The PECB Certified Lead Privacy Implementer certification and course enable participants to develop the expertise to implement and manage a Privacy Framework based on ISO/IEC 29100 that is intended to be used by persons and organisations involved in designing, developing, procuring, architecting, testing, maintaining and operating information and communication technology (ICT) systems where privacy controls are required for the functioning of Personally Identifiable Information (PII).

Processing, securing and safeguarding PII is the fundamental to the standards, principles, processes and methodologies as specified in ISO/IEC 29100 in the Privacy Framework Architecture as specified in ISO/IEC 29101. Organisations can use these standards to design, implement, operate and maintain their information and communication technologies systems that will allow protection of PII and improve organisation's privacy programs through industry best practices.

Implementing and maintaining a Privacy Framework based on the ISO/IEC 29100 standard has crucial benefits for individuals and organisations in dealing with PII, such as:

• It serves as a basis for preferred additional privacy standardisation initiatives for overall privacy management, assurance of privacy compliance for internal and/or outsourced data processes, and privacy impact assessments
• It defines privacy safeguarding requirements related to all PII and communication systems
• It is applicable on a wide scale and sets a common privacy terminology, privacy principles, classification of privacy features, and security guidelines for related privacy aspects
• It is closely linked to existing security standards that have been widely implemented into practice
• It helps organisations address system-specific matters from organisational, regulatory, technical and procedural perspectives
• It provides guidance for processing PII based on the ICT requirements at an international level

What is the PECB Certified Lead Privacy Implementer certification?

"PECB Certified Lead Privacy Implementer" is the certification designed to develop and certify privacy professionals who have the knowledge, skills and competence to support organisations in planning, implementation, surveillance, re-examination, operation and continual improvement of a Privacy Framework to secure and safeguard Personally Identifiable Information (PII) in a wide range of programmes and projects with management's commitment and appropriate follow-up actions and reviews.

Target Audience

The CLPI certification is designed for candidates:

• who are project managers or consultants wanting to prepare and to support organisations on implementing and managing a Privacy Framework;
• who are security auditors wishing to fully understand the implementation process of a Privacy Framework;
• who are experienced IT security manager or IT security professionals interested in earning a certification relating to the Privacy Management Framework;
• who are privacy officers, data protection officers or compliance professionals with an interest in privacy legislation, or risk security professionals with front-line experience;
• who are expert advisors in information technology;
• who are staff members in organisations involved in tasks where privacy controls are required for the processing of PII;
• who are legal practitioners wishing to understand the practical aspects of a Privacy Framework.

Course Outline

This five-day intensive course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Privacy Framework based on ISO/IEC 29100, the Generally Accepted Privacy principles and guidance from international information commissioners. Participants will gain a thorough understanding of how to design, build and lead organisations privacy programs covering business processes, ICT systems and services, through the use of best practices. The course provides a privacy framework which specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information (PII), describes privacy safeguarding considerations and provides references to known privacy principles for information technology. Based on this knowledge participants will have the skills to build Privacy Frameworks that allow their organisations to maintain compliance to the many privacy directives and laws worldwide.

Day 1: Introduction to Privacy Framework concepts as recommended by ISO/IEC 29100

• Introduction to Privacy Framework concepts as recommended by ISO/IEC 29100
• Privacy Framework based on ISO/IEC 29100 and regulatory framework
• Fundamental principles of privacy
• Privacy legislation in US and Europe including the new and existing directives
• Writing a business case and a project plan for the implementation of a Privacy Framework
• Initiating the Privacy Framework implementation

Day 2: Planning the Implementation of the Privacy Framework

• Preliminary analysis of existing controls
• Leadership and approval of the Privacy Framework project
• Defining the scope of a Privacy Framework
• Development of a privacy policy
• Selection of the approach and methodology for risk assessment
• Control statement and management decision to implement the Privacy Framework
• Definition of the organisational structure of Privacy

Day 3: Implementing a Privacy Framework

• Implementation of a document management framework
• Design of controls and writing procedures and specific policies
• Implementation of privacy controls
• Development of a training and awareness program and communicating about the privacy to development of a training and awareness program and communicating about privacy
• Incident management
• Operations management

Day 4: Privacy Framework Measurement and Continuous Improvement

• Monitoring, measurement, analysis and evaluation
• Internal audit
• Management review
• Treatment of problems and points of concern
• Continual improvement
• Competence and evaluation of implementers

Day 5: Certification Exam

The CLPI exam covers the following domains:

• Domain 1: Fundamental principles and concepts in Privacy Implementation
• Domain 2: Privacy Implementation Best Practices based on ISO/IEC 29100
• Domain 3: Designing and Developing an Organisational Privacy Framework based on ISO/IEC 29100
• Domain 4: Implementing a Privacy Framework
• Domain 5: Designing and Implementing Privacy Controls
• Domain 6: Performance Monitoring and Measuring
• Domain 7: Improving the Privacy Implementation Process