Grandfathering is a provision designed to recognize Information Security
professionals who are highly skilled in the CISO domains. Under the grandfathering program, CISO certification is open to professionals who have in-depth knowledge and experience in designing, maintaining and implementing information security strategy that is streamlined with the goals and objectives of the organization.
To receive the CISO designation through the grandfathering program, applicants must possess and submit proof of 10 (ten) years of experience in information security and management with a cumulative experience of at least 6 (six) years across the 5 CISO domains.
A minimum of three (3) years of the cumulative work experience must pertain to CISO domains 1 and 2: Governance (Policy, Legal & Compliance) and IS Management Controls and Auditing Management (Projects, Technology & Operations).
The strict requirement of extensive work experience enables applicants to gain the CISO designation without having to pass the CISO exam.