As you begin to prepare for any of the exams administered by the International Association of Privacy Professionals (IAPP)—whether the CIPP/US, CIPP/E, CIPM, or CIPT exam—you might wonder how many questions you need to get right to obtain certification.
While the question of “what is a passing score” appears straightforward, the answer defies an equally straightforward answer. This is because IAPP exams are graded on a weighted scale, including a psychometric analysis. In this article we attempt to break down what it takes to pass an IAPP exam, dispel myths, and provide practical data—backed up by actual exam scores.
What Are the Basics?
To obtain any IAPP certification, you must pass a qualifying exam. Each of these exams contain 90 questions, for which you will have two and a half hours to complete. A passing score is 300 or above. But what is required to obtain a score of 300 is variable. The most detailed guidance about how IAPP exams are graded that comes directly from the IAPP can be found in its Privacy Certification Handbook. Let us take a closer look at some of the key points that IAPP makes in that handbook.
“Each question is worth 1 point and is scored as correct or incorrect”
By stating that each question is worth only one point, the IAPP indicates that all questions are weighted equally (except for unscored field questions, discussed below). This does not mean, however, that all tests are weighted equally. In other words, some forms of the exam will be considered harder than others and thus weighted differently. Likewise, it is important to keep in mind when preparing for your exam, that this does not mean all topics and concepts on the exam are weighted equally. Rather, the Exam Blueprint for each exam sets forth the approximate number of questions that cover each topic or concept—and therefore, the relative weight that each topic or concept will have.
Additionally, because each question is multiple choice and is scored as correct or incorrect, this means that for each question there is only one right answer. Some questions may be framed as asking “what is most likely” or “what is most accurate” or “what best describes” a certain concept. While these types of questions imply that more than one answer may be “likely” or “accurate” or describe the thing in question, the qualifier of “most” or “best” means that the IAPP wants a specific answer.
“Unanswered questions are considered incorrect, and there is no additional penalty for incorrect answers.”
What the above sentence means is crystal clear—NEVER LEAVE AN ANSWER BLANK. EVER. It is always better to guess on a question that you do not know the answer to than to leave it blank.
“All IAPP exams have a set cut score that is determined by the Exam Development Board and psychometric analysis. This cut score is a set number of correctly answered scored questions and is then set to 300 on our scale of 100-500 with a score of 300 and above being passing.”
The first sentence above is a fancy way for the IAPP to say that it recognizes that certain exams—depending on what questions appear on them—may be more difficult than others. Therefore, the number of specific questions that you need to get right in order to pass will change depending on the specific questions that appear on your exam.
The end goal is to receive a score of 300 or more. Although 300 is directly between a 100 and 500 score, this does not mean that getting 50% of the questions right means that you have passed the exam.
“Passing a certification exam does not require 100 percent mastery. . . . [P]assing scores range between 65 and 80 percent correct, depending on the program and exam form.”
First, the good news. IAPP does not expect perfection.
The bad news, however, is that getting 80% of the questions on your exam correct is a high bar. At the same time, the above guidance indicates that if you get 80% of your scored questions correct, you are effectively guaranteed to receive a passing score of 300 or more.
Another important wrinkle here is the recognition by IAPP that there are different “exam forms.” This is done for many reasons. For one, if a student does not receive a passing score and has to retake the exam, IAPP does not want to give them the exact same exam the second time around. Second, by varying the form of the exam, IAPP helps prevent would-be cheaters from obtaining the exact exam questions from those who have previously taken the exam.
“Each exam contains unscored field test questions the IAPP is required to collect adequate data on before making them operational and do not count towards the overall passing score.”
A final point that IAPP makes is that some of its questions will not be included in the actual graded portion of the exam.
Elsewhere, the IAPP notes that the number of scored questions is either 75 or 70, depending on the exam. The CIPP/US, CIPP/E, CIPP/A, and CIPT exams all have 75 scored questions, while the CIPP/C and CIPM exams have 70 scored questions.
What is the Absolute Minimum Number of Questions That Students Can Get Correct and Still Pass?
Combing some of the above information, we can do a little math to determine the bare minimum number of questions that a student needs to get right to have a chance of passing the exam.
Note that this analysis does NOT mean that if you get this number of questions correct, that you will pass. Rather, it means that if you get below this number of questions correct, you are guaranteed to fail the exam.
Additionally, this analysis relies upon the assumption that students did not get any of the unscored practice questions correct. It also rounds up to the nearest whole number (see point above re: “Each question is worth 1 point”)
For Exams That Have the “Hardest” Form
- CIPP/US, CIPP/E, CIPP/A and CIPT - 75 graded questions x .65 = 49 questions
- CIPP/C and CIPM - 70 graded x .65 = 46 questions
For Exams That Have the “Easiest” Form
- CIPP/US, CIPP/E, CIPP/A and CIPT - 75 graded questions x .80 = 60 questions
- CIPP/C and CIPM - 70 graded x .80 = 56 questions
What is the Minimum Number of Questions Correct That Will Guarantee a Student Will Pass?
Similar to the above analysis, we can combine some information from IAPP with some basic arithmetic to determine how many questions students need to get correct to guarantee that they will receive a passing grade.
Note that unlike the analysis above, the below analysis assumes that students got all of the unscored practice questions correct. Again, this analysis rounds up to the nearest whole number.
Another important caveat is that students will never know whether they got an “easier” or “harder” form of the exam. Therefore, to answer the question of what will guarantee a passing grade, we have assumed that the easiest form of the exam is being taken (i.e., the one that requires the highest number of correct questions to pass).
- CIPP/US, CIPP/E, CIPP/A and CIPT – (75 graded questions x .80) + 15 = 75 questions
- CIPP/C and CIPM – (70 graded x .80) + 20 = 76 questions
In short, aim for 75 or 76 questions correct to guarantee yourself a passing score.
Some Practical Examples – CIPP/US
Below are some examples of actual exam scores, as shown on official score reports, that have been drawn from multiple sources across the internet. Scores are organized from highest to lowest score.
Example 1 –
- Score: 444 (Pass)
- I. Introduction to the U.S. Privacy Environment: 93%
- II. Limits on Privacy-Sector Collection and Use of Data: 83%
- III. Government and Court Access to Private-Sector Information: 100%
- IV. Workplace Privacy: 100%
- V. State Privacy Laws: 86%
Example 2 –
- Score: 422 (Pass)
- I. Introduction to the U.S. Privacy Environment: 93%
- II. Limits on Privacy-Sector Collection and Use of Data: 86%
- III. Government and Court Access to Private-Sector Information: 86%
- IV. Workplace Privacy: 90%
- V. State Privacy Laws: 71%
Example 3 –
- Score: 412 (Pass)
- I. Introduction to the U.S. Privacy Environment: 89%
- II. Limits on Privacy-Sector Collection and Use of Data: 73%
- III. Government and Court Access to Private-Sector Information: 100%
- IV. Workplace Privacy: 77%
- V. State Privacy Laws: 90%
Example 4 –
- Score: 340 (Pass)
- I. Introduction to the U.S. Privacy Environment: 67%
- II. Limits on Privacy-Sector Collection and Use of Data: 77%
- III. Government and Court Access to Private-Sector Information: 100%
- IV. Workplace Privacy: 88%
- V. State Privacy Laws: 54%
Example 5 –
- Score: 292 (Fail)
- I. Introduction to the U.S. Privacy Environment: 68%
- II. Limits on Privacy-Sector Collection and Use of Data: 70%
- III. Government and Court Access to Private-Sector Information: 86%
- IV. Workplace Privacy: 50%
- V. State Privacy Laws: 57%
Example 6 –
- Score: 292 (Fail)
- I. Introduction to the U.S. Privacy Environment: 64%
- II. Limits on Privacy-Sector Collection and Use of Data: 70%
- III. Government and Court Access to Private-Sector Information: 100%
- IV. Workplace Privacy: 60%
- V. State Privacy Laws: 43%
Example 7 –
- Score: 276 (Fail)
- I. Introduction to the U.S. Privacy Environment: 71%
- II. Limits on Privacy-Sector Collection and Use of Data: 54%
- III. Government and Court Access to Private-Sector Information: 60%
- IV. Workplace Privacy: 66%
- V. State Privacy Laws: 54%
Example 8 –
- Score: 274 (Fail)
- I. Introduction to the U.S. Privacy Environment: 76%
- II. Limits on Privacy-Sector Collection and Use of Data: 50%
- III. Government and Court Access to Private-Sector Information: 71%
- IV. Workplace Privacy: 70%
- V. State Privacy Laws: 57%
Some Practical Examples – CIPP/E
Example 1 –
- Score: 464 (Pass)
- I. Introduction to European Data Protection: 100%
- II. European Data Protection Law and Regulation: 95%
- III. Compliance with European Data Protection Law and Regulation: 85%
Example 2 –
- Score: 454 (Pass)
- I. Introduction to European Data Protection: 100%
- II. European Data Protection Law and Regulation: 91%
- III. Compliance with European Data Protection Law and Regulation: 92%
Example 3 –
- Score: 429 (Pass)
- I. Introduction to European Data Protection: 100%
- II. European Data Protection Law and Regulation: 84%
- III. Compliance with European Data Protection Law and Regulation: 92%
Example 4 –
- Score: 400 (Pass)
- I. Introduction to European Data Protection: 100%
- II. European Data Protection Law and Regulation: 80%
- III. Compliance with European Data Protection Law and Regulation: 85%
Example 5 –
- Score: 393 (Pass)
- I. Introduction to European Data Protection: 86%
- II. European Data Protection Law and Regulation: 84%
- III. Compliance with European Data Protection Law and Regulation: 62%
Example 6 –
- Score: 379 (Pass)
- I. Introduction to European Data Protection: 57%
- II. European Data Protection Law and Regulation: 78%
- III. Compliance with European Data Protection Law and Regulation: 85%
Example 7 –
- Score: 292 (Fail)
- I. Introduction to European Data Protection: 71%
- II. European Data Protection Law and Regulation: 64%
- III. Compliance with European Data Protection Law and Regulation: 62%
Some Practical Examples – CIPM
Example 1 –
- Score: 452 (Pass)
- I. Developing a Privacy Program: 93%
- II. Privacy Program Framework: 100%
- III. Privacy Operational Life Cycle – Assess: 81%
- IV. Privacy Operational Life Cycle – Protect: 100%
- V. Privacy Operational Life Cycle – Sustain: 100%
- VI. Privacy Operational Life Cycle – Respond: 88%
Example 2 –
- Score: 380 (Pass)
- I. Developing a Privacy Program: 93%
- II. Privacy Program Framework: 72%
- III. Privacy Operational Life Cycle – Assess: 80%
- IV. Privacy Operational Life Cycle – Protect: 100%
- V. Privacy Operational Life Cycle – Sustain: 85%
- VI. Privacy Operational Life Cycle – Respond: 60%
Example 3 –
- Score: 291 (Fail)
- I. Developing a Privacy Program: 50%
- II. Privacy Program Framework: 63%
- III. Privacy Operational Life Cycle – Assess: 86%
- IV. Privacy Operational Life Cycle – Protect: 75%
- V. Privacy Operational Life Cycle – Sustain: 71%
- VI. Privacy Operational Life Cycle – Respond: 54%
Example 4 –
- Score: 260 (Fail)
- I. Developing a Privacy Program: 66%
- II. Privacy Program Framework: 36%
- III. Privacy Operational Life Cycle – Assess: 86%
- IV. Privacy Operational Life Cycle – Protect: 58%
- V. Privacy Operational Life Cycle – Sustain: 71%
- VI. Privacy Operational Life Cycle – Respond: 70%
Example 5 –
- Score: 236 (Fail)
- I. Developing a Privacy Program: 50%
- II. Privacy Program Framework: 45%
- III. Privacy Operational Life Cycle – Assess: 60%
- IV. Privacy Operational Life Cycle – Protect: 50%
- V. Privacy Operational Life Cycle – Sustain: 85%
- VI. Privacy Operational Life Cycle – Respond: 72%
Example 6 –
- Score: 127 (Fail)
- I. Developing a Privacy Program: 50%
- II. Privacy Program Framework: 18%
- III. Privacy Operational Life Cycle – Assess: 40%
- IV. Privacy Operational Life Cycle – Protect: 33%
- V. Privacy Operational Life Cycle – Sustain: 71%
- VI. Privacy Operational Life Cycle – Respond: 45%
Does Privacy Bootcamp Offer a Pass Guarantee?
Yes, Privacy Bootcamp offers a pass guarantee. We are so confident that our courses will help you obtain IAPP certification, we guarantee it! If you complete 100% of one of our courses and for some reason do not pass the actual exam, we will refund the entire cost of our course. Less than 2% of our students have ever requested a refund—indicating an industry leading pass rate.
Full terms of the Privacy Bootcamp Guarantee can be found at here.