CCPA Compliance Audits
The California Consumer Privacy Act (CCPA) provides requirements for the collection and processing of personal information. As of January 2020, companies that meet certain thresholds and do business with California residents – regardless of where their business is physically located – must be CCPA-compliant. Enforcement (and issuance of non-compliance fines) begins in July 2020.
Our CCPA Compliance Services
At 360 Advanced, we can help you achieve and demonstrate CCPA compliance. Our auditors:
- Determine if you meet the revenue requirements and data processing volumes for which compliance is required
- Evaluate the requirements that apply to your business
- Determine which of your current privacy and security measures are already CCPA-compliant
- Identify and prioritize remediation actions
- Formally audit and report on your organization’s CCPA compliance program
CCPA Readiness Assessments
CCPA readiness assessments are designed for organizations that are currently taking steps towards – but have not yet fully achieved – compliance.
Our auditors will help you determine how your current privacy and security controls compare to CCPA compliance requirements. We evaluate:
- The types of information you collect from California residents (including names, email addresses, physical addresses, signatures, educational and professional information, internet search and browsing history, geolocation data, and other personal identifiers), and the ways you use this information
- The technologies you use to store and process consumer data (including customer relationship management software and sales or marketing enablement software)
- Your organization’s internal and public-facing privacy policies, including opt-in and opt-out policies, consent forms, notices and disclosures, and policies that specifically pertain to the collection of minors’ information
- Your organization’s data collection, data retention, data access, and data deletion policies
- Your organization’s policies for responding to consumer data provision requests
- Your organization’s service provider agreements
- Your organization’s employee training programs
- Your organization’s incident response plan and breach notification policies
- Leadership and accountability standards for your internal CCPA compliance program
CCPA Compliance Audits
Once you have designed a privacy and security program that meets the obligations of the CCPA, our auditors can formally evaluate your policies, processes, and procedures. A CCPA compliance audit covers the same control areas as a readiness assessment, with the results documented in a formal report.
CCPA compliance audits allow organizations to demonstrate their commitment to protecting confidential information. You can share your report with key stakeholders, regulatory bodies, and prospective clients, documenting your controls and providing third-party validation of your efforts.
Integrated Privacy, Security, and Compliance Assessments
While the California Consumer Privacy Act was the first consumer data protection law enacted in the United States, many states are considering similar legislation. As consumers continue to demand stronger protections, companies that handle their data will be held to increasingly complex regulations.
360 Advanced can help you navigate your compliance efforts. Our team has extensive experience with consumer data protection requirements, as well as commonly used compliance standards such as ISO and NIST; PCI DSS; and the AICPA SOC Suite of Services.
With this experience, our auditors can help you identify overlap between relevant programs, making it easier to manage each of your efforts. For instance, certain types of consumer data are also covered by HIPAA; our firm can help organizations that process health-related data understand the relevant exemptions and tailor their programs accordingly. Similarly, we can help organizations that are already GDPR-compliant leverage existing evidence for their CCPA audit. By integrating multiple initiatives, we make it easier for organizations to meet obligations and achieve a broader view of their compliance programs.