SMM Certification Program Frequently Asked Questions

1. Who can participate in the certification evaluation program?
  • Companies who desire to conduct SMM assessments.
  • Individuals who desire to conduct SMM assessments.
2. Pre-Requisite:
  • Security Maturity Model Fundamentals certificate holder
  • Security Maturity Model Advance Course
3. What is the cost?
  • IIC Member: $3,000
  • Non-member: $10,000

For the trial period, all fees are waived.

4. Legal

Both parties will sign NDA.

5. How to get started?
  • Meeting #1
    • A member of IIC will schedule the first meeting to review the questionnaire and confirm information needed to conduct the evaluation.
    • We share the NDA.
    • The participants will have 2 weeks (or as needed) to collect the information
    • Review – the evaluators will review the submitted material.
  • Meeting #2
    • Review previously submitted material (and discuss any questions)
    • Subsequently, the evaluators will make a certification determination. If Pass – certification is issued. If requirements have not been met - the evaluator is to provide feedback as to what needs to be addressed and agreement is reached as to the period for remediation.
6. Post Evaluation:

Certified companies can conduct SMM assessments and issue their clients SMM assessment completion badges. Maintaining trained staff is a mandatory requirement to maintain certification. The company must notify the IIC if it no longer has trained SMM staff and is no longer able to conduct SMM assessments. The certification is placed on hold until the company retains trained staff.

7. How long is my certification valid?

Certifications will be valid for a period of three years. All trial period participants will need to recertify in 2 years.