Compliance Certificates: Choosing The Best One and How to Get It

ComplianceCertification_720.png

Almost 70% of executives aren’t confident in their current risk management policies and practices.

You can look at that statistic in two ways; either you see that as a problem or an opportunity.

If you see it as a problem, then you’re most likely the owner of an organization. What I mean by that is you’re starting to realize the importance of establishing a regulatory environment. Maybe you’re trying to figure out ways to instill awareness into your employees about regulations they need to keep in mind as they work.

If you’re on the other side of the coin, that statistic is an opportunity. In other words, you’re someone who’s thinking about getting a compliance certificate. After all, only 30% of all executives feel confident with their current risk management practices, there will be a lot of job openings soon.

But, like most industries, in order to stand out as the perfect candidate for a job you need to have the most qualifications or experience. In compliance, qualifications take on the form of certifications.

OK, requiring certifications for a job position isn’t anything new. In fact, there’s guaranteed to be some sort of accreditation that could help you stand out from other candidates for any job.

But with highly regulated industries, certifications end up turning into an alphabet soup of acronyms. In other words, it’s easy to get lost in all of the different options. There may only be one letter that’s different in the acronym of an accreditation but they could be entirely different from one another.

So what are some of the best compliance certifications and how do you get them?

Table of Contents

Determine What Industry You Want to Work Within

Compliance is a blanket term meaning that your organization has a set of rules to follow enforced by the government.

Before you even think about what certification you want, you need to think about what industry you want to work within. Each industry has different requirements in order to conduct business. Although almost every business has a law that they have to follow, you can’t work just anywhere upon completion of a randomly selected credential. 

You have to sit down and think through what industry interests you the most.

ComplianceCertification_Think_720.png

Of course, beyond the industry itself, you should look into the regulations they have to operate around.

As an example, healthcare companies have to abide by the Health Insurance Portability and Accountability Act (HIPAA). This law lays out what’s required by hospitals and practices in order to protect their patients’ protected health information (PHI).

There are a few routes you could take in order to work within the healthcare industry. Many of these organizations are transitioning away from storing this sensitive data in endless, paper files at their office and moving toward an all-electronic format.

Of course, there are many benefits to doing this. However, it does mean that these practices are susceptible to…

  • Firewall exploits

  • Phishing attacks

  • Ransomware hacks

So, if you’re thinking about what compliance certificate to pursue as someone who’s interested in working within the healthcare space, an information security or privacy credential is what you want.

Not every industry or their respective regulations will interest you. So take your time, do your research and choose the compliance certifications in an area that most interests you most.

Certified Information Systems Security Professional (CISSP)

One of the most elite and popular information security certifications is the Certified Information Systems Security Professional (CISSP).

As of July 1, 2020, there are a total of 141,607 people who have this certification worldwide, 63% of which are within the United States. Many IT companies consider it as a base requirement for their network security employees so it’s highly sought after.

In order to be eligible to take the test that grants this compliance certification, you need to have five years of work experience in two of eight different listed domains.

ComplianceCertification_CISSP_720.png

You could also satisfy the requirement to take the exam with four years of experience if you have a four-year college degree or an approved credential or certification.

Finally, you have to explain any felony convictions or identification with hackers by agreeing to the (ISC)2 Code of Ethics.

The exam itself is intense. Up until 2018 it used to be a 6-hour, 250 question beast covering 8 different domains. However, every three years the exam’s content and testing style is subject to change every three years.

In 2018, (ISC)2 changed it to the CISSP Computer Adaptive Test or CISSP-CAT format…

  • $699 exam fee

  • 100 - 150 questions

  • Each question is only asked once, takes cannot go back

  • Only 75 questions graded at a time

  • If the system estimates that the pass potential is 95% or higher, the test ends of 100 questions with a pass

  • If the system estimates a failure potential is 95% or higher, it re-evaluates the test taker every question until 150 questions

  • Each new graded question asked after 100 replaces one of the originally 75 graded questions

It’s a daunting task but achieving a CISSP certification leads to extremely lucrative careers and doesn’t pigeon-hole you into one industry. For example, an Information Security Manager makes an average of $120,000 per year.

Technically a CISSP is a cybersecurity certification. However, compliance and cybersecurity now go hand-in-hand as the landscape continues to shift more toward a digital landscape.

Certified Regulatory Compliance Manager (CRCM)

Banks and financial institutions have more than one regulation that they have to keep in mind while operating. Whether its the Bank Secrecy Act (BSA) or the Payment Card Industry Data Security Standard (PCI), their list of laws directly relevant to their industry seems endless.

To keep everything in check, these organizations’ teams consist of individuals tested specifically for their regulatory and risk management needs.

The most respected and recognized compliance certifications within the banking and financial space is the Certified Regulatory Compliance Manager (CRCM).

ComplianceCertification_CRCM_720.png

There are two ways you could be eligible for this certification. First, have at least six years of U.S. experience as a compliance professional within the past decade. Second, you’re eligible if you have a minimum of three years of experience as a compliance professional and complete at least two compliance-related training options provided by the American Bankers Association (ABA) within the last five years.

The ABA puts a huge emphasis on what they determine as experience as a compliance professional as that’s the most popular criteria people achieve. Specifically, they define a compliance professional as someone who’s responsible for “the full range of compliance risk functions.”

They further break down compliance risk functions as…

  • Performing risk assessments, audits or examinations

  • Developing, implementing, and managing all aspects of a compliance risk management program

The last thing you have to do in order to take this exam is to sign a Code of Ethics statement, similar to a CISSP.

The test itself is as follows…

  • $750 fee

  • 200 multiple-choice questions

  • 4-hour time limit

  • In paper or electronic form (via Scantron)

CRCM is so valued within the financial sectors because it’s so difficult to obtain. As a result, jobs requiring this compliance certification see salaries of up to $150,000 per year.

Certified Information Privacy Professional (CIPP)

The term “data privacy” is a generic term. However, it’s a field of compliance that’s rapidly becoming more important.

In 2018 the European Union introduced the strictest data privacy law in the world with the General Data Protection Regulation (GDPR). Within this 261 page legislation, one particular section changed everything about how websites collect user information.

Article 5 of the law details information about processing personal data. Specifically, it states that organizations are to inform customers and users when their data is being processed and for how long it’s stored. 

via GDPR

via GDPR

Article 5 of GDPR is the reason why we always have to agree to cookies whenever we enter a modern-day website.

So what’s my point after all of this? It may seem like I went off on a tangent but I’m trying to point out the growing importance of data privacy in the modern world. I didn’t even go into the California Consumer Privacy Act of 2018.

Enter the Certified Information Privacy Professional (CIPP). This is a compliance certificate that’s recognized and accredited by the American National Standards Institute (ANSI) under the International Organization for Standardization (ISO) standard 17024:2012. In other words, it’s highly respected.

The CIPP certification comes from the International Association of Privacy Professionals (IAPP). Here’s what to expect from this test...

  • $550 fee

  • 90 multiple-choice questions

  • 150 minute allotted time

  • 75 questions scored at random

Although still a respected accreditation, the IAPP doesn’t list any prerequisites in order to take this test. Instead, they recommend at least 30 hours of dedicated study time.

However, their restrictions come after the test. Especially if you want to continue down the path as an expert in data privacy. In order to earn the title of “Privacy Law Specialist,” you must...

  • Be a practicing attorney with in the US

  • Earn the CIPP/US designation

  • Earn a CIPM or CIPT as well

  • Pass IAPP’s ethics exam, or submit a recent MPRE score of 80+

  • Provide evidence of ongoing involvement in the practice of privacy law

  • Give evidence of at least 36 hours of continuing education in privacy law for the three-year period before the application date

  • Provide five to eight peer references from attorneys, clients, or judges to attest your qualifications

Individuals with a CIPP earn up to $130,000 for positions in data privacy.

Certified Compliance and Ethics Professional (CCEP)

The Compliance Certification Board (CCB) is a testing organization that ensures competence in compliance and ethics across different industries and specialties. They offer a plethora of different accreditations, some touch on overarching concepts while others are specific to one field.

Within their list of certifications, they offer the Certified Compliance and Ethics Professional (CCEP). Achieving this accreditation further enhances your credibility within your organization as a compliance professional by focusing on broad-based compliance functions.

In order to qualify to take the test and earn this certification, you need…

  • Experience at least one year in a full-time compliance position or 1,500 hours of direct compliance job duties within two years prior to the exam

  • 20 continuing education units (CEUs) approved by the CCB 

The exam itself looks like this…

  • $275 fee for Society of Corporate Compliance and Ethics (SCCE) or Health Care Compliance Association (HCCA) members

  • $375 fee for non-members

  • 115 multiple-choice questions

  • 100 questions graded

The CCB also offers an international CCEP compliance certification abbreviated as CCEP-I. The standard one focuses on United States law whereas the international accreditation focuses on compliance and ethics laws on a global scale.

Jobs requiring a CCEP earn up to a $130,000 salary

Certified in Healthcare Compliance (CHC)

Healthcare is one of the most highly regulated industries. Think about all of the sensitive data hospitals and practices have to handle on a daily basis. They have a massive target on their back, hackers constantly try to get a handle on their data. 

As a result, there are a few healthcare compliance certifications to consider.

Among its overarching accreditations, the CCB also offers the official title; Certified in Healthcare Compliance (CHC).

ComplianceCertification_CHC_720.png

It has the same requirements as the CCEP certification I mentioned in the section above. But the bearer instead knows what’s expected from compliance at healthcare practices.

Conclusion

Every organization has a law or regulation that they have to keep in mind while conducting business.

It’s just as likely that the same organization is having a hard time staying afloat in its compliance environment. After all, an average of 130 security breaches happen per organization each year.

That presents the perfect opportunity for you as an up-and-coming regulatory professional. Regardless of which specialty you choose, there will be a position waiting for you at an organization that needs your help.

Each of the compliance certifications I’ve listed in this blog post leads to lucrative positions. However, the most successful individuals within this field are those who care more about helping than how much money they make.