Certified Information Privacy Auditor (CIPA)

Being ClPA-certified proves your Information Privacy Systems Audit experience, skills and knowledge, and demonstrates you are capable in the assessment of vulnerabilities, Compliance with GDPR and institutional controls within the enterprise. 

CIPA Certification; 

• Confirms your knowledge and experience 

• Quantifies and markets your expertise 

• Demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise 

• Is globally recognized as the mark of excellence for the Information Privacy Audit professional 

• Increases your value to your organization 

• Gives you a competitive advantage over peers when seeking a new role
• Is administered by the International Data Protection Association (IDPA), based in Switzerland, and fully aligned to the ISO/IEC 17024:2012 standard (Conformity assessment - General requirements for bodies operating certification of persons)

CIPA Certified Individuals: 

• Are highly qualified, experienced professionals in the field of Data Protection Systems Audit 

• Provide the enterprise with a Certification route for Information Privacy Assurance that is recognized by multinational clients, lending credibility to the enterprise 

• Are excellent indicators of proficiency in control requirements creation and monitoring 

• Demonstrate competence in five domains, including standards and practices; organization and management; processes; integrity, confidentiality and availability; and software development, acquisition and maintenance 

• Demonstrate a commitment to providing the enterprise with trust in and value from your Privacy Compliance Framework 

• Maintain ongoing professional development for successful on -the -job performance

How to become CIPA Certified 

The CIPA designation is awarded to individuals with an interest in Privacy Compliance Framework auditing, control and security who meet the following requirements: 

• Attendance at a recognised CIPA training course 

We offer the CIPA course at facilities across the EMEA region. Courses are offered year round.

• Achieving a passing score in the CIPA examination

All delegates attending an official training course will be offered the opportunity to sit the associated examination. To pass the examination, a passing score of 70% must be obtained by answering a combination of scenario based multiple choice questions. There are 5 scenarios with 120 multiple choice questions covering the scope of the exam. Questions cover the 4 key areas of the training course, namely People, Process, Technology and Environment. Successful examination candidates will be issued with a Certificate confirming a passing grade along with the relevant CPD certificate. For a more detailed description of the exam see CIPA Certification Job Practice. 

• Adherence to the Code of Professional Ethics 

Members of the IDPA and/or holders of the CIPA designation agree to a Code of Professional Ethics to guide professional and personal conduct. 

• Adherence to the Continuing Professional Education(CPE) Program 

The objectives of the Continuing Professional Education program are to maintain an individual's competency by requiring continual updating of knowledge and skills in the areas of information governance, privacy, technical controls and Audit, as well as to Provide a mechanism for monitoring information systems audit, control and security professionals' maintenance of their competency.

CIPA Certification Job Practice

A job practice serves as the basis for the exam and the requirements to earn the Certification. The job practice consists of task and knowledge statements representing the work performed in information privacy auditing, assurance and evidence assessment. These statements and domains are the result of extensive research, feedback, and validation from subject matter experts from around the globe.

The below job practice is organized by domains. Each domain is covered in the exam at the rate shown.

Domain 1—The Process of Auditing Information Privacy Systems and Solutions

Provide audit services in accordance with IS audit standards to assist the organization in protecting and controlling information privacy systems. (21%)

Domain 2 - Governance and Management of Information Privacy Technology

Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization's strategy. (16%)

Domain 3—Information Systems Acquisition, Development and Implementation

Provide assurance that the practices for the acquisition, development, testing and implementation of information systems meet the organization’s strategies and objectives. (18%)

Domain 4—Information Systems Operations, Maintenance and Service Management

Provide assurance that the processes for information systems operations, maintenance and service management meet the organization’s strategies and objectives. (20%)

Domain 5—Protection of Personally Identifiable Information (PII) Assets

Provide assurance that the organization’s policies, standards, procedures and controls ensure the confidentiality, integrity and availability of PII. (25%) 

A thorough understanding of current Data Protection legislation, Information Security & Risk Management knowledge as well as ISO 19011 Auditing Standards is required to successfully pass the examination.

Teas, Coffees, refreshments and a full Lunch*

Course Slides

Study Guide

Exam Fees

* For Classroom based Courses only

The course is administered by The IDPA and is fully compliant with ISO 17024:2012 (Conformity Assessment - General requirements for bodies operating certification of persons)

Individuals who wish to continue their careers into the field of Data Protection Audit, including;

• Systems Auditors
• Junior Audit team members
• Management System Auditors
• Audit team leads