BPM's IT Assurance presented at the ISACA's Silicon Valley chapter's fall 2019 conference. The topic of presentation was "The Privacy Criteria at a Service Organization". This conference focused on "privacy" and how the 2020 California Privacy Protection Act (CPPA) will significantly impact businesses in California and beyond.
Our presentation focused specifically on how privacy is defined and tested for Service Organizations, such as Amazon Web Services (AWS).
Top Five Takeaways From the Presentation:
- What is Privacy? Personal information is collected, used, retained, disclosed, and disposed to meet the entity's objectives. The entity provides notice to data subjects about its privacy practices to meet the entity's objectives related to privacy (e.g., Privacy Statement)
- The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to data subjects.
- The entity uses personal information for intended purposes.
- The entity permits Data Subjects (users) access to their personal information.
- The entity monitors compliance to meet its objectives related to privacy, including procedures to address privacy-related inquiries, complaints, and disputes.
Presenter: Ric Jazaie
Ric has over 20 years of demonstrated experience in the areas of forensic accounting, internal audit, and information technology (IT) assurance with medium-to-large size organizations, as well as practiced in public accounting. He has performed internal control assessments, SOX evaluation and testing, as well as directed and supervised internal audit engagements, corporate governance reviews, enterprise risk management studies, and anti-fraud and ethics projects within both consulting and professional services. Ric has been practicing the SSAE 18 (previously SSAE 16, SAS 70) System and Service Organization Controls reporting & SOC for Cybersecurity for the past 22 years. He has extensive experience leading and directing IT audits, information security assurance and new system implementation verification through the Independent Validation and Verification (IV&V) process. He has investigated numerous allegations of fraud and embezzlement throughout his professional career. Ric became a licensed private investigator to enhance his knowledge of investigation and focused his private practice on financial crimes investigations, including those involving employee misconducts and misappropriation of assets. He has developed special skills in fraud risk assessments and has worked with numerous clients on performing these specialized engagements.