Use this quick start guide to collect all the information about IAPP CIPM Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the IAPP Certified Information Privacy Manager (CIPM) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual IAPP Certified Information Privacy Manager (CIPM) certification exam.
The IAPP CIPM certification is mainly targeted to those candidates who want to build their career in Privacy Laws and Regulations domain. The IAPP Certified Information Privacy Manager (CIPM) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of IAPP Information Privacy Manager.
IAPP CIPM Exam Summary:
Exam Name | IAPP Certified Information Privacy Manager (CIPM) |
Exam Code | CIPM |
Exam Price |
First Time Candidate: $550 Retake: $375 |
Duration | 150 mins |
Number of Questions | 90 |
Passing Score | 300 / 500 |
Books / Training |
CIPM Body of Knowledge CIPM Exam Blueprint GDPR Prep Online Bundle (CIPM) |
Schedule Exam | Pearson VUE |
Sample Questions | IAPP CIPM Sample Questions |
Practice Exam | IAPP CIPM Certification Practice Exam |
IAPP Information Privacy Manager Exam Syllabus Topics:
Topic | Details |
---|---|
Developing a Privacy Program |
|
Create an organizational vision |
- Evaluate the intended objective - Gain executive sponsor approval for this vision |
Establish a Data Governance model |
- Centralized |
Define a privacy program |
- Define program scope and charter
|
Structure the privacy team |
- Establish the organizational model, responsibilities and reporting structure appropriate to the size of the organization (eg Chief Privacy Officer, DPO, Privacy manager, Privacy analysts, Privacy champions, “First responders”) - Designate a point of contact for privacy issues - Establish/endorse the measurement of professional competency |
Communicate |
- Create awareness of the organization’s privacy program internally and externally (e.g. PR, Corporate Communication, HR) - Develop internal and external communication plans to ingrain organizational accountability - Ensure employees have access to policies and procedures and updates relative to their role |
Privacy Program Framework |
|
Develop the Privacy Program Framework |
- Develop organizational privacy policies, procedures, standards, and/or guidelines - Define privacy program activities
|
Implement the Privacy Program Framework |
- Communicate the framework to internal and external stakeholders - Ensure continuous alignment to applicable laws and regulations to support the development of an organizational privacy program framework
- Understanding data sharing agreements
|
Develop Appropriate Metrics |
- Identify intended audience for metrics
- Identify systems/application collection points |
Privacy Operational Life Cycle: Assess |
|
Document current baseline of your privacy program |
- Education and awareness - Monitoring and responding to the regulatory environment - Assess policy compliance against internal and external requirements - Data, systems and process assessment
- Risk assessment methods |
Processors and third-party vendor assessment |
- Evaluate processors and third-party vendors, insourcing and outsourcing privacy risks, including rules of international data transfer
- Understand and leverage the different types of relationships
- Risk assessment
- Contractual requirements and review process
- Ongoing monitoring and auditing |
Physical assessments |
- Identify operational risk
|
Mergers, acquisitions and divestitures |
- Due diligence procedures - Review contractual and data sharing obligations - Risk assessment - Risk and control alignment - Post integration planning and risk mitigation |
Privacy Assessments and Documentation |
- Privacy Threshold Analysis (PTAs) on systems, applications and processes - Define a process for conducting privacy assessments (e.g., PIA, DPIA, TIA, LIA)
|
Privacy Operational Life Cycle: Protect |
|
Information security practices |
- Access controls for physical and virtual systems
- Technical security controls (including relevant policies and procedures) |
Privacy by Design (PbD) |
- Integrate privacy throughout the system development life cycle (SDLC) - Establish privacy gates as part of the system development framework - Integrate privacy through business processes - Communicate with stakeholders the importance of PIAs and PbD |
Integrate privacy requirements and representation into functional areas across the organization (eg Information Security, Human Resources, Marketing, Legal and Contracts, Mergers, Acquisitions & Divestitures) | |
Technical and Organizational measures |
- Quantify the costs of technical and organizational controls - Manage data retention with respect to the organization’s policies - Define the methods for physical and electronic data destruction - Define roles and responsibilities for managing the sharing and disclosure of data for internal and external use - Determine and implement guidelines for secondary uses (ex: research, etc.) - Define policies related to the processing (including collection, use, retention, disclosure and disposal) of organization’s data holdings, taking into account both legal and ethical requirements - Implement appropriate administrative safeguards, such as policies, procedures, and contracts |
Privacy Operational Life Cycle: Sustain |
|
Monitor |
- Environment (e.g., systems, applications) monitoring - Monitor compliance with established privacy policies - Monitor regulatory and legislative changes - Compliance monitoring (e.g. collection, use and retention)
|
Audit
|
- Align privacy operations to an internal and external compliance audit program
- Audit compliance with privacy policies and standards
- Audit data integrity and quality and communicate audit findings with stakeholders
- Audit information access, modification and disclosure accounting
- Targeted employee, management and contractor training
|
Privacy Operational Life Cycle: Respond |
|
Data-subject information requests and privacy rights |
- Access - Redress - Correction - Managing data integrity - Right of Erasure - Right to be informed - Control over use of data, including objection to processing - Complaints including file reviews |
Privacy incident response |
- Legal compliance
- Incident response planning
- Incident detection
- Incident handling
- Follow incident response process to ensure meeting jurisdictional, global and business requirements
- Identify incident reduction techniques
- Incident metrics—quantify the cost of a privacy incident |
To ensure success in IAPP Information Privacy Manager certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for IAPP Certified Information Privacy Manager (CIPM) exam.