Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
Industry groups seek narrower cybersecurity‑audit rules and clearer assessments from CPPA
Summary
At the CPPA public hearing, industry and cybersecurity professionals urged the agency to harmonize proposed cybersecurity‑audit and risk‑assessment requirements with existing standards, limit board reporting, and clarify the distinction between audits and assessments.
During the Jan. 14 California Privacy Protection Agency public comment session, cybersecurity and industry witnesses raised technical and procedural objections to the CPPA's proposed cybersecurity‑audit and risk‑assessment regulations, asking the agency to align the rules with existing frameworks and to clarify several drafting ambiguities.
Olga Medina, representing the Business Software Alliance, told the agency that existing certifications and audits such as ISO 27001 and SOC 2 should be recognized as meeting the CPPA's audit requirement and that risk‑assessment…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
