top of page

CDPSE Body of Knowledge (2024-2025)

ISACA has announced updates to the Certified Data Privacy Solutions Engineer (CDPSE) Body of Knowledge (BoK) for 2024–2025. These changes are part of a broader effort to keep the exam aligned with evolving privacy regulations, emerging technologies, and real-world job functions. If you're preparing for the CDPSE exam—or planning to—the information below outlines what's changing and what it means for you.

ree

When Do the Changes Take Effect?

The updated CDPSE exam and Body of Knowledge take effect starting April 2025. Candidates testing on or after this date will be assessed under the new content framework. 


Format: Did It Change?

The CDPSE exam will consist of 120 questions covering 4 job practice domains, all testing your knowledge and ability on real-life job practices leveraged by expert professionals.


Have the Domains Changed?

The three CDPSE domains of privacy governance, privacy architecture, and data life cycle management are adjusted and expanded to the following four domains:

  • Domain I: Privacy Governance

    • Personal Information

    • Privacy Principles (e.g., Privacy by Design, Consent, Transparency)

    • Privacy Laws and Regulations

    • Privacy Documentation (e.g., Policies, Guidelines)

    • Organizational Culture, Structure, and Responsibilities

    • Vendor and Supply Chain Management

    • Incident Management

    • Data Subject Rights, Requests, and Notification


  • Domain II:  Privacy Risk Management and Compliance

    • Risk Management Process and Policies

    • Privacy-Focused Assessment (e.g., Privacy Impact Assessment (PIA))

    • Privacy Training and Awareness

    • Threats and Vulnerabilities

    • Risk Response

    • Privacy Frameworks

    • Evidence and Artifacts

    • Program Monitoring and Metrics


  • Domain III: Data Lifecycle Management

    • Data Inventory, Dataflow Diagram, and Classification

    • Data Quality (e.g. Accuracy)

    • Data Use Limitation

    • Data Analytics (e.g., Aggregation, AI, Data Warehouse)

    • Data Minimization

    • Data Disclosure and Transfer

    • Data Storage, Retention, and Archiving

    • Data Destruction


  • Domain IV: Privacy Engineering

    • Infrastructure and Platform Technology (e.g., legacy, cloud computing)

    • Devices and Endpoints

    • Connectivity

    • Secure Development Life Cycle

    • APIs and Cloud-Native Services

    • Asset Management

    • Identity and Access Management

    • Patch Management and Hardening

    • Communication and Transport Protocols

    • Encryption and Hashing

    • Monitoring and Logging

    • Consent Tagging

    • Tracking Technologies (e.g., cookie management)

    • Anonymization and Pseudonymization

    • Privacy Enhancing Technologies (PETs)

    • AI/Machine Learning (ML) Considerations


Here's a high-level look at the adjusted domain weightings (2024–2025):

  • Privacy Governance – 20%

  • Privacy Risk Management and Compliance – 18%

  • Data Lifecycle Management – 23%

  • Privacy Engineering  – 39%


Has the Number of Questions Changed?


The exam still consists of 120 multiple-choice questions, and candidates have 3.5 hours (210 minutes) to complete it.


What New Topics Were Added?


Several new topics have been integrated into the revised BoK to reflect the evolving role of privacy professionals:

  • Infrastructure and Platform Technology (e.g., legacy, cloud computing)

  • Devices and Endpoints

  • Connectivity

  • Secure Development Life Cycle

  • APIs and Cloud-Native Services

  • Asset Management

  • Identity and Access Management

  • Patch Management and Hardening

  • Communication and Transport Protocols

  • Encryption and Hashing

  • Monitoring and Logging

  • Consent Tagging

  • Tracking Technologies (e.g., cookie management)

  • Anonymization and Pseudonymization

  • Privacy Enhancing Technologies (PETs)

  • AI/Machine Learning (ML) Considerations


These updates ensure that candidates are equipped to address modern privacy challenges in dynamic, technology-driven organizations.


What is the Passing Score for the ISACA CDPSE Exam?

The passing score for the ISACA CDPSE exam is 450 out of a possible 800.


Our Take on Some Changes


The 2024–2025 updates are thoughtful and well-aligned with the evolving landscape of data privacy. For exam candidates, this means preparing not just to pass a test, but to function effectively in fast-paced, tech-driven environments where privacy must be embedded into every aspect of design and data handling. 


If you're planning to earn the CDPSE certification, review the updated Body of Knowledge carefully and adjust your study plan to focus on the newer topics and additional domain emphasis. Privacy professionals are being asked to do more than ever—this exam now mirrors that reality.




Comments

bottom of page