CCPA Audit and Assessments; we are ready when you are!


PromeroMDR will coordinate directly with your organization to schedule your California Consumer Privacy Act (CCPA) assessment. Our assessors will help identify the level of the certification based on your company’s specific business requirements.

Businesses will be required to comply with the new regulation if they serve California residents and have at least $25 million in annual revenue.

In addition, companies of any size that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under the law.

Companies don’t have to be based in California or have a physical presence there to fall under the law. They don’t even have to be based in the United States. Also, exemption from this law include insurance institutions, agents, and support organizations as they are already subject to similar regulations under California’s Insurance Information and Privacy Protection Act (IIPPA).

PromeroMDR is an independently accredited third party assessment organization (3PAO) in accordance with the federal government’s requirements. CMMC is a program that allows DoD contract holders and seekers to meet security requirements. If you are a DoD contracting organization, you are undoubtedly seeking CMMC certification. If you are already to help you prepare and achieve CMMC certification.

For CCPA services that reduce costs and leverages the CCPA audit software platform.

Just the facts ...

The California Consumer Privacy Act (CCPA) takes a broader approach to what constitutes sensitive data so for example, olfactory information is covered, as well as browsing history and records of a visitor’s interactions with a website or application.

Here’s what AB 375 considers “personal information”:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
  • Characteristics of protected classifications under California or federal law
  • Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
  • Biometric information
  • Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory or similar information
  • Professional or employment-related information
  • Education information, defined as information that is not publicly available personally identifiable information (PII) as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes

Benefits to working with PromeroMDR ...

  • Cost Reductions

    We work smarter, not harder, to drive down your costs by giving you access to Continuum GRC’s ITAM application, the number one ranked CCPA-ready SaaS GRC audit software solution. This solution is the only assessment application tailor made for the CCPA.

    With years of experience working with our clients for our clients not against them with scope-creep and annual price hikes.

  • Proactive not Reactive

    We work with our CCPA clients proactively throughout the year to help prevent threats to your CCPA compliance program.

    With the time and expense required to remain CCPA compliant, you don’t want to risk a compliance exposure that would drive up your costs and invalidate your valuable attestation.

  • Start to Finish in Record Time

    Our proven CCPA assessment approach and technology dramatically improves the completion process. We average a huge 46% reduction in the traditional assessment time due to our critical path methodology, proactive philosophy and usage of the Continuum GRC ITAM platform, you have 24/7 access allowing everyone to get-in-and-get-out quickly.

Talk with one of our experts

Our PromeroMDR Cybervisor™ teams have experience performing thousands of assessments for organizations providing services to clients around the world.