Building on our prior overview of CalPrivacy's finalized regulations, this next webinar in our CCPA Regulations Series will focus on cybersecurity audit requirements. Under those requirements, covered businesses must complete detailed, independent cybersecurity audit reports and provide compliance certifications to CalPrivacy. Initial audits reports are due in April 2028, 2029, or 2030 depending on the business's gros annual revenue. Audit reports must be completed yearly thereafter.
In this session, Michael T. Borgia (Partner and Head of Information Security) and Andrew Lewis (Counsel) will discuss which businesses are subject to the audit requirements, the core elements of a cyber audit, and strategies for maintaining auditor independence, and key considerations for compliance certifications, among other topics. Using practical examples, they'll outline how organizations can prepare, leverage existing audits, and work with qualified independent auditors to meet upcoming certification deadlines. This session is the third in our series exploring key areas of the CalPrivacy regulations.
Whether you've joined our previous webinars or are beginning to assess these new requirements, you'll come away with clear, actionable steps to help your organization build a compliant, defensible cybersecurity audit program.