Conducting Audits and Assessments of Data Privacy Regulations

When:  Nov 17, 2022 from 13:00 to 17:00 (CT)
Associated with  Middle Tennessee Chapter

Join the ISACA Middle Tennessee Chapter and the Nashville IIA Chapter for a presentation on Conducting Audits and Assessments of Data Privacy Regulations on Thursday, November 17, 2022 from 1:00 - 5:00PM CST.

Event Summary:

Organizations are under extraordinary pressure to identify and implement solutions to address data privacy regulatory requirements. This seminar provides an in depth understanding of the data privacy regulations and alternative implementation solutions. The focus of the seminar is to provide proven approaches on conducting audits and assessments of data privacy regulations within your organization.

From this seminar, an auditor will be able to assess the risks taken by their organization based on their project implementation strategies and understand how to construct the compliance tests necessary to yield the most compelling audit issues. The presentation will provide working industry examples of how to implement solutions that allows the participants to effectively evaluate the various types of solutions that may have been used within their organization.

Seminar Outline:

Common components and required project initiatives across privacy and data protection regulations

  • Understanding whether the organization is in scope
  • Identifying the business processes which are in scope
  • Establishing a mapping of personal data to business processes
  • Mechanisms to disclose personal data which is collected, stored, processed, and shared
  • Mechanisms to receive, track, and process data subject access rights requests
  • Data breach handling

Latest state and federal government privacy and cybersecurity regulations

  • Understanding their impacts
  • Implementation requirements

Conducting a post-implementation audit & assessment of the California Consumer Privacy Act (CCPA)

  • What is personal information within CCPA
  • Who is in scope
  • Disclosure requirements
  • Right to access
  • Right to deletion

Conducting a GDPR post-implementation audit & assessment

  • Understanding and auditing the required components record of processing activities (Article 30)
  • Evaluating whether proper disclosures have been established for types of data subjects which meets Article 13 & 14 disclosure requirements
  • Understanding the alternative approaches for Article 6 – lawfulness of processing
  • Auditing and assessing the buildout and operationalization of Data Subject Access Rights (DSAR) requests
  • Assessing the Processor GDPR Business integration and compliance validation
  • Evaluating mechanisms used to meet Article 32 requirements

If you have questions before the meeting, please send them to Programs Director, Aaron Smith (


Mitchell Levine, CISA, is the founder of Audit Serve, Inc. which was established in 1990. For the last 30 years at Audit Serve, Mr. Levine has split his time between traditional IT & integrated audit consulting projects and global project initiatives. For the past eight years, Mr. Levine has been focusing more than half of his time on data privacy regulatory implementation consulting projects which included HIPAA, Hitech, GDPR, CCPA, and Part 500 Cybersecurity.

Mr. Levine spends 220+ days per year consulting which is the basis for the materials included in the seminars he teaches.

Over the past six years, Mr. Levine has presented over 70 seminars to eighteen different ISACA & IIA chapters. Mr. Levine also was the primary writer and editor of Audit Vision which is published monthly and has a subscription base of over 3,500 audit and security professionals.

Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his duties included management a team of IT Auditors who were responsible for auditing 25+ service bureaus and the corporate financial systems.

Date/Time: Thursday, November 17, 2022 from 1:00 - 5:00PM CST

Location/Delivery: The presentation will be in the Meeting Room at the John P. Holt Brentwood Public Library. The address is 8109 Concord Rd, Brentwood, TN 37027. NOTE: This event is not a Brentwood Library program.

Light snacks and refreshments will be provided.

Prerequisites: None

Program Field of Study: Information Technology

Program Level: Basic/Beginner

CPE Credits & Field of Study: Up to four (4) hours of credit will be issued.

The Middle Tennessee Chapter of ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:



Brentwood Library
8109 Concord Rd
Brentwood, TN 37027


Justin Dority