Upcoming Changes to the CIPM Exam in 2023: A Comprehensive Overview
For years, we’ve monitored and integrated updates from IAPP CIPP/E, CIPP/US, and CIPM exams. However, this year’s CIPM exam seems to harbor an anomaly. In this blog post, we will uncover these alterations, analyze their potential impact on your exam readiness, and guide you through this evolving scenario.
Blueprint Consistency, Yet an Unconventional Twist
The examination blueprint outlines the range of items within major domains and topics covered in the CIPM exam. Normally, IAPP releases a new document detailing these changes, but this year, that’s absent. Thus, the exam’s structure seems to align with the previous year’s. At this point, all appears to be status quo.
Evolution in the Body of Knowledge
IAPP annually publishes a Body of Knowledge (BoK) for its exams, outlining the knowledge and competencies assessed in the certification exam. This document typically elaborates on the topics outlined in the examination blueprint, incorporating new subjects and current developments.
Body of Knowledge Merging with Examination Blueprint
IAPP’s announcement regarding the 2023 CIPM exam update reveals:
“Domain I Developing a Privacy Program and Domain II The Privacy Program Framework were combined into a single domain; Domain I Developing a Framework
A new Domain II was added; Domain II: Establishing Program Governance”
please see: https://iapp.org/certify/cippe-cippus-cipm-cipt-beta-exams/
What raises eyebrows is that this year’s BoK includes the number of exam questions (a detail traditionally found only in the Examination Blueprint).
While consolidating these documents is not inherently problematic, the discrepancy between them is puzzling. The table below provides a side-by-side comparison:
| Domain | Min no questions 2022 | Max no questions 2022 | Min 2023 | Max 2023 |
| I. Privacy Program: Developing a Framework | 13 | 17 | 14 | 18 |
| II. Privacy Program: Establishing Program Governance | 9 | 11 | 12 | 16 |
| III. Privacy Program Operational Life Cycle: Assessing Data | 13 | 17 | 12 | 16 |
| IV. Privacy Program Operational Life Cycle: Protecting Personal Data | 12 | 16 | 9 | 13 |
| V. Privacy Program Operational Life Cycle: Sustaining Program
Performance |
5 | 7 | 7 | 9 |
| VI. Privacy Program Operational Life Cycle: Responding to Requests and
Incidents |
9 | 11 | 10 | 14 |
Domain II exhibits the most significant deviation from the previous year, notably emerging as a ‘new’ domain.
Content Changes(?): In-depth Exploration
Comparing the Examination Blueprint with both the old and new Body of Knowledge, the following insights emerge:
- The new Body of Knowledge doesn’t introduce new topics. Rather, it entails mainly topic realignments.
- Minor shifts are noticeable in domains III through VI, with slightly more pronounced shifts in domains I and II.
Impact on Your Exam Preparation
Your preparation can proceed using the same resources. The most recent textbook edition is the 2022 third edition (refer to our update post from last year for further details: https://cipptraining.com/cipm-exam-annual-update-october-1-2022/)
Due to alterations in the number of exam questions per topic, focusing on the following chapters of the textbook is advised:
2 – Privacy Program Framework: Privacy Governance
3 – Privacy Program Framework: Applicable Privacy Laws and Regulations
6 – Privacy Operational Life Cycle: Protect: Policies
Additionally, these two chapters hold significance:
4 – Privacy Operational Life Cycle: Assess: Data Assessments
5 – Privacy Operational Life Cycle: Protect: Protecting Personal Information
Overview most important topics
Below is a list of the topics and sections that receive the most questions on the exam.
Source: IAPP Body of Knowledge 4.0.0
Domain I
Domain II
Domain III
Domain IV
Domain V
Domain VI
