CDPSE Certification

The Information Systems Audit and Control Association (ISACA) is an international professional association that offers policy guidance, benchmarks, and governance tools for organisations that use information technology (IT) systems.

Overview

Certified Data Privacy Solutions Engineer™ (CDPSE®) is focused on validating the technical skills and knowledge it takes to assess, build and implement comprehensive data privacy measures. CDPSE holders help fill the technical privacy skills gap so that your organization has competent privacy technologists to build and implement solutions that mitigate risk and enhance efficiency.

The CDPSE exam is three and a half hours in duration, contains 120 multiple-choice questions, and covers three areas called domains. Each domain is further defined and detailed through Task and Knowledge statements. Read on below for the domains and their weightings.

A copy of ISACA’s Exam Candidate Guide can be downloaded here.

As well as passing the CDPSE exam, there are additional criteria for certification. For example, a candidate must submit evidence of at least three years of experience in data privacy governance, privacy architecture, and/or data lifecycle work. If a candidate does not have the required experience, this may still be gained within five years after originally passing the CDPSE exam. Please see the full additional criteria detailed on ISACA’s website.

Request Certification Information

Prepare for the Certified in the Governance of Enterprise IT (CDPSE) exam with training from Lumify Work, an Accredited Partner of ISACA.

Courses

Certified Data Privacy Solutions Engineer (CDPSE®)

Exam Content and Weightings

Following are the key domains and topics on which CDPSE candidates will be tested, with weightings.

Domain 1: Privacy Governance (Governance, Management & Risk Management) – (34%)

Identify issues requiring remediation and opportunities for process improvement.

Identify the internal and external privacy requirements specific to the organisation's governance and risk management programs and practices.
Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and/or industry best practices.
Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments.
Participate in the development of procedures that align with privacy policies and business needs.
Implement procedures that align with privacy policies.
Participate in the management and evaluation of contracts, service levels and practices of vendors and other external parties.
Participate in the privacy incident management process.
Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
Develop and/or implement a prioritisation process for privacy practices.
Develop, monitor and/or report performance metrics and trends related to privacy practices.
Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
Participate in privacy training and promote awareness of privacy practices.
Identify issues requiring remediation and opportunities for process improvement.

Domain 2: Privacy Architecture – (36%)

Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.

Coordinate and/or perform privacy impact assessment (PIA) and other privacy-focused assessments to identify appropriate tracking technologies and technical privacy controls.
Participate in the development of privacy control procedures that align with privacy policies and business needs.
Implement procedures related to privacy architecture that align with privacy policies.
Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and considerations.
Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
Identify, validate and/or implement appropriate privacy and security controls according to data classification procedures.

Domain 3: Data Lifecycle – (30%)

Participate in the development of data lifecycle procedures that align with privacy policies and business needs.

Identify the internal and external privacy requirements relating to the organisation's data lifecycle practices.
Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments relating to the organisation’s data lifecycle practices.
Participate in the development of data lifecycle procedures that align with privacy policies and business needs.
Implement procedures related to data lifecycle that align with privacy policies.
Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and data lifecycle considerations.
Identify, validate and/or implement appropriate privacy and security controls according to data classification procedures.
Design, implement and/or monitor processes and procedures to keep the inventory and dataflow records current.

Supporting Tasks

Identify the internal and external requirements for the organisation’s privacy programs and practices.
Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and industry best practices.
Coordinate and/or perform privacy impact assessment (PIA) and other privacy-focused assessments.
Participate in the development of procedures that align with privacy policies and business needs.
Implement procedures that align with privacy policies.
Participate in the management and evaluation of contracts, service levels and practices of vendors and other external parties.
Participate in the privacy incident management process.
Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
Evaluate the enterprise architecture and information architecture to ensure that it supports privacy by design principles and considerations.
Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
Identify, validate and/or implement appropriate privacy and security controls according to data classification procedures.
Design, implement and/or monitor processes and procedures to keep the inventory and dataflow records current.
Develop and/or implement a prioritisation process for privacy practices.
Develop, monitor and/or report performance metrics and trends related to privacy practices.
Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
Participate in privacy training and promote awareness of privacy practices.
Identify issues requiring remediation and opportunities for process improvement.