The NIG CCPA Compliance Certificate Program

NIG can immediately help get your organization in compliance with the CCPA by conducting an CCPA Information Security Audit and Risk Assessment to gather the factual-knowledge required to effectively manage your information risk and bring your organization into CCPA compliance along with our five additional steps designed to fortify your organization against Cyber threats and defend against any “privacy right of action” complaint filed against your organization.

Assessment

To maximize the value of the NIG Information Security Risk Assessment, NIG will work with your Information Security Management and Leadership Team to carry out an Information Security Audit and Risk Assessment in accordance with NIG’s and your documented procedures that include:

  1. Criteria for identifying, evaluating, and categorizing identified cybersecurity risks and threats
  2. Criteria for assessing the adequacy of existing controls in the context of identified risks
  3. Criteria for deciding how identified risks are to be managed and how the information security management program is to address the risks

As input to the assessment, NIG and your Information Security Management and Leadership Team will learn:

  1. What information do we have that we are legally required to protect? What documents define how we must protect it?
  2. What information do we as an organization have that we want to protect?
  3. What audits are we preparing for? What controls do they expect?

We will conduct your assessment against your current Information Security Management Policies and Standards and address any deficiencies. For each policy statement and each standard, NIG and your Information Security Management and Leadership Team will learn:

  • Are you in compliance with the policy?
  • How well are we meeting the standards?
  • How critical is meeting the standards?
  • What is the information risk in not fully meeting the standard?
  • What are we going to do about it?

At the conclusion of the assessment step, NIG and you will have a complete evaluation of all your organization’s IT hardware, software, connectivity and security processes. An outline of your organization’s AS-IS IT infrastructure will be developed.

Recommendation

The recommendation step is an evaluation of your organization’s AS-IS IT environment and the development of a roadmap of all of the necessary upgrades to hardware, software, firmware, applications, connectivity, databases, and cybersecurity tools that will be necessary for your organization to be in compliance with the CCPA. Some of your organization's risks being evaluated are:

What are the threats to which your data is exposed?

Who are the threat actors we must defend against? How sophisticated are they likely to be?

How are they likely to attack your organization?

Where are your organization’s major vulnerabilities?

Implementation

The implementation step is the implementing all of the upgrades as outlined in the NIG recommendations roadmap and an audit that they have been completed. Once the recommendations are implemented, and the audit has been conducted, NIG will issue a certificate documenting that all the steps your organization has taken to be in full compliance with the CCPA have been completed. Your organization will also receive a copy of NIG’s master file documenting all of the actions taken, policies implemented, and procurements that were made to bring the organization into compliance.

Monitoring

The monitoring Step is the creation of a policy and procedures manual for your organization to use on an ongoing basis and for internal training to keep staff current and continuously folling best practices for compliance and using the tools to keep your IT infrastructure secure. Also included in this step is for ongoing monitoring, including an annual audit showing that your organization is staying in full compliance with the requirements of the CCPA.