Organizations subject to the CCPA must evaluate their compliance with an increasing set of regulations designed to give consumers more control over their personal information. The CCPA, strengthened by CPRA passed in November, secures new privacy rights, audit obligations and mandates reasonable cyber security measures. To evaluate your organization’s CCPA exposure, Kroll experts can assess your organization’s current privacy and cyber security posture and build a roadmap to becoming compliant.
Our experts will assess your organization’s current compliance with CCPA through a review of existing policies and controls using a cloud-based questionnaire that facilitates collaboration. The analysis identifies the relevant clauses of the statute and explains those clauses in plain English. Stakeholders from your organization, including privacy and compliance officers, information security leaders and legal counsel, can be assigned specific questions and our team will help with the completion of the questionnaire.
The initial assessment will identify gaps and provide recommendations against:
It’s important to recognize that CCPA compliance is a gradual process that may be more efficiently approached in phases, depending on the size and structure of the organization. The flexibility of our cloud-based assessment questionnaire allows organizations to examine specific business units, regions or vendors and how they’re complying with CCPA requirements from a central location. Tracking first and third-party compliance from a single dashboard gives your privacy office greater visibility and helps identify areas of focus, maximizing the impact of your efforts.
The CCPA requires all organizations to implement reasonable security measures to protect personal information. Our experts will conduct a cyber security program assessment using the Center for Internet Security (CIS) Top 18 Controls, which have been adopted by the state of California, to evaluate your organization’s security controls and processes. The assessment includes:
The CCPA grants California consumers the right to know what personal information is being collected, used, shared or sold. To properly provide this information to clients, your organization must perform a thorough data inventory and update it on a frequent basis, mapping existing data flows and noting where data is transferred to, stored, and the security controls in place.
The data inventory exercise also helps identify third parties that may have access to PI, and our privacy and contract experts can then help review agreements to identify potential exposure, such as the inability to audit in the event of a cyber security incident.
Augment your data privacy office with Kroll resources to provide strategic cover during periods of heavy activity, such as M&A, or for day-to-day privacy program management to handle anything from data subject requests tracking to structuring your data protection office in its entirety.
Kroll merges cyber security, compliance, risk, contracts and valuations expertise to deliver practical data privacy and digital trust solutions based on your needs, anywhere in the world.
Our experts understand the ins and outs of the CCPA regulations and several data privacy laws worldwide. We have guided organizations of all sizes through compliance and understand how to implement meaningful change. Count on Kroll to assess your current posture and help you comply with the CCPA.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Assess the design, configuration and implementation of your web apps for critical vulnerabilities. Kroll’s scalable pen testing services consider the business case and logic of your apps, providing more coverage and an optimized program based on risk.
Kroll’s certified pen testers find vulnerabilities in your APIs that scanners simply can’t identify. Protect your business and keep sensitive data secure by leveraging our knowledge and experience in testing modern API infrastructures.
Integrated into your software development lifecycle (SDLC), Kroll’s agile penetration testing program is designed to help teams address security risks in real time and on budget.
Kroll’s team of certified cloud pen testers uncover vulnerabilities in your cloud environment and apps before they can be compromised by threat actors.
Kroll’s product security experts upscale your AppSec program with strategic application security services catered to your team’s culture and needs, merging engineering and security into a nimble unit.
Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.
Kroll helps development teams design and build internal application threat modeling programs to identify and manage their most pressing vulnerabilities.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
by Andrew Rathbun, Eric Zimmerman
by David White
by George Glass
by Dave Truman