The International Association of Privacy Professionals CIPM Certification

Susan Morrow
June 6, 2018 by
Susan Morrow

The Certified Information Privacy Manager (CIPM) is one of several popular privacy-focused certifications offered by the International Association of Privacy Professionals (IAPP), a not-for-profit organization dedicated to education about data privacy.

Privacy has become a top issue for organizations in recent years. The issue of data privacy received worldwide attention in 2013 when Edward Snowden revealed the degree of surveillance being carried out by the NSA, and more recently, the Facebook and Cambridge Analytica privacy debacle brought the issue back into the news. The General Data Protection Regulation (GDPR) also went into effect in May 2018. This means that any company that deals with EU citizens as customers, employees or clients will have to apply the GDPR principles of privacy and data protection to any personal and sensitive data they process.

The increased focus around privacy and data security has driven interest in privacy certifications like the CIPM.

Get certified with an Exam Pass Guarantee

Get certified with an Exam Pass Guarantee

Looking to get certified? Many of our boot camps are backed by an Exam Pass Guarantee, ensuring you leave with the certification you want.

What is the CIPM Certification?

The CIPM certification is a dual-purpose credential. Passing a CIPM exam demonstrates your ability not only to understand data privacy regulations and laws, but also how to implement a privacy framework in an organization. The certificate is designed specifically for those with a more managerial role in the world of data privacy.

The CIPM certification process evaluates your competence in establishing data privacy policy and strategy. Unlike many other privacy exams, it will also look at your capabilities in communicating privacy expectations to stakeholders and how to measure the performance of your company’s privacy strategy. There are four aspects to the CIPM exam:

  1. Assess an organization’s privacy regime
  2. Protect an organization by knowing which security controls and technology to use
  3. Sustain an organization’s privacy program using appropriate communication, training and management
  4. Respond to privacy incidents

The CIPM certificate is an accredited exam under ISO 17024: 2012.

Who Should Earn the CIPM?

The CIPM certification shows that you know how to implement a complete data privacy protection program. In an era of privacy regulations such as GDPR, this makes a CIPM certificate owner a valuable asset for an organization. The roles and people most suited to earning a CIPM certificate include:

  • Data protection officers
  • Compliance officers and support staff
  • Data privacy lawyers
  • Security managers
  • Information managers
  • Auditors
  • Anyone wishing to improve their knowledge of data privacy program management

What Experience Do You Need?

There are no formal prerequisites to take the CIPM exam. However, a working knowledge of privacy laws, regulations, standards and policy frameworks will help you succeed in the 2.5-hour, 90-question exam. The IAPP does strongly recommend that you be fully prepared before sitting the exam.

How Does the CIPM Compare to Other Privacy Certs?

The CIPM credential is seen as a leading certification and is the only certification specifically tailored for those who have to implement and manage a privacy program. The IAPP CIPM certification has been fully accredited. This means it will be at the forefront of privacy issues, teaching you about the day-to-day challenges and operations needed to manage privacy in a modern organization.

IAPP offers a variety of other privacy certifications with non-managerial focuses, including:

  • Certified Information Privacy Professional/United States Private-Sector (CIPP/US)
  • Certified Information Privacy Professional/Government (CIPP/G)
  • Certified Information Privacy Professional/Europe (CIPP/E)
  • Certified Information Privacy Technologist (CIPT)

What is the Best Way to Train for the CIPM?

The IAPP recommends that you spend at least 30 hours preparing for the exam. This can be done by:

  • Taking a dedicated training course, such as the CIPM boot camp offered by InfoSec Institute
  • Reading up on the CIPM “body of knowledge,” which is a list of all topics that are covered in the exam
  • Using the IAPP CIPM exam blueprint to prepare test questions and sample answers for yourself as a means of self-assessment
  • Reading books on subjects covered by the CIPM exam

Get certified with our Exam Pass Guarantee

Get certified with our Exam Pass Guarantee

Many of our boot camps come with an Exam Pass Guarantee: if you fail on your first attempt, we'll invite you to re-sit the course for free and cover the cost of your second exam.


CIPM body of knowledge, https://iapp.org/media/pdf/certification/CIPM_BoK.pdf

CIPM exam blueprint, https://iapp.org/media/pdf/certification/CIPM_EBP.pdf

Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.