1 covers activities that directly correspond to the Exam Content Outline (ECO) or the domains of the relevant certification, e.g. specialist training courses, conferences or subject-related publications.
- Category 2 covers activities relating to general professional development, such as leadership or communication training, mentoring or voluntary work.
|
| The basic requirements remain unchanged: certification holders must continue to demonstrate 120 CPE hours within a three-year cycle and a minimum of 20 CPE hours per year. What is new is the breakdown: at least 90 CPE hours must be ECO-related (Category 1), and a maximum of 30 CPE hours may come from general professional development activities (Category 2).
CPE hours may still be counted towards multiple certifications, provided they are relevant to the respective domains.
Vendor sales or marketing presentations, such as product or tool demos, will no longer be recognised in future.
|
|
| TABLE OF CONTENTS
1. New CPE policy from 1 January 2027 2. New white paper: NIS-2 from a network operator’s perspective
3. New white paper: Security Debt: The Unseen Risk Undermining Cyber Resilience
EVENTS: 4. IT-GRC-Congress 2026
5. Innovation & Tech Talk Event (26/03/2026) 6. ISACA & Frankfurt School Alumni & Friends Event 2026 (21/04/2026)
PARTNER EVENTS:
7. Women4Cyber AT - CyberSip February (27/03/2026) 8. DACHsec Cyber Summit 2026 (15-16/04/2026) 9. NIS-2 Congress 2026 (12-13/05/2026) 10. Risk Management Congress 2026 (18-19/05/2026) 11. European Identity and Cloud Conference (EIC) 2026 (19-22/05/2026) 12. CAST events
TRAINING OPPORTUNITIES
|
|
|
| In addition, volunteer and committee activities will in future be divided into two categories, each with a maximum limit on the number of CPE credits that can be claimed.
The new policy will come into effect from 2027. ISACA Global recommends that you familiarise yourself with the new structure from 2026 onwards and take advantage of the additional flexibility.
You can find the CPE policy applicable from 2027 on our FAQ webpage under the question ‘How can I maintain my certification?’. |
| | NIS-2 from a management perspective: requirements, responsibilities and areas of action White paper by the Digital Trust expert Group of ISACA Germany
The legislative implementation of the NIS 2 Directive has now been completed in Germany following the entry into force of the NIS 2 Implementation Act (NIS2UmsuCG) on 6 December 2025. The NIS 2 Regulation not only imposes technical and organisational requirements on the affected organisations, but also places obligations on senior management. In most publications on NIS 2, the obligations placed on senior management receive only passing mention and are limited to references to training requirements and the sanctions framework.
This article by our Digital Trust expert group takes this hitherto little-explored aspect as an opportunity to examine the NIS 2 supervisory duties of top management in greater detail.
You can download the white paper here: NIS-2 from a management perspective | ISACA Germany Chapter e. V. |
| | Security Debt: The Unseen Risk Undermining Cyber Resilience
White paper by ISACA Global
The recently published white paper “Security Debt: The Unseen Risk Undermining Cyber Resilience” examines the concept of ‘security debt’ in greater detail. Security debt often arises from well-intentioned decisions – such as those made to achieve results more quickly, create added value or use limited resources efficiently. Over time, however, postponed security measures, outdated systems and a lack of governance can lead to risks accumulating and organisations becoming unbalanced. Unlike technical debt, security debt affects not only the performance of systems, but also trust, compliance, processes and corporate culture.
The white paper shows how security debt arises, how it develops and what consequences can arise if it is not actively managed. It also presents approaches for identifying, measuring and reducing security debt. Particular focus is placed on the Security Debt Index (SDI), which creates transparency and accountability and helps organisations transform security debt into a strategy for greater trust, agility and long-term resilience.
Our board member Julia Hermann also contributed to the white paper. You can read the white paper on the following ISACA Global page: White Papers 2026 Security Debt The Unseen Risk Undermining Cyber Resilience |
| | IT-GRC-Congress 2026: The programme is online!
The programme for the IT-GRC Congress 2026 has been published. Look forward to two days of exciting keynote speeches and specialist presentations on the latest developments in the fields of IT governance, information security, IT audit, compliance and risk management.
The congress will take place on 29 and 30 June 2026 in Berlin and will bring together experts from business, consultancy, banking and institutions.
Take a look at the programme now and plan your attendance: https://www.grc-kongress.de/
|
| | | | Innovation & Tech Talk Online Event
The Innovation & Tech Talk expert group invites all ISACA members and other interested parties to a Tech Talk on 26 March 2026 from 11:00 am to 12:00 pm on the following topic: ISO standard for information security management – the new ISO/IEC 27701:2025.
In this presentation by Michael Morgenthaler, a brief introduction to management systems and the ISO 27000 family of standards will first be provided. This will be followed by a presentation of the key elements of the new DIN EN ISO/IEC 27701:2026-02, which provides a framework for an independently auditable and certifiable Data Security Information Management System (DSMS) and facilitates its integration with other management systems.
You will receive 1 CPE for attending. Further information and the registration link can be found here. |
| | ISACA & Frankfurt School Alumni & Friends Event 2026
|
| The ISACA Germany Chapter and the Frankfurt School of Finance & Management invite all members interested in our ITCM, ITGM and ITRAM courses to the ‘IT Governance, IT Compliance & IT Regulatory Assurance Manager’ Alumni & Friends event.
You will have the opportunity to exchange ideas with alumni and lecturers and to network. In addition, you can look forward to exciting specialist presentations on topics including Bosch’s digitalisation strategy, insights from DORA audits, cloud sovereignty and AI governance, which are also intended to offer new perspectives.
The event is free of charge and will take place on 21 April 2026 from 10:00 am to 4:00 pm at Bosch in Stuttgart.
Click here to register: ISACA & Frankfurt School Alumni & Friends Event 2026 | Frankfurt School |
|
|
| | Women4Cyber AT – English-speaking “CyberSip March”
The Women4Cyber AT – English-speaking ‘CyberSip March’ online meetup is back on Friday, 27 March 2026, from 8.15 am to 9.00 am! |
| | DACHsec Cyber Summit 2026
Just a few weeks to go until the DACHsec Cyber Summit! The event will take place for the ninth time on 15–16 April 2026 in Frankfurt am Main. Over 100 cybersecurity experts from Germany, Austria and Switzerland are expected to attend. |
| As an event partner, DACHsec is offering free tickets to ISACA Germany members (Senior End-Users). Participants from consultancy firms or vendor companies receive a 30% discount.
Further information and the registration form can be found on the DACHsec event website.
The discount code for the free ticket can be found in the members’ area of our website. |
| | | NIS-2-Congress 2026
The ISACA Germany Chapter is once again an official partner of the NIS-2 Congress, which will take place on 12 and 13 May 2026 in Frankfurt am Main. The congress serves as a forward-looking platform for companies in Germany wishing to engage intensively with the challenges and opportunities presented by the NIS-2 Security Act.
A particular highlight is the NIS-2 Congress Gala on 11 May 2026. Our board member, Julia Hermann, is a jury member for the ‘Women in Cyber – Voice of the Year 2026’ awards ceremony, which will take place during the gala.
As part of this partnership, ISACA Germany members receive a 30% discount on congress tickets. You can register at the discounted price in the members’ area of our website.
Come along and visit us at the ISACA stand! Further information about the event can be found on the event website | NIS-2 Congress. |
| | | Risk Management Congress 2026
The RMA Risk Management & Rating Association e.V. organises its annual Risk Management Congress, one of the most significant and prestigious specialist conferences in the German-speaking world on the topics of risk management (GRC), ratings and crisis management.
The 20th edition of the annual conference focuses on the in-depth transfer of knowledge – from experts for experts and decision-makers – covering both theory and practical application.
The congress will take place from 18 to 19 May 2026 at the Sofitel Hotel München Bayerpost (Bayerstraße 12, 80335 Munich).
As part of the partnership, ISACA members receive a €100 discount on the participation fee and a further €100 early bird discount if they register by 31 March 2026.
Further information about the conference and registration details can be found on the RMA conference website. |
| | | European Identity and Cloud Conference (EIC) 2026
As Europe’s leading conference on digital identity, security, data protection and governance, the European Identity and Cloud Conference (EIC) 2026 returns to Berlin from 19 to 22 May 2026. With over 1,500 attendees, around 300 speakers and more than 230 sessions, the EIC brings together industry leaders, innovators and analysts to shape the future of digital identity.
Further information and registration details can be found on the event website.
ISACA members receive a 25% discount on the registration fee. You can find the discount code in the members’ area of our website. |
| | CAST events
Upcoming events organised by our cooperation partner CAST e. V.:
ISACA members receive a 25% discount on participation fees. |
|
|
|
|
|
|
| | We are pleased to provide you with an overview of our upcoming seminar dates. Further dates and our complete training programme, including detailed information, can be found on our website under ‘Ausbildung & Events’. |
| |
You can register via the respective seminar website. Please note that member discounts can only be calculated when you are logged in.
We also offer almost all of our seminars as in-house courses. If you are interested, please contact our office.
You will receive continuing professional education (CPE) credits for participating in our courses.
|
|
We look forward to receiving your seminar registration!
Kind regards,
The Office of the ISACA Germany Chapter e. V.
You can find more information about our association on our website at www.isaca.de.
You can read the monthly newsletters from ISACA Global here. |
| | ISACA Germany Chapter e. V. | Storkower Straße 158, D-10407 Berlin | phone: +49 30 37580810 | email: info@isaca.de | web: www.isaca.de Register of Associations District Court Frankfurt (VR 14052)
Board:
Markus Gaulke (Interim President, Vice President - Education), Thomas O. Englerth (Vice President - Certifications), Julia Hermann (Vice President
Communications & Marketing), Dirk Meissner (Vice President - Finance & Administration, Interim Vice President - Expert Groups), Prof. Dr. Matthias Goeken
(Vice President - Publications)
|
| | Our general terms and conditions for trainings (GTCs) apply.
|
|
|
|
|
|
|
