How ISO/IEC 27001 Can Help Achieve CCPA Compliance

Organizations had until 1 January 2019 to comply with the CCPA. Although there is no confirmed direct relationship between the CCPA requirements and information security, the tasks, activities, processes and system changes needed for CCPA compliance may affect an enterprise’s current information security processes, controls, policies, and procedures. The use of certification schemes like ISO/IEC 27001 can aid in demonstrating that the organization is actively managing data protection mechanisms in line with international best practices.

Information is one of the most valuable and business-critical assets for any organization. In today’s hyper-connected world, organizations are facing large-scale information security threats and destructive cyber-attacks. ISO/IEC 27001 certification confirms that your organization has appropriate controls in place to reduce the risk of serious data security threats and reduces the exploitation of vulnerabilities within your organization’s systems.

The deployment of ISO/IEC 27001 permits achieving the technical and operational requirements necessary to assist in preventing data leakage under the CCPA. Using an ISMS configuration can assist organizations, no matter the size and sector, in taking a systematic risk-based approach to managing and securing sensitive company data. ISO/IEC 27001 certification provides customers and other stakeholders with confidence that the organization’s manager-leaders have implemented internationally accepted best practices.

• An overview of the CCPA and how an ISO/IEC 27001-aligned ISMS can support compliance
• The primary risks associated with data leakage and critical actions in the event of a data leak
• The technical and organizational requirements to achieve CCPA compliance
• The benefits of implementing an ISMS
• Practical advice on how to improve your ISMS deployment congruent with the CCPA requirements

Although many businesses understand the importance of implementing the right procedures to protect personally identifiable information in compliance with the California Consumer Privacy Act (CCPA), not many are aware of the benefits of implementing International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 standards-compliant with an information security management system (ISMS) deployment. ISO/IEC 27001 permits an excellent starting point for achieving the technical and operational requirements necessary to assist in preventing data leakage under the CCPA.

In this webinar, information systems management expert Dr. Robert E. Davis, CISA, CICA will walk you through how to implement a useful ISMS configuration that can help you towards compliance with the CCPA. Dr. Davis will discuss how to determine primary data leakage risks and incident handling associated with CCPA mandates. Dr. Davis will also highlight how to map CCPA requirements to management system controls.

• Chief Information Security Officers
• Information Security Directors
• Data governance and management professionals
• Staff attorneys
• Privacy and compliance professionals
• Human resources professionals
• Risk management professionals and auditors tasked with compliance and risk transfer
• Data Protection Officers
• Chief Information Officers/Chief Technology Officers
• Internal Audit Managers and staff
• Information Technology Security Officers
• Information Technology and Data Consultants, as well as project managers involved in data protection, information security, or cybersecurity issues.

Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.

Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.