The California Consumer Privacy Act (CCPA) is “the first consumer privacy act in the country,” as one California legislator put it. No other US state has provided its citizens with GDPR-like protections, which include a transparency right that requires companies to inform consumers about the data collected and shared, and gives them a right to access, delete, and opt-out.
A business should first assess whether the CCPA is applicable to the business and its business partners.
Know your interested parties, internal and external issues
Assess business risk and recommend treatment
Roadmap to bridge the identified gaps
Upgrade what you have
Translate your business practices into compliance-speak with easy-to-use Process & templates
A very slim set of policies, procedures, template and guideline
InfoSec Awareness
Risk Management
Process Owner’s training
What is your pain area?
Where do you expect improvement?
Define Performance Objective
Derive Performance
Analyse Trend
Progress monitoring
Status overview to Management
Continuous Record review
Facilitation to Process Owners
Internal Audit to ensure readiness
NC closure and trend analysis
Identify right Certification partner
Collaboration
Guidance for NC closure (If any)
Be there to Celebrate Success
Ensuring Information Security is defined, implemented, measured and audited in products, services and processes, resulting in business protection and successful ISO 27001 certification
Ensures that the cloud storage that your organisation is using is optimised in terms of its security settings and protection protocols to ensure you’re using a system that is safe.
Demonstrates the businesses focus on due diligence and compliance with data protection regulatory the existing ISMS (GDPR, HIPAA, CCPA etc.)
Ensures that Business Continuity and Disaster recovery capability is defined, documented and tested So your organization has developed resiliency and improved risk management.
A Virtual Chief Information Security Officer is an outsourced security advisor whose responsibilities varies depending upon your business needs.
Creating a culture of security means building security values into the fabric of your business. Training that covers situational awareness (why someone might be at risk), plus work and home-life benefits is a good way to bring people onboard.