What is CIPM?
The CIPM (Certified Information Privacy Manager) is a professional certification issued by the International Association of Privacy Professionals (IAPP). It is the leading credential for privacy program management, focusing on how to build, govern and continuously operate a privacy program rather than on the substantive law of any single jurisdiction.
What does CIPM cover?
The CIPM Body of Knowledge spans privacy governance, applicable laws and regulations, the privacy program operational lifecycle, data lifecycle management, performance metrics, privacy by design, incident response, and third-party risk management. It is jurisdiction-neutral and complements substantive privacy law certifications such as CIPP/E and CIPP/US.
Who pursues CIPM?
CIPM is targeted at Data Protection Officers (DPOs), Chief Privacy Officers, privacy program managers, compliance leads, and in-house privacy counsel responsible for operationalising privacy laws across an organisation. It is particularly valuable for professionals managing GDPR, KVKK, CCPA/CPRA and other multi-jurisdictional privacy programs.
Exam format
The CIPM exam consists of 90 multiple-choice questions completed within 2.5 hours at a Pearson VUE testing centre or online. Candidates need a scaled score of 300/500 to pass. The IAPP recommends approximately 30–60 hours of preparation depending on background.
CIPM and ISO 27701
CIPM is often pursued alongside an ISO/IEC 27701 implementation: the certification trains the people who design and run the PIMS, while ISO 27701 certifies the system itself. The IAPP-IBOK CIPM curriculum maps closely to the management-system structure of ISO 27701.