Conducting Audits and Assessments of IT Impacted Regulatory Requirements

When:  Oct 2, 2019 from 8:00 AM to 5:00 PM (ET)

Background and Seminar Objective

Organizations are under extraordinary pressure to identify and implement solutions for regulatory requirements. This seminar provides an overview of the regulations impacting IT including GDPR, CCPA, HIPAA and Hitech, and focuses on approaches to conduct assessments and audits of implementation of these regulations. 

Who Should Attend?

The seminar for mid-level IT, Security, GRC, and audit professionals.


Seminar Pre-Requisites

This is an introductory-level course; no prior regulatory experience is necessary. 


Seminar Length

One day / 8 CPEs will be awarded.

Breakfast starts at 8:00 am
Seminar starts at 8:30 am
Lunch is served at 12:00 pm-12:45 pm in conference room
Seminar ends at 5:15 pm 

Seminar Location

Ernst & Young, LLP
200 Clarendon Street, Boston MA 02116
23rd floor conference space

Register for building access downstairs at the building lobby security desk on the day of the seminar.

Closest parking garage is at 100 Clarendon Street
On-street metered parking spots are available but limited


Seminar Materials:

Electronic version of the seminar materials which will be a password protected PDF file and distributed to only the registered seminar attendees prior to the start of the seminar.   Note that no hard copies will be provided. Please print a hard copy for your use should you need it for the seminar.

Seminar Outline

1.   Introduction

    • Latest Government & Financial Institution privacy and cybersecurity regulations
    • Establishing and evaluating governance processes for identifying and implementing project Initiatives to meet regulatory requirements
2.   Conducting HIPAA & Hitech Audits and Assessments

3.   Conducting a Pre-implementation Audit and Assessment of the California Consumer Privacy Act (CCPA)
    • What is personal information within CCPA?
    • Who is in scope?
    • Disclosure requirements
    • Right to Access
    • Right to Deletion
    • System design requirements
    • Audit and assessment validations
    • Proposed amendments which may go into effect
4.   Conducting a GDPR Post-Implementation Audit & Assessment
    • Understanding and auditing the required components Record of Processing Activities (Article 30)
    • Evaluating whether proper disclosures have been established for types of data subjects which meets Article 13 & 14 disclosure requirements 
    • Understanding and the alternative approaches for Article 6 Lawfulness of Processing
    • Auditing and Assessing the buildout and operationalization of Data Subject Access Rights (DSAR) Requests
    • Assessing the Processor GDPR Business Integration and compliance validation
    • Evaluating mechanisms used to meet Article 32 Requirements

Instructor Biography
   Mitchell H. Levine, CISA

Mitchell Levine, CISA is the founder of Audit Serve, Inc. which was established in 1990. For the last 29 years at Audit Serve, Mitch has split his time between traditional IT & integrated audit consulting projects and global project initiatives. For the past eight years Mitch has been focusing more than half of his time on the regulatory implementation consulting projects which included HIPAA, Hitech, GDPR, CCPA, Part 500 Cybersecurity.

Mr. Levine spends 220+ days per year consulting which is the basis for the materials included in the seminars he teaches. Over the past six years Mr. Levine has presented over 70 seminars to eighteen different ISACA & IIA chapters. Mr. Levine also was the primary writer and editor of Audit Vision which is published monthly and has a subscription base of over 3,500 audit & security professionals.


Continuing Professional Education Credits

All attendees are eligible to receive 8 hours of continuing professional education (CPE) credits by attending. These credits are recognized by the National Association of State Boards of Accountancy (NASBA). The CPE field of study is Accounting and Auditing. No prerequisites or advanced preparation is required. Audit Serve is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors.

State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding sponsors may be addressed to National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417, USA (615) 880-4200 Web site:





Ernst & Young, LLP
200 Clarendon Street
Floor 23
Boston, MA 02116