Professional development

Do Security Managers Need an IAPP Certificate?

Graeme Messina
September 27, 2018 by
Graeme Messina

You are probably looking into expanding your career in IT security, perhaps even aspiring to become a security manager, but you’re not sure about attaining an IAPP certification.

Maybe you don’t think that the price of admission is worth the effort and expense, or maybe you just don’t know much about them. You could be working in information security and you aren’t sure if getting an IAPP would help your situation. Perhaps your current role is leading you towards law enforcement and forensics, or maybe you are out in the field and need to help develop privacy strategies within your current environment.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

In this article, we will be looking at why you would want to invest in an IAPP certification and how beneficial it could be for you, depending on your requirements and situation.

Why Invest in an IAPP Certification?

The International Association of Privacy Professionals is an organization that was formed to allow security practitioners to advance and improve both their professional  information security careers and the security stance of the organizations that they work for. It is able to do this by creating training programs based on a body of knowledge that has been created by the organization through decades of summits, seminars, meetings and conventions.

The organization was first founded back in 2000 and is thought by many to be the largest operating privacy group. It is considered an invaluable resource to the privacy community. What makes this gathering of professionals different from other, similar bodies is that it is a not-for-profit organization that deals with information privacy concerns and subjects that are important within the security community.

Now, more than ever, it makes sense for anyone that is involved within the digital economy to seriously consider IAPP certification. Privacy becomes a bigger area of concern: The growth of demand over the past decade shows no signs of slowing down.

In fact, initiatives such as the European Union’s GDPR (EU General Data Protection Regulation) plan have already highlighted the fact that many companies were not prepared for the privacy measures that the GDPR has brought to bear on unprepared organizations. This is terrible news for offenders, who can face fines of up to 20 million Euros ($23m USD) or 4 percent of annual global turnover. That is not a small number!

What Are the Different Specializations of IAPP Certifications?

The IAPP is responsible for creating a globally-recognized certification system that promotes information privacy, security and best practices within IT security. These qualifications are so highly sought-after because they are ANSI/ISO and IEC 17024-certified, so they meet all of the strict requirements that each board requires.

There are three current specializations available for IAPP certification-seekers:

Certified Information Privacy Professional (CIPP)

The CIPP is aimed at people that work with subjects such as privacy laws, regulations and frameworks. The CIPP is focused on five different regions: Asia (CIPP/A), Canada (CIPP/C), Europe (CIPP/E), U.S. Government (CIPP/G), and U.S. Private Sector (CIPP/US).

The CCIP demonstrates a candidate’s ability in the realm of privacy laws and regulations, as well as how they are applied. Holding the CIPP shows everyone that you are well-versed in the concepts of privacy and data protection, as well as the laws and practices that surround them. There are many other skills that a candidate must demonstrate as well, including knowledge of jurisdictional laws, regulations and enforcement models.

Certified Information Privacy Manager (CIPM)

The CIPM targets candidates that manage the daily privacy operations for businesses and organizations. As such, it is the only certification of its kind, and thanks to that it makes successful holders a valuable asset for day-to-day operations privacy issues. It teaches concepts to enable candidates to create a company vision, how to structure a privacy team and how to develop and implement privacy program frameworks. Equally important are the performance measurement tasks that it teaches, allowing successful candidates to accurately gauge the efficacy of company initiatives into privacy matters.

Certified Information Privacy Technologist (CIPT)

The third certification is designed for people that work with privacy policies, tools and technologies on the job, and allows successful candidates to build an organization’s privacy resources and structures from the ground up. This skillset is becoming increasingly popular with employers as regulators seek to add privacy-related considerations into products and services. The great thing about this certification is that it can work in your favor if you work in IT, engineering, security, design, data management and more.

As we can see, there is a massive variance in the scope and applicability of each certification and the benefits they offer for different disciplines. It is for these reasons that there is no single IAPP certification that can be recommended above the others, other than the one that suits the candidate’s chosen skills and employment. Depending on who you are and what you need, any of the IAPP certifications might be the best choice for you.

What Career Paths Might These Make Available?

What career paths certification opens to you depends on the direction that you or your employer wishes you to pursue. The CIPP would suit an individual that is involved in law enforcement and judicial work, while a CIPT would work better for a person on the operational side of security and risk management. The CIPM is most likely going to be a certification that falls into the managerial pool of individuals that need to implement privacy measures throughout an organization.

Where Can Aspiring Security Managers or Companies Learn More About Training to Pass IAPP Certificate Courses?

The IAPP organization itself is an excellent resource for any information that you might need regarding their certifications. It is also a strong knowledge base that is updated often, giving security-oriented professionals a useful online resource that they can return to again and again for current news and information within the sector.


The natures of IT systems and data privacy have shifted dramatically in recent times. People have an unbalanced dependence on organizations, companies and governments to keep their data safe, and this can no longer be expected to happen without proper frameworks in place.

It is for this reason that IAPP certifications are so important to modern businesses and governing structures. Obtaining such a qualification is not only an option but is increasingly becoming a defining advantage for modern professionals that deal with the digital currency that is information.

Do security managers need an IAPP certificate? The answer is most certainly yes.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.


International Association of Privacy Professionals: Career and Certification Guide, Business News Daily




Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.