Certified Information Privacy Auditor (CIPA)

Provided by


Being ClPA-certified proves your Information Privacy Systems Audit experience, skills and knowledge, and demonstrates you are capable in the assessment of vulnerabilities, Compliance with GDPR and institutional controls within the enterprise.
  • Gain an in-depth understanding of GDPR solutions and how they map to compliance requirements
  • Learn how to perform and lead Privacy Information Management System (PIMS) certification audits to ISO 19011 standards
  • Enhance your existing or learn with new skills in the field of Data Protection
  • Candidates deliver Assurance services to organisations by advising on conformance with PIMS requirements
  • Become a Technical expert on the preparation required for ISO 27701 Certification
  • Understand a Privacy Information Management System (PIMS) and its processes based on ISO/IEC 27701
  • Identify the relationship between ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
  • Acquire the competences of the auditor's role in planning, leading, and following up on a management system audit in accordance with ISO 19011.
  • Learn how to interpret the requirements of ISO/IEC 27701 in the context of a PIMS audit
About This Course

CIPA Certification;
  • Confirms your knowledge and experience
  • Quantifies and markets your expertise
  • Demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise
  • Is globally recognized as the mark of excellence for the Information Privacy Audit professional
  • Increases your value to your organization
  • Gives you a competitive advantage over peers when seeking a new role
  • Is administered by the International Data Protection Association (IDPA), based in Estonia, and fully aligned t o the ISO/IEC 17024:2012 standard ( Conformity assessment - General requirements for bodies operating certification of persons )
CIPA Certified Individuals:
  • Are highly qualified, experienced professionals in the field of Data Protection Systems Audit
  • Provide the enterprise with a Certification route for Information Privacy Assurance that is recognized by multinational clients, lending credibility to the enterprise
  • Are excellent indicators of proficiency in control requirements creation and monitoring
  • Demonstrate competence in five domains, including standards and practices; organization and management; processes; integrity, confidentiality and availability; and software development, acquisition and maintenance
  • Demonstrate a commitment to providing the enterprise with trust in and value from your Privacy Compliance Framework
  • Maintain ongoing professional development for successful on -the -job performance
How to become CIPA Certified

The CIPA designation is awarded to individuals with an interest in Privacy Compliance Framework auditing, control and security who meet the following requirements:
  • Attendance at a recognised CIPA training course
We offer the CIPA course both online and at facilities across the EMEA region. Courses are offered year round.
  • Achieving a passing score in the CIPA examination
All delegates attending an official training course will be offered the opportunity to sit the associated examination. To pass the examination, a passing score of 70% must be obtained by answering a combination of scenario based multiple choice questions. There are 5 scenarios with 120 multiple choice questions covering the scope of the exam. Questions cover the 4 key areas of the training course, namely People, Process, Technology and Environment. Successful examination candidates will be issued with a Certificate confirming a passing grade along with the relevant CPD certificate. For a more detailed description of the exam see CIPA Certification Job Practice.
  • Adherence to the Code of Professional Ethics
Members of the IDPA and/or holders of the CIPA designation agree to a Code of Professional Ethics to guide professional and personal conduct.
  • Adherence to the Continuing Professional Education(CPE) Program
The objectives of the Continuing Professional Education program are to maintain an individual's competency by requiring continual updating of knowledge and skills in the areas of information governance, privacy, technical controls and Audit, as well as to Provide a mechanism for monitoring information systems audit, control and security professionals' maintenance of their competency.

CIPA Certification Job Practice

A job practice serves as the basis for the exam and the requirements to earn the Certification. The job practice consists of task and knowledge statements representing the work performed in information privacy auditing, assurance and evidence assessment. These statements and domains are the result of extensive research, feedback, and validation from subject matter experts from around the globe.

The below job practice is organized by domains. Each domain is covered in the exam at the rate shown.
  • Domain 1-The Process of Auditing Information Privacy Systems and Solutions
Provide audit services in accordance with ISO 19011 audit standards to assist the organization in protecting and controlling information privacy systems. (21%)
  • Domain 2 - Governance and Management of Information Privacy Technology
Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization's strategy. (16%)
  • Domain 3-Information Systems Acquisition, Development and Implementation
Provide assurance that the practices for the acquisition, development, testing and implementation of information systems meet the organization's strategies and objectives. (18%)
  • Domain 4-Information Systems Operations, Maintenance and Service Management
Provide assurance that the processes for information systems operations, maintenance and service management meet the organization's strategies and objectives. (20%)
  • Domain 5-Protection of Personally Identifiable Information (PII) Assets
Provide assurance that the organization's policies, standards, procedures and controls ensure the confidentiality, integrity and availability of PII. (25%)


A thorough understanding of current Data Protection legislation, Information Security & Risk Management knowledge as well as ISO 19011 Auditing Standards is required to successfully pass the examination.

What's Included?
  • Teas, Coffees, refreshments and a full Lunch*
  • Course Slides
  • Study Guide
  • Exam Fees
* For Classroom based Courses only


The course is administered by The International Data Protection Association (IDPA) and is fully compliant with ISO 17024:2012 (Conformity Assessment - General requirements for bodies operating certification of persons)

Who Should Attend?
  • Auditors seeking to perform and lead Privacy Information Management System (PIMS) certification audits
  • Managers or consultants seeking to master a PIMS audit process
  • Individuals responsible for maintaining conformance with PIMS requirements
  • Technical experts seeking to prepare for a PIMS audit
  • Expert advisors in the protection of Personally Identifiable Information (PII)
Certification Logo

  • All candidates at official training courses will be offered the opportunity to sit the associated exam. For CIPA, this constitutes a 125 question exam which should be completed within 165 minutes. A passing score is achieved at 70%. Exams are hosted remotely through our relationship with Pearsonvue.
Our Guarantee
  • We are an approved IDPA Training Partner.
  • You can learn wherever and whenever you want with our robust classroom and interactive online training courses.
  • Our courses are taught by qualified practitioners with commercial experience.
  • We strive to give our delegates the hands-on experience.
  • Our courses are all-inclusive with no hidden extras. The one-off cost covers the training, all course materials, and exam voucher.
  • Our aim: To achieve a 100% first time pass rate on all our instructor-led courses.
  • Our Promise: Pass first time or 'train' again for FREE.
*FREE training offered for retakes - come back within a year and train for free.


There are currently no new dates advertised for this course

Related article

Addressing The Weakest link John McGlone at The Training Centre outlines how you can address the weakest link in cybersecurity. Companies spend a s...