All resources except for Vendor Tests
"EVERYONE’S GUIDE TO THE CCPA" is a tool for understanding the Regulations, building Privacy Programs, assessing legal compliance, privacy risks, and evidence gathered for mandated cybersecurity audits. Formatted as an Excel Workbook, it is used by all stakeholders to determine whether a company deemed a "high-risk processor" should be subject to cybersecurity audits mandated by the CPRA-amended CCPA. “EVERYONE’S GUIDE” contains self-assessment questions for evaluating respondents’ understanding of the law and tests which generate evidence to fulfill regulatory requirements.
Everyone’s Guide to the CCPA is also used for:
• Privacy Program Management: The CCPA self-assessment can garner participation across functional teams and distribute work items relevant to each members' roles and goals to meet selected goals or to build comprehensive programs.
• Security and Audit Controls: Each CCPA legal compliance requirement can be mapped to NIST 800-53r5 control standards to leverage existing controls or implement new controls for underlying data security and privacy protections which support CCPA legal compliance requirements and provide evidence for mandatory cybersecurity audits.
• Vendor Risk Management: Each CCPA legal compliance requirement can be mapped to test cases applied to each vendor's products and services. These test cases are designed to be executed by any stakeholder, including consumers and enforcement agencies, to verify self-assessment responses, and produce evidence for underlying data security and privacy protections in support of the CCPA.
CCPA Test Suites are not prescriptive; they are designed to test how well various legal strategies or technical risk controls perform in the pursuit of achieving specific compliance goals.