Security Awareness and Culture Professional Certification Exam

Requirements & Responsibilities

Requirements & Responsibilities

Requirements for Certification

The SACP Certification Council recommends that candidates interested in taking the SACP certification examination have the following experiences in security awareness and culture:

  • establishing or administering security awareness or education programs;
  • possessing an understanding of how to define program success criteria to organizational management;
  • identifying and administering metrics and providing narrative evidence to report the outcomes; and,
  • understanding how success criteria maps to the overall corporate risk management goals and outcomes.

ii. Candidates may have backgrounds in cybersecurity, behavioral science, marketing, communications, general IT, legal, HR, and training and organizational development may have experience in security awareness and should map their experiences to the examination blueprint to determine areas they need to prepare for.

iii. The SACP Certification Council recommends candidates establish and/or administer a security awareness and culture program with a minimum of one (1) year prior to applying for the SACP certification examination. The candidate experience should encompass facilitating aspects of security awareness and education; communicating with persons within the organization to create the culture of awareness; and evaluating and validating if the security awareness program aligns with the organization’s culture and risk tolerances.

Disclaimer: Certification organizations may make recommendations about acceptable qualifications without requiring applicants to document their experiences in a formal application. This is offered as guidance. The exam will test out candidates. It’s important to be clear to candidates about what experiences lead to success, and those that do not. The certification organization may not make inferences about a candidate’s success or likeliness of success based on the information it provides.

Requirements for Recertification

Once Certified, what are the requirements to maintain SACP Certification?

SACP certification is awarded for a period of three (3) years. Certified individuals must recertify by earning Continuing Professional Education (CPE) (Option 1), or by taking and passing the certification examination within the last year of the certification cycle (Option 2).

Recertification is based on the concept of maintaining competence in the field of security awareness, and CPE earned must relate to the domains (competency requirements) of the SACP certification examination. Certified individuals are encouraged to review the domains of the examination to make sure the CPE activities they select relate to the domains. Therefore, it is incumbent upon the certified individual to demonstrate the CPE activities relate to maintaining competence as a SACP.
Certified individuals must submit a $65 Annual Maintenance Fee (AMF) and agree to uphold and abide by the Code of Professional Responsibility.

Option 1:
A minimum of thirty (30 CPEs) must be earned within the three (3) year certification cycle, and in accordance with the following parameters.

1 CPE = 50 minutes of participation in a learning event. CPE must be reported in 50-minute increments.

CPEs must be earned in the following categories:

  • 10 CPEs in cybersecurity
  • 20 CPEs in multi-disciplinary domains e.g. behavioral science, communications, general IT, HR, legal, marketing, training and organizational development, and participation as a subject-matter-expert in examination development and maintenance activities.

Option 2:
Pay for, take, and pass the SACP certification examination.

Code of Professional Responsibility

The Code of Professional Responsibility “Code” of the Security Awareness and Culture Professional (SACP)™ Certification Council requires certified persons to uphold the rules and requirements of the certification that allows for the proper discharge of the certified person’s responsibilities to those served, protects the integrity of the credential and safeguards the public’s trust. Agreement to uphold and abide by the Code is a requirement for earning and maintaining certification. Implicit in this agreement is an obligation not only to comply with the mandates and requirements of all applicable laws and regulations, but to act in an ethical manner in all professional services and activities. Certified persons who fail to comply with the Code are subject to disciplinary procedures which may result in sanctions. The Code is not set forth to determine behaviors resulting in criminal or civil liability, nor is it intended to resolve matters of market competition.

As a security awareness and culture professional, I agree to uphold and abide by the follow tenets:

  1. Perform professional duties in accordance with the laws and with integrity.
  2. Maintain the privacy and confidentiality of security awareness test results.
  3. Perform professional duties in a competent and ethical manner.
  4. Avoid acts or omissions amounting to unprofessional conduct.
  5. Avoid malicious conduct that would injure the professional reputation or practice of others.
  6. Provide complete and accurate information when applying for certification and renewing certification.
  7. Refrain from personal behavior that may compromise the integrity of the credential.
  8. Abide by and uphold the policies of the Certification Council.
  9. Safeguard confidential and privileged information about the SACP certification and exercise due care to prevent its improper disclosure.
  10. Use the SACP logo and certification marks only in an authorized and approved manner.
  11. Pay all fees and provide information required by the Certification Council.