All legitimate certifications have a re-certification program. In fact, ANSI/ISO/IEC 17024, which is the standard for accreditation, requires credible certification providers to have a re-certification program. Requirement 6.5.1 states, “The certification body shall define recertification requirements according to the competence standard and other relevant documents, to ensure that the certified person continues to comply with the current certification requirements.”
Continued competency can be demonstrated though many methodologies such as continuing profession education, examination (often not re-taking the original exam but an exam that would be at a higher level), or portfolios (when there is a product involved). The fact is there needs to be a time limit for the certification to ensure the consumers that the person has up-to-date knowledge.
This is why several governmental agencies are mandating accreditation of certifications in fields such as IT, Crane Operators, and Selling of Securities to the elderly.
Certification’s main purpose is to “protect the public/consumers” NOT to protect the profession. When health, safety and security are at risk, certification is needed and it cannot be given for a “lifetime”. It is generally noted that, if professionals are not required to maintain their knowledge and skills in their profession, they won’t. Today, credible organizations within professional domains require their members to provide evidence of a continuous learning as a basis for maintaining their license.
The ECE will brand, differentiate and distinguish dedicated IT Security professionals who are willing to continuously learn and share knowledge to keep themselves abreast of the latest changes in technology that affects the way security is viewed, deployed and managed. This is a key requirement of employers internationally and EC-Council being a major certification organization supports it.