ISACA CDPSE certification: Overview of the new ISACA privacy certification

Patrick Mallory
August 2, 2021 by
Patrick Mallory

There are now more than 120 countries around the world that have some type of privacy laws or regulations concerning data protection to ensure the data their citizens and businesses generate are protected and secured appropriately. 

And with ransomware attacks becoming more and more brazen and pronounced in recent years, among other cybersecurity incidents and data breaches, it is no wonder why there has been so much interest from companies to identify professionals with the skills and experience needed to secure their data. 64 percent of organizations cited poor training as a reason for privacy failures.

This is the thinking behind the launch of one of the newest ISACA privacy certification programs, the Certified Data Privacy Solutions Engineer (CDPSE). And, with the backing of ISACA, the CDPSE certification will automatically give those who earn the credential the acknowledgment of their ability to incorporate privacy and security in the design of technology platforms, systems and applications as well as navigate discussions with legal professionals, compliance officers and other risk management professionals.

Although the certification was just launched in 2020, there are already over 15,000 professionals who have earned the credential since its beta exam launch. 

Free ISACA Career Kit

Free ISACA Career Kit

ISACA certification holders are among the highest-paid in the industry, with average salaries ranging from $103,000 to $133,000, according to Payscale. Earn one of the highest-paying certifications in the industry.

What is the CDPSE certification?

According to ISACA, the CDPSE certification is “focused on validating the technical skills and knowledge it takes to assess, build and implement a comprehensive privacy solution.” 

In other words, the CDPSE helps organizations fill that unique intersection of technology, privacy and data security, which is becoming more and more important across the public and private sectors. In practice, the CDPSE demonstrates that a professional can assist with the design, development and management of the technology solutions that help organizations “to mitigate risk and enhance efficiency.”

This is why those wishing to apply for the CDPSE certification exam and credential have to have at least three years of experience in the following domains:

  • Privacy governance
  • Privacy architecture
  • The data lifecycle

Professionals need to have at least three years of experience in positions that focus on any or all of the domains listed above by the time that they apply for their accreditation.

Who is the CDPSE certification for?

As anyone who has worked in the security and privacy field knows, the steps that it takes to secure information cuts across multiple enterprise functions. This ISACA privacy certification is made exactly for those professionals who want to learn more about how to work cross-functionality across all of the various stakeholders, teams and departments, including legal, human resources, software engineers and developers, IT administrators, database administrators and more to plan, develop and deliver the necessary data privacy solutions. 

By the end of the journey to earn the CDPSE certification, professionals will have been able to demonstrate their knowledge of and ability to:

  • Build and implement privacy solutions
  • Manage the data lifecycle securely 
  • Advise technologists on privacy regulations and compliance standards
  • Implement privacy by design to ensure that technologies build end-user trust and advance enterprise data privacy standards
  • Ensure an organization’s privacy solutions match their risk acceptance standards and can identify appropriate risk mitigation strategies
  • Confirm that any system or technology features or functions preserve privacy and security standards
  • Analyze and parse data to confirm customer security and privacy requirements are met

Roles and responsibilities like these can cut across many job titles, including: 

  • Consultants
  • Data analysts
  • Domain architects
  • Legal and compliance officers
  • Information security engineers
  • IT project managers
  • Privacy analysts
  • Software engineers

However, as security and privacy become the responsibility of all employees of an organization, earning the CDPSE can be a goal or learning objective for almost any role.

What are the CDPSE requirements and how do I get CDPSE certified?

The requirements to earn the CDPSE certification are similar to other ISACA programs, where candidates need to meet several criteria:

  • Meeting and agreeing to the ISACA Code of Professional Ethics
  • Having the necessary years of experience in the following domains: 
    • Privacy governance
    • Privacy architecture
    • Data lifecycle
  • Preparing for and passing the CDPSE certification exam either in-person or in a remotely proctored environment
  • Submitting your CDPSE certification application, upon passing the exam, including the application process fee and having it approved by ISACA

When a professional wishes to pursue the CDPSE certification, they apply for eligibility to sit for the exam with ISACA, who confirms the applicant’s years of experience and then provides up to 12 months to pay for and take the exam either in a remote proctoring arrangement or at an established testing center.

If a professional already has an ISACA certification, such as the CISA, CISM or CRISC, they only need to prove that they have at least three years of related experience, while those who do not already hold similar credentials need to prove that they have five years of experience in the listed domains.

Applicants have 3.5 hours to move through 120 questions. Upon passing the exam, the final step to becoming CDPSE certified is to submit your CDPSE certification application, including the application processing fee.

Once all of the requirements have been satisfied, CDPSE credential holders have to meet continuing professional education (CPE) standards and pay the related renewal fees.

Is the CDPSE worth it?

As the cybersecurity skills gap continues to grow and concerns for data privacy and security mount, there has slowly been more emphasis on a professional’s experience and certifications and less on the formal degrees that they may have earned. While this does not discount the rigor and benefits of security and risk management-related degree programs, a CDPSE credential, as with any ISACA privacy certification, is a clear way to validate your expertise and training in implementing privacy and security standards into an organization’s technology systems and applications. 

In particular, ISACA notes the following benefits of being certified:

  • Strong grasp of data lifecycle management, laws and guidelines for data storage, rescue and destruction
  • Ensuring compliance efficiently and cost-effectively
  • Holistic understanding of data privacy
  • Ability to bridge the gap between the legal and IT aspects of data privacy and facilitate a common understanding of privacy best practices
  • Expertise in identifying privacy threats, attacks and vulnerabilities, mitigating risk and optimizing end-user experience
  • Ability to ensure that all PII/PHI is identified and managed by legal requirements, governing policies and data subject rights

What are the possible CDPSE career paths?

Once an IT professional achieves the CDPSE credential, there is a wide range of security and privacy career paths that they could follow. These include working toward additional ISACA privacy certifications or roles such as:

  • Chief privacy officer
  • Chief information officer
  • Chief risk officer
  • Data privacy advisor/consultant
  • Chief compliance officer

In each case, as they gain more experience in both the core work and in guiding others through privacy-related initiatives, they can manage progressively larger security and privacy programs, including those with complex regulatory, legal and compliance requirements. Security and privacy professionals can also focus on a core industry in the public or private sector, including healthcare, finance, defense, national security and social services programs.

What are the CDPSE benefits to employers?

In addition to providing opportunities for career development, supporting and retaining professionals with the CDPSE certification can also bring many benefits to employers. 

First, hiring managers know that their security professionals understand and will work to uphold the ISACA Code of Ethics. Next, it allows organizations to build a technically proficient team of professionals that understand the role of policy, system design and privacy. 

Finally, employers can trust that their organization is investing in developing and securing their organizational and customer data throughout the design, delivery and maintenance of their technology platforms, products, processes and policies, helping to identify and mitigate risks early. As a result, the organization can continue to build its brand around not only enhancing business value but strengthening customer trust, especially as the cybersecurity landscape continues to evolve.

Free ISACA Career Kit

Free ISACA Career Kit

ISACA certification holders are among the highest-paid in the industry, with average salaries ranging from $103,000 to $133,000, according to Payscale. Earn one of the highest-paying certifications in the industry.

Pursuing the CDPSE

The cybersecurity and data privacy fields are undergoing a large upheaval as more and more organizations recognize and invest in building strong security programs, especially those supported by trained and experienced professionals. 

Therefore, one of the best ways that you as an IT professional can prepare for the security and privacy challenges of today and help organizations to implement the programs they need to be ready for the threats of tomorrow is by considering the CDPSE certification.

If you would like to begin your CDPSE certification journey or learn more about any other ISACA privacy certification or others in the industry, Infosec's Certified Data Privacy Solutions Engineer (CDPSE) Boot Camp is a great first step.



Patrick Mallory
Patrick Mallory

Patrick’s background includes cyber risk services consulting experience with Deloitte Consulting and time as an Assistant IT Director for the City of Raleigh. Patrick also has earned the OSCP, CISSP, CISM, and Security+ certifications, holds Master's Degrees in Information Security and Public Management from Carnegie Mellon University, and assists with graduate level teaching in an information security program.

Patrick enjoys staying on top of the latest in IT and cybersecurity news and sharing these updates to help others reach their business and public service goals.