The CIPP/IT demonstrates understanding of privacy and data protection practices in the development, engineering, deployment and auditing of IT products and services.
The Certified Information Privacy Professional/Information Technology (CIPP/IT) is the first global privacy certification for IT practitioners. It assesses understanding of privacy and data protection practices in the development, engineering, deployment and auditing of IT products and services.
The CIPP/IT certifies individuals in their knowledge of privacy-related issues and practices in the context of the design and implementation of information and communication technologies. Required subject matter areas include:
|•||Industry-standard guidelines for the collection, use and onward transfer of sensitive personal information|
|•||Privacy considerations for mapping, storing and retaining sensitive personal information|
|•||Privacy requirements for the installation and removal of software|
|•||Established methods for end-user notification and choice through IT system and product interfaces|
|•||System controls for identity and access management (IAM)|
|•||Privacy-enabling technologies (PETs)|
|•||Network and system hardware protection|
To become CIPP/IT-certified, you must successfully complete the Certification Foundation examination before or after the CIPP/IT exam.
The CIPP/IT is designed to work in concert with established credentials in information security (CISSP, SSCP) and IT governance (CISA, CISM).
The CIPP/IT is an excellent introductory course for IT practitioners who desire a greater understanding of privacy requirements in technology. The ideal candidates are professionals who are responsible for the development, engineering, deployment and/or auditing of IT products and services, including:
|•||Enterprise system architects (CTO, CIO)|
|•||Business process professionals (purchase decision-makers for IT services and products)|
|•||Designers, developers, engineers, auditors and administrators of software, network or database systems or applications|
|•||Hardware designers and engineers|
|•||Desktop support specialists|
|•||Risk and regulatory compliance managers|
|•||Information security professionals (CISO, CSO)|
|•||IT compliance and auditing professionals (CISM, CISA)|
The CIPP/IT is not specific to legal jurisdiction and thus is relevant to professionals who work for, or on behalf of, corporate or government organizations based in any location around the world.
Advising organizations included IBM Corporation, Hewlett-Packard Company, Intel Corporation, Microsoft Corporation, First Data Corporation, Ernst & Young, The Procter & Gamble Company, Citizens Financial Group, the Association for Computing Machinery (ACM), the Information Technology Association of Canada (ITAC), the Infocomm Development Authority of Singapore (IDA), the National Association of Software and Service Companies (NASCIO), the U.S. National Association of State CIOs, the American Society of Access Professionals (ASAP), Indiana University and Carnegie Mellon University.
Each certification candidate must become an IAPP member prior to testing. Membership provides access to the world’s largest community of privacy professionals, including valuable educational resources and networking opportunities. A variety of annual membership levels are available. Learn more about the benefits of IAPP membership.
The Certification Foundation exam is required for all first-time certification candidates. It assesses understanding of fundamental concepts of privacy and data protection and covers common privacy principles and approaches, global data protection models, information security controls and online privacy protections. These practice areas are relevant to all privacy professionals regardless of legal jurisdiction, geographic location or practice specialization.
Candidates must also pass the CIPP/IT designation exam. The CIPP/IT exam layers over the Certification Foundation Exam, resulting in CIPP/IT certification.
Privacy certification is an important career effort that requires advance preparation. Choosing how you will prepare for your privacy certification exams is a personal choice that should include an assessment of your professional background, scope of privacy knowledge and your preferred method of learning. In general, the IAPP recommends that candidates plan for a minimum of 20 hours of study time in advance of each exam; however, you might need more or fewer hours depending on your personal choices and professional experience.
The way in which you choose to prepare for your exams should be based on your level of familiarity with the exam content and your preferred learning style.
The IAPP strongly recommends that you prepare in the following manner:
The bodies of knowledge are comprehensive outlines of the subject matter areas covered by the both the Certification Foundation and the CIPP/IT exams; the exam blueprints specify the approximate number of items on the examinations in each area of the bodies of knowledge.
CIPP/IT Body of Knowledge (pdf 1MB)
Certification Foundation Textbook:
Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices
The Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk
The IAPP offers both in-person certification prep classes and online training to help you prepare for your Foundation and CIPP/IT exams.
IAPP certification prep classes are offered at IAPP conferences, in conjunction with industry events in select cities throughout the year. You are not required to attend the IAPP conference in order to attend the Certification Prep class. All certification prep classes include an accompanying coursebook. See a list of upcoming Certification Prep classes.
Online training for the Certification Foundation and DVD training for the CIPP/IT is currently available. The content and presentation are consistent with a live training workshop (other than interaction with instructors and other participants), but you have the convenience of viewing the presentation at your own pace, and reviewing the sections you want to spend more time on. The training coursebook is included with DVD training and downloadable from online training.
CIPP/IT bibliography of recommended reading (pdf 170KB)
Candidates for CIPP/IT certification must pass both the Certification Foundation and the CIPP/IT exams. Partial completion will result in no certification being awarded until such time that all requirements are met.
Note: Existing CIPP holders who are seeking an additional credential are exempted from the Foundation testing requirement.
The Certification Foundation exam is a 90-minute, 90-item, objective test.
The Foundation exam is composed of 90 multiple choice items. There are no essay questions. Each correct answer is worth one point.
It is important to note that Certification Foundation is not itself an IAPP certification; you must pass both the Certification Foundation and the CIPP/IT exam to achieve certification.
Please note that on March 7, 2014, The Certification Foundation exam will become a 100-minute, 105 item objective test. The test will include 90 scored items and 15 non-scored trial items. If you plan to schedule your exam on or after that date, please make sure to take into account the new length of the exam.
The CIPP/IT is a 70-minute, 60-item, objective test covering the following general topics:
I. System Activities that Impact End User Privacy
II. Data Subject Privacy Expectations and Behaviors
III. Privacy Protection Mechanisms
IV. Providing Notice and Choice
V. Auditing and Enforcing IT Privacy Compliance
VI. Implementing Technologies with Privacy Impacts
The CIPP/IT exam is composed of 40 multiple choice items and 20 True/False, scenario items.
Congratulations on your decision to pursue the CIPP/IT! Get started on the road to certification now by selecting and purchasing the items you will need to successfully prepare for and achieve your CIPP/IT designation.
Here is a list of what you'll need:
Available IAPP memberships (select one):
Open to privacy professionals.
Reserved for city, state or federal employees.
Reserved for employees of non-profit organizations.
Reserved for employees of accredited institutions.
Reserved for full-time students at accredited institutions.
|Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices||$65|
|The Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk
NEW! Prep classes featuring in-person instruction by IAPP Professional Privacy Faculty are now available in cities around the world. See a complete prep class schedule now.
|Certification Foundation Online Training||$425|
|CIPP/IT DVD Training||$525|
|In-person training is available at IAPP conferences and select industry events. Separate registration is required. See available training events now.
|Certification Foundation Practice Test||$25|
|Certification Foundation Exam||$275|