To earn CISM certification, candidates need to: Submit the complete application within five years from the date of initially passing the examination. Get all the listed experience verified by the employers. The experience should have been gained within the 10-year period preceding the date of application, or within five years of passing the examination. A minimum of 5-years of professional information systems auditing, control or security work experience – as described in the CISM job practice areas – is required for certification.