CIPM Certification Prep
A structured CIPM prep course mapped to the IAPP CIPM Body of Knowledge v4.2.0. It follows the exam's six domains and their competencies and performance indicators, from developing the privacy program framework and establishing governance through the operational life cycle - assessing data, protecting personal data, sustaining performance, and responding to requests and incidents.
What it covers and how it works
The Certified Information Privacy Manager (CIPM) is the leading credential for operationalizing privacy - building and running a privacy program day to day. This prep course is mapped to the IAPP CIPM Body of Knowledge v4.2.0 and its six domains, teaching the competencies and performance indicators the exam assesses: developing a privacy-program framework, establishing governance, and running the full privacy operational life cycle.
It combines structured lessons with practical exercises and, where relevant, exam-aligned preparation. It is self-paced with lifetime access, and available as a mentor-led cohort or private corporate training.
6 modules · 21 chapters
A structured CIPM prep course mapped to the IAPP CIPM Body of Knowledge v4.2.0. It follows the exam's six domains and their competencies and performance indicators, from developing the privacy program framework and establishing governance through the operational life cycle - assessing data, protecting personal data, sustaining performance, and responding to requests and incidents.
01 Domain I - Privacy Program: Developing a Framework 3 chapters
Establish the foundation and governance model for the privacy program.
- I.A Define program scope and develop a privacy strategy: identify PI, business model & risk appetite; choose governance model; structure the team; identify stakeholders
- I.B Communicate organizational vision and mission: create internal/external awareness; ensure access to policies; establish common privacy terminology
- I.C Indicate in-scope laws, regulations and standards: territorial/sectoral/industry regulation; impact of non-compliance; oversight-agency authority; cross-border implications; AI privacy risks
02 Domain II - Privacy Program: Establishing Program Governance 4 chapters
Implement governance, policies, roles, metrics, and training.
- II.A Create policies and processes across the privacy life cycle: organizational model & reporting; data policies; collection-point transparency; breach-management, DSR and complaint plans; retention & disposal
- II.B Clarify roles and responsibilities: privacy-team & stakeholder roles; data sharing & disclosure; breach-response accountability by function
- II.C Define privacy metrics for oversight and governance: metrics per audience; audit purposes & life cycles; monitoring law changes across jurisdictions
- II.D Establish training and awareness activities: targeted training for employees, management and contractors across the life cycle
03 Domain III - Operational Life Cycle: Assessing Data 5 chapters
Identify and minimize privacy risk across systems and processes.
- III.A Document data governance systems: map inventories, flows, life cycle & integrations; measure policy compliance; gap analysis against laws/standards
- III.B Evaluate processors and third-party vendors: assess outsourcing risks; carry out assessments at the right functional level
- III.C Evaluate physical and environmental controls: risks of physical locations; document retention/destruction; media sanitization; device security
- III.D Evaluate technical controls: risks of digital processing; limits on use & retention; data location & cross-border flows
- III.E Evaluate risks in mergers, acquisitions and divestitures: due diligence; contractual & data-sharing obligations; risk and control alignment
04 Domain IV - Operational Life Cycle: Protecting Personal Data 3 chapters
Protect data assets through privacy and security controls.
- IV.A Apply information security practices and policies: data classification; control purposes & limits; access controls; technical, administrative & organizational measures
- IV.B Integrate Privacy by Design (PbD): privacy across the SDLC and business processes; principles and purposes of PbD
- IV.C Apply organizational guidelines for data use and enforce technical controls: verify secondary-use guidelines & safeguards; effective access controls; collaborate on obfuscation, minimization & PETs
05 Domain V - Operational Life Cycle: Sustaining Program Performance 3 chapters
Sustain the program with metrics, audits, and continuous assessment.
- V.A Use metrics to measure program performance: metrics for trending, ROI & resiliency; link data to program goals and compliance measures
- V.B Audit the privacy program: select monitoring forms; complete compliance monitoring against standards and regulatory change
- V.C Manage continuous assessment: risk assessments on systems & processes; purpose & life cycle of PIA, DPIA, TIA, LIA, PTA; post-M&A mitigation & communication
06 Domain VI - Operational Life Cycle: Responding to Requests and Incidents 3 chapters
Respond to data-subject requests and privacy incidents.
- VI.A Respond to data subject access requests and privacy rights: transparent notices; comply with consent, rectification, objection, access & complaints; global rights legislation
- VI.B Follow incident handling and response procedures: assessment, containment & remediation; stakeholder communication; incident register & records
- VI.C Evaluate and modify the incident response plan: post-incident reviews; changes to reduce likelihood and impact of future breaches
Explore the track
How you learn
- Self-paced with lifetime access
- Mentor-led cohorts
- Private corporate training
- Certificate and digital badge
CIPM Certification Prep - answered
What is the CIPM Certification Prep program?
A prep course built to the IAPP CIPM Body of Knowledge v4.2.0 (effective 1 Sept 2025) - six domains covering the privacy program framework, governance, and the full operational life cycle.
How is it delivered?
It combines structured lessons with practical exercises and, where relevant, exam-aligned preparation. It is self-paced with lifetime access, and available as a mentor-led cohort or private corporate training.
Is it aligned to the official body of knowledge?
Yes. The curriculum is mapped to the current official body of knowledge for this credential. This is independent training and is not affiliated with or endorsed by the certifying body; it does not itself confer certification.
Who is it for?
Privacy, governance, compliance, and data professionals - and the teams around them - preparing for certification or building applied capability in this area.
Do I need prior experience?
Each program is structured so motivated learners can follow the full arc; certification tracks assume the background the relevant exam expects.
Is there a downloadable brochure?
Yes. A PDF brochure for this track is available from the download button on this page.
Can my organization run this privately?
Yes. It can be delivered as a private corporate cohort tailored to your context. Use the enquire button to scope it.
How do I enrol or enquire?
Use the enquire button to request details or a corporate cohort, and a specialist will respond.
CIPM Certification Prep for you or your team
Enquire about enrolment, or scope a private corporate cohort.