隐私管理认证





Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Manager (CIPM)

CIPM认证包含隐私项目管理和隐私项目运营周期


Part 1

隐私项目管理

为隐私项目的管理提供了坚实的基础,并定义了如何开发、度量和改进隐私程序。

Part 2

隐私项目运营周期

在隐私策略范围内,详细描述了隐私程序模型的管理和操作。隐私项目运营周期领域是建立在一个共同的行业可接受的框架之上:评估或分析一个组织的隐私管理体制;通过实施行业领先的隐私、安全控制和技术保护信息资产;通过沟通、培训和管理活动来维持隐私计划;对隐私事件的回应。


I. Privacy Program Governance

A. Organization Level

  • a. Create a company vision
  • b. Establish a privacy program
  • c. Structure the privacy team

B. Develop the Privacy Program Framework

  • a. Develop organizational privacy policies, standards and/or guidelines
  • b. Define privacy program activities

C. Implement the Privacy Policy Framework

  • a. Communicate the framework to internal and external stakeholders
  • b.Ensure continuous alignment to applicable laws and regulations to support the development of an organizational privacy program framework

D. Metrics

  • a. Identify intended audience for metrics
  • b. Define reporting resources
  • c. Define privacy metrics for oversight and governance per audience

II. Privacy Operational Life Cycle

A. Assess Your Organization

  • A.a. Document current baseline of your privacy program
  • b. Processors and third-party vendor assessment
  • c. Physical assessments
  • d. Mergers, acquisitions and divestitures
  • e. Conduct analysis and assessments, as needed or appropriate

B. Protect

  • a. Data life cycle (creation to deletion)
  • b. Information security practices
  • c. Privacy by Design

C. Sustain

  • a. Measure
  • b. Align
  • c. Audit
  • d. Communicate
  • e. Monitor

D. Respond

  • a. Information requests
  • b. Privacy incidents