As the Certified Information Privacy Manager certification is gaining in popularity, more people are asking: What do I need to do to be able to pass the exam?  The following provides some tips and guidance for people thinking of sitting for the CIPM.

Ringrose Siganto has been running iapp’s Certified Information Privacy Manager (CIPM) training course in Australia for over 12 months now.  This 2-day course provides an overview of an information privacy management program approach and prepares participants to take the iapp CIPM exam.
Since we started the CIPM training, we’ve had quite a few students ask how they should prepare for the exam.

Unfortunately, unlike certifications such as the CISSP and the CISM, there’s little advice out there about what you need to do, or banks of practice questions to test how ready you might be to take the CIPM exam. Maybe it’s because the certification is relatively new (introduced in 2013 versus the CISSP which has been around since 2000).

The following is some advice for anyone thinking of taking the CIPM exam based on our own experience, plus feedback from students and on-line discussion groups.
Available resources

The primary materials to help prepare for the CIPM exam are:

  • CIPM Body of Knowledge, published on the iapp website (BOK) (https://iapp.org/certify/cipm/);
  • CIPM Textbook (https://iapp.org/store/books/);
  • Student Guide available to those who enrol for the 2-day course; 
  • Practice exam questions, available for a charge via the iapp website (https://iapp.org/train/sample-questions/); and
  • Other iapp resources referred to the BOK.
  • Students who enrol in the 2-day course get the text book, student guide and practice exam questions as part of the course materials, together with an exam voucher and iapp membership (plus 2 days of instructor led training).  Each of those is also available separately via the iapp site.
  • Iapp recommends that you train and study for a minimum of 30 hours.   I usually tell candidates who’ve done the 2-day course to read the course notes plus the text book a couple of times and compare both to the BOK til that makes sense to you.
  • Feedback from the field
  • The following advice comes from privacy professionals via an iapp on-line forum and from students who’ve provided us with feedback on the exam directly:
  • It can be difficult to reconcile the text book, student guide and the BOK.  Both the text and study guide provide an overview of the information but the layout and terminology differs between the two sufficiently to create a little confusion. There is a table at the back of the student guide that maps those contents to the BOK which I find helpful.  Try and understand what’s being covered at a conceptual level and don’t get too bogged down in language.
  • The course text needs to be supplemented with legal knowledge regarding the key legislation (particularly from the EU and US). For Australian practitioners, you will need to do some additional study on the GDPR and US privacy laws (HIPAA, GLBA etc) as it is assumed you have some understanding of these.  This is not referred to in the text though the student guide has been updated to cover more GDPR specific topics (like the role of the DPO and DPIAs).
  • Other people have commented that there CIPM Body of Knowledge is one of the most valuable resources and I think that may be right. If that document makes sense, you understand the ‘program’ approach that’s the basis of this certification.
  • • There’s some feeling that the practice exam does not provide a good example of the sort of questions included in the actual exam.  Some of the feedback on the practice exam includes ‘The sample test in no way prepared me for the actual exam questions’ and ‘I scored perfect on the sample test provided with the class but did not get anywhere close to that on the actual exam so take your results on the sample test with a grain of salt.’
  • There will be scenario questions to test your application of the principles to a real life situation.  Read the scenario carefully but don’t try and memorise it.  It will appear on each screen as you answer multiple questions about the same facts. 

What does help?

A prior background of project management and privacy law (particularly EU GDRP and US laws) is a big help but certainly not a necessity.
It also helps if you have some understanding of other management systems, like the ISO 27001 Information Security Management System.
There are some other resources available that might help.  For example, there are flashcard and other exam prep aids on Quizlet (download the app and then search for Cipm-iapp and iapp-Cipm). We’ve included a list below.  If there’s anything else you find that you think is useful, please let us know.

  • You should take the exam seriously.  It’s a long time since many of us have done an exam so work out what’s the best time for you to do it (morning or afternoon?), how to manage the available time appropriately (90 multiple choice questions in 150 minutes) and your strategy for dealing with questions you may not know the answer to.  In particular, don’t freak out if you don’t know what the question is about or have no clue on which is the right answer. You can mark those questions as ones you’ll come back to (which is the strategy I used).
  • I think that if you know your stuff, you can use common sense and what you know to work out the right answer even if it’s not immediately obvious.  Remember, sometimes it will be the ‘least wrong’ rather than the ‘most right.’
  • The best advice from someone who passed the exam recently:
  • If you have an instinctive understanding about project and program management, and you don’t get rattled by questions in styles and formats you were not expecting, then the questions can be reasoned through successfully.

Conclusion

So, take it seriously, do your preparation and you should be OK. For non-EU and US practitioners, have a basic understanding of EU and US data protection and privacy laws.
It’s a good certification for privacy professionals and, at the very least, provides a common starting point for privacy practitioners to talk about privacy management.

What can you do? Sample Questions

And now, a favour from you …. We’re building up a small database of questions to help people prepare for the CIPM exam.  These will be available to everyone at no charge.
If you’d like to contribute to the database, please let me know.  All contributions gratefully received, particularly if they’re scenario based.

Other resources:

 

 

Jodie Siganto
November, 2018