Are you ready for the new audits and assessments that the California Privacy Protection Agency (“CPPA”) require? In July 2025, the CPPA updated the California Consumer Privacy Act (CCPA”) to require businesses to perform Risk Assessments and Cybersecurity Audits. The Risk Assessments apply to businesses that are selling or sharing information, using automated decision-making technology (“ADMT”) to make significant decisions or to infer personal attributes, or using Personal Information to train ADMT.
The annual Security Audits should cover the following areas that support Personal Information:
- User Authentication
- Encryption
- Access Controls
- Inventory management
- Secure Hardware and Software Configurations
- Network Segmentation
- Network Monitoring and Defense
- Penetration Testing and Vulnerability Management
- Audit log Management
- Data Retention and Data Disposal
- Anti-virus, anti-malware Protection
- Incident Response
Once again, the CPPA is concerned about how businesses handle data and will now be enforcing these new controls of CCPA on December 31, 2027, and April 1, 2028, respectively. (There are specific deadlines for the Cybersecurity Audits that depend on the business revenue size, with smaller businesses having until April 1, 2030 to meet compliance.)
Your privacy assessments or data mappings should show the business what data is being sold or shared, in order to help prepare you for your targeted risk assessments and the required cybersecurity audits. So be sure to have these artifacts completed before beginning the newly required Risk Assessments or Security Audits.
ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security, and privacy implementation assistance, CISO-as-a-Service, DPO-as-a-Service, and numerous MSP and MSSP services, to mention a few.
To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.