IAPP CIPM Certification

It looks like the IAPP has a new certification: CIPM - Certified Information Privacy Manager.

https://www.privacyassociation.org/certification/cipm_certification_program

More details to come in April...

Find more posts tagged with

Comments

paul78

Thanks! That's a good tip...

Although, I wonder if they are diluting their CIPP certification by having a different certification. IMO - it may have been better to have a CIPP concentraton of Management like US/IT/EU. etc.

Most of the CIPP's that I know are privacy attorneys or other infosec or risk managers so I wonder how the CIPM will be received by the privacy community.

GoodBishop

paul78 wrote: »

Thanks! That's a good tip...

Although, I wonder if they are diluting their CIPP certification by having a different certification. IMO - it may have been better to have a CIPP concentraton of Management like US/IT/EU. etc.

Most of the CIPP's that I know are privacy attorneys or other infosec or risk managers so I wonder how the CIPM will be received by the privacy community.

I bet that it will be received rather well. Remember when the CISM came out and how it really filled that need for a management-level security certification? I would bet by the end of the year when you see privacy manager positions that they will require either a CIPP or a CIPM.

GoodBishop

I ordered the material for the CIPM - I'm going to see about taking the test.

I'll let y'all know how I do. Probably take it in a month or two.

GoodBishop

Also the Body of Knowledge for the CIPM has been released - https://www.privacyassociation.org/media/pdf/certification/CIPM_BOK_1.0.0.3.pdf

As well as the Exam Blueprint - https://www.privacyassociation.org/media/pdf/certification/CIPM_EBP_1.0.1.0.pdf

paul78

Good to know. Thanks.

Good luck on the exam. I'm curious about it myself.

GoodBishop

So as I'm reading the one course book, I have to say two things.

First, the book itself is very good. I don't say this about many books, but this book is a great resource if you ever do anything privacy related, much more so than any of the other IAPP materials I have. It's worth purchasing on it's own merit. This is the new Privacy Program Management book from the IAPP, and the quality of the book is excellent.

Second, I think the test will be harder than I initially thought. There's a lot of material here, and I want to track down the references so I can understand them.

Very interesting indeed. This book is all about the "how" to get a privacy program running and sustainable. Good stuff.

paul78

Thanks for the preliminary review on the book -

. I just bought it based on your description.

GoodBishop

paul78 wrote: »

Thanks for the preliminary review on the book - . I just bought it based on your description.

No problem. It's a solid good read. I'm still cranking through it, but I'm going to take the test in June, rather than May. Best to solidly prepare for the exam and pass. Plus work will be aligned then too.

wpc10980

Tough cert don’t underestimate

paul78

@wpc10980 - Welcome to TE. I was wondering... Did you get your results yet? I understand that the CIPM passing score was not going to be set until July. The materials so far seem pretty interesting so hopefully the actual exam will be as interesting.

GoodBishop

Registered for the test today. August 1, that's the date. Now that work and life have calmed down a bit, time to finish this one.

TeKniques

Good luck GoodBishop. Interested to hear your take on the exam experience.

wpc10980

@paul78 - Actually, the end of July must have been a rumor. I got my results immediately after completing the exam at CBT center, the last weekend in June. I did not pass. i will wait a while before I retake the exam. Maybe year end.
This article may also be of interest to you.

http://cipmcertification.blogspot.com/2013/07/cipm-certification-worth-effort.html

GoodBishop

I purchased the practice exam for $25, as I wanted to see how I would do. It's a 22 question test, and I missed one, so I feel that I am prepared. It shouldn't be a problem for the real deal then.

If you have a spare $25, it might be worth looking at as a sanity check. The explanations at the back are a good review. One item that I might want to focus more on is the AICPA/CICA Privacy Maturity Model (PMM), and spend a half hour reviewing that.

I'll reread the green book from IAPP probably Wednesday night, and take the exam Thursday.

GoodBishop

wpc10980 wrote: »

@paul78 - Actually, the end of July must have been a rumor. I got my results immediately after completing the exam at CBT center, the last weekend in June. I did not pass. i will wait a while before I retake the exam. Maybe year end.
This article may also be of interest to you.

http://cipmcertification.blogspot.com/2013/07/cipm-certification-worth-effort.html

Very interesting article, but I would disagree with a number of points - chief being the cost of the CIPM. Total cost for me would be:

$25 practice test
$275 for the CIPM test
$75 for the book ($65 + $10 shipping)
=Total $375

If you want to add the total costs, it would be:
$245 for the foundation exam (maybe it is more expensive now)
$250 for membership to IAPP
$75 for foundation book ($65 for book, $10 for shipping)
=Total $570

So you're looking at about $945 to have the cert totally. Not including time to study and gas to and from the testing center. I would say that's less than the 5k they mention in the article. Admittedly, my costs above are from a few years ago in my order history, so they might have changed.

There was a CIPM study session near where I live that I was asked to attend by the IAPP (it was kinda weird, I got a call stating - "Hi Goodbishop, this is the IAPP, we're having this swanky new CIPM session downtown, you should attend." "Naw, I'm good. Really." *internal voice - I can read the book in a hour and save myself 8 hours of session time, plus it's free, plus I really already know this stuff... yeah*. I talked to a few friends who attended it, and it wasn't a great study session. I would wait 6 months for any study session to get the kinks worked out.

GoodBishop

GoodBishop wrote: »

I purchased the practice exam for $25, as I wanted to see how I would do. It's a 22 question test, and I missed one, so I feel that I am prepared. It shouldn't be a problem for the real deal then.

If you have a spare $25, it might be worth looking at as a sanity check. The explanations at the back are a good review. One item that I might want to focus more on is the AICPA/CICA Privacy Maturity Model (PMM), and spend a half hour reviewing that.

I'll reread the green book from IAPP probably Wednesday night, and take the exam Thursday.

Granted I hope I'm not jinxing myself by posting this. Argh.

paul78

Good luck GoodBishop!!!

I've been procratinating myself on the CIPP/US and CIPM myself. I couldn't really decide which to do first. The CIPM materials are more in-line with my experience and background. But I found the CIPP/US material more interesting. I already paid the fee for the CIPP/US exam but haven't actually scheduled it yet. Your post just reminded me that I probably should do that

@wpc10980 - thanks for sharing the link. Based on the few pages that I've read of the CIPM, it makes sense. The cost did seem kinda high though as @GoodBishop mentioned - I wonder if that's because it was in Canada.

ChooseLife

Best of luck, GoodBishop!

GoodBishop

It cost me 32 minutes of my life, but I passed the CIPM test with a scaled score of 420. 85% in Privacy Program Governance, 95% in Privacy Operational Lifecycle.

w00t!

I probably missed 4 or 5 questions out of 45. It was difficult in some areas, but easy in others. I would agree with the recommendation in the IAPP site to study the green book Privacy Program Management, and you should do fine.

redz

Congratulations!

paul78

Well done GoodBishop. Great to hear and congrats.

GoodBishop

Thanks guys!

ChooseLife

Nice! Congratulations!

I noticed you have quite a collection of certs - what do you do if you don't mind me asking?

TeKniques

Congrats GoodBishop!

GoodBishop

ChooseLife wrote: »

Nice! Congratulations!

I noticed you have quite a collection of certs - what do you do if you don't mind me asking?

I'm the guy with a target on his back putting out fires.

But seriously though, I'm a GRC Manager. I make sure we have our audits running smoothly, take care of any issues, prep the IT teams, internally assess security practices, do strategy, deal with exceptions, make sure internal audit is happy, give guidance on multiple topics, and say no to the use of Dropbox. I also deal with privacy issues too.

Careerwise, I'm looking to do something around the IT director or CISO/Deputy CISO level, or Chief Security Architect. Though I'm happy with where I'm at - lots of good career progression and development, and support for training/certs/school.

I go for the certs not because I want to have a lot of letters behind my name, but because I'd rather keep learning. Like I've posted before, this year, CCSK, maybe CEH, and next year ISSAP/CBCP/GCIH/etc... I would say that the certs show more of a desire to learn and keep current, rather than skill - skill is proven on the job.

ChooseLife

GoodBishop wrote: »

I'm the guy with a target on his back putting out fires.

Sounds like a fun job

GoodBishop wrote: »

I'm a GRC Manager.

Interesting, I did not know such a role existed. That makes perfect sense given your cert credentials. In our company those functions are spread between CFO, Privacy officer, IT Manager, and a person focusing on ISO and auditing.

GoodBishop wrote: »

the certs show more of a desire to learn and keep current, rather than skill - skill is proven on the job.

That's a good way to put it, especially the latter part.

wpc10980

Congrats!!!!!!!!

Overcertified

To Goodbishop:

I will be taking one of the official classes by IAPP soon, hopefully it has advanced better and maybe improved.

You indicated that you purchaed the practice exam, as well as passing the CIPM exam (congrats).
Without breaching the confidentiality of the exam, and of course in retrospect, what can you say about the usefullness of the practice exam as far as helping you with the real exam?

As far as comments about the $5K for the certification, I read that blog, and I read your calculations, and although I have to speculate, the blog mentioned conferences and travel.

In one guess, if you take the training as part of a conference (I will be taking an independent class, not conference related) then a conference could be expensive, expecially if you have to travel to get there. However, if that is where he got the number, I am not sure whether is is fair in general to add in those costs as a general rule, although that might have been the route he took.

In another guess, one has to look at the Total Cost of ownership of a certification. As you did, by adding in the IAPP annual dues, because IAPP still does not charge recertification fees (AMF as some other organizations call them) - IAPP requires you to remain a dues paying member in good standing. However, from a TCO of the certification, one has to also add in the costs of maintaining the CPE credits, which there are free opportunities out there, but also CPE's from conferences, seminars and training. [the blog also mentioned training in the costs, the prep class I will be going to is $500+). Keep in mind that IAPP uses a 3 year cycle, so it is CPE per year, plus annual dues x 3 for the entire cert cycle. Keep in mind that usually the CPE for the CIPP and many other security certs may qualify for the CIPM, so CPE are sometimes reusable across different certs.

My point in this is that obtaining and maintaining (keeping) a cert has many costs, while most only look at the cost to get there and don't see the maintenance costs.

Thank your for your information on this cert.

paul78

Just my 2 cents - I can't comment on the CIPM practice since I am still in midst of procrastination. But the practice tests for the Foundation and US were pretty good. At $25, it's a bargain although the practice tests are very short. Good luck.

GoodBishop

Overcertified wrote: »

To Goodbishop:

I will be taking one of the official classes by IAPP soon, hopefully it has advanced better and maybe improved.

You indicated that you purchaed the practice exam, as well as passing the CIPM exam (congrats).
Without breaching the confidentiality of the exam, and of course in retrospect, what can you say about the usefullness of the practice exam as far as helping you with the real exam?

As far as comments about the $5K for the certification, I read that blog, and I read your calculations, and although I have to speculate, the blog mentioned conferences and travel.

In one guess, if you take the training as part of a conference (I will be taking an independent class, not conference related) then a conference could be expensive, expecially if you have to travel to get there. However, if that is where he got the number, I am not sure whether is is fair in general to add in those costs as a general rule, although that might have been the route he took.

In another guess, one has to look at the Total Cost of ownership of a certification. As you did, by adding in the IAPP annual dues, because IAPP still does not charge recertification fees (AMF as some other organizations call them) - IAPP requires you to remain a dues paying member in good standing. However, from a TCO of the certification, one has to also add in the costs of maintaining the CPE credits, which there are free opportunities out there, but also CPE's from conferences, seminars and training. [the blog also mentioned training in the costs, the prep class I will be going to is $500+). Keep in mind that IAPP uses a 3 year cycle, so it is CPE per year, plus annual dues x 3 for the entire cert cycle. Keep in mind that usually the CPE for the CIPP and many other security certs may qualify for the CIPM, so CPE are sometimes reusable across different certs.

My point in this is that obtaining and maintaining (keeping) a cert has many costs, while most only look at the cost to get there and don't see the maintenance costs.

Thank your for your information on this cert.

Thanks!

My thoughts on the practice exam was that it was a quick sanity check to see where I was with regards to the test. I would not view it as a source of record for questions, but more of a general "here is where I am with regards to questions that are similar to the test". On a scale of 1 to 5, I would rate the usefulness of the practice exam as about a 3. It did give me some areas to further study before I took the test.

You do mention the CPEs - that is true, you do need to obtain 10 CPEs per year. For me, I do enough CPEs for the ISC2 and ISACA certs that I have that they apply to the IAPP certs - plus I only do the free version for CPEs, which is why they weren't included in my cost.

One note - you mention a 3 year cycle, but looking at the IAPP CPE policy, there isn't a cycle, but rather 10 CPEs per year. I think if you don't submit your CPEs then you are on a 90 day grace period, then you lose your cert.