Conducting Audits and Assessments of IT Impacted Regulatory Requirements

When:  Sep 5, 2019 from 8:00 AM to 5:00 PM (ET)

Background and Seminar Objective

 Organizations are under extraordinary pressure to identify and implement solutions for regulatory requirements.  This seminar provides an overview of the regulations impacting IT including GDPR, CCPA, HIPAA and Hitech, and focuses on approaches to conduct assessments and audits of implementation of these regulations.


Who Should Attend?

 The seminar for mid-level IT, Security, GRC, and audit professionals.


Seminar Pre-Requisites

 This is an introductory-level course; no prior regulatory experience is necessary. 

Seminar Materials:

Electronic version of the seminar materials which will be a password protected PDF file and distributed to only the registered seminar attendees prior to the start of the seminar.   Note that no hard copies will be provided.  Please print a hard copy for your use should you need it for the seminar.


Seminar Outline


  1. Introduction
    • Latest Government & Financial Institution privacy and cybersecurity regulations
    • Establishing and evaluating governance processes for identifying and implementing project Initiatives to meet regulatory requirements


  1. Conducting HIPAA & Hitech Audits and Assessments
  2. Conducting a Pre-implementation Audit and Assessment of the California Consumer Privacy Act (CCPA)
    • What is personal information within CCPA?
    • Who is in scope?
    • Disclosure requirements
    • Right to Access
    • Right to Deletion
    • System design requirements
    • Audit and assessment validations
    • Proposed amendments which may go into effect


  1. Conducting a GDPR Post-Implementation Audit & Assessment
    • Understanding and auditing the required components Record of Processing Activities (Article 30)
    • Evaluating whether proper disclosures have been established for types of data subjects which meets Article 13 & 14 disclosure requirements 
    • Understanding and the alternative approaches for Article 6 Lawfulness of Processing
    • Auditing and Assessing the build out and operationalization of Data Subject Access Rights (DSAR) Requests
    • Assessing the Processor GDPR Business Integration and compliance validation
    • Evaluating mechanisms used to meet Article 32 Requirements


Instructor Biography  
Mitchell H. Levine, CISA

Mitchell Levine, CISA is the founder of Audit Serve, Inc. which was established in 1990. For the last 29 years at Audit Serve, Mitch has split his time between traditional IT & integrated audit consulting projects and global project initiatives.  For the past  eight  years Mitch has been focusing more than half of his time on the regulatory implementation consulting projects which included HIPAA, Hitech, GDPR, CCPA, Part 500 Cybersecurity.


Mr. Levine spends 220+ days per year consulting which is the basis for the materials included in the seminars he teaches. Over the past six years Mr. Levine has presented over 70 seminars to eighteen different ISACA & IIA chapters.  Mr. Levine also was the primary writer and editor of Audit Vision which is published monthly and has a subscription base of over 3,500 audit & security professionals.


Ernst & Young, LLP
200 Clarendon Street
Floor 13
Boston, MA 02116