For more information on our events policy, see

Loading Events

« All Events

  • This event has passed.

Conducting Audits and Assessments of Data Privacy Regulations

November 13, 2019 @ 8:00 am - November 14, 2019 @ 4:30 pm EST

GWDC Member Fee: $650.00, Other ISACA Chapter Member: $700.00, Non-Member: $780.00

Organizations are under extraordinary pressure to identify and implement solutions for all the regulatory requirements. This seminar provides an in depth understanding of the regulations and provides alternative implementation solutions. The focus of the seminar is to provide proven approaches of how to conduct assessment and audits of these
implementation projects.

From this seminar an auditor will be able to assess the risks taken by their organization based on their project implementation strategies and understand how to construct the compliance tests necessary to yield the most compelling audit issues.

Two days (7 hour presentation time per day plus 1 hour lunch and four 10 minute breaks per day)

Nov 13 - 14 | 8 am - 4:30 pm


  1. Introduction
    • Latest Government and Financial Institution privacy and cybersecurity
    • Establishing and evaluating governance processes for identifying and
      implementing project Initiatives to meet regulatory requirements
  2. Conducting HIPAA and HITECH Audits and Assessments
  3. Conducting a Pre-implementation Audit and Assessment of the California Consumer Privacy Act (CCPA)
    • What is personal information within CCPA?
    • Who is in scope?
    • Disclosure requirements
    • Right to Access
    • Right to Deletion
    • System design requirements
    • Audit and assessment validations
    • Proposed amendments which may go into effect
  4. California IoT regulatory requirements
  5. Conducting a GDPR Post-Implementation Audit and Assessment
    • Brief background on GDPR; Who is impacted? Key players, and High level introduction of key regulations
    • Understanding and auditing the required components Record of Processing Activities (Article 30)
    • Evaluating whether proper disclosures have been established for types of data subjects which meets Article 13 and 14 disclosure requirements
    • Understanding and the alternative approaches for Article 6 Lawfulness of Processing
    • Establishing and auditing a Legitimate Interest Assessments
    • Managing Expressed Consents
    • Auditing and Assessing the buildout and operationalization of Data Subject Access Rights (DSAR) Requests
    • Assessing the Data Removal Processes to Support Article 25
    • Assessing the Processor GDPR Business Integration and compliance validation
    • Evaluating mechanisms used to meet Article 32 Requirements
    • Assessing proper use of Cross Border data transfers for moving data outside of the EU


Who should attend?

  • This seminar is for mid-level IT, Security, GRC, and audit professional auditing in highly regulated environments.


Mitch Levine

Mitchell H. Levine, CISA

Mitchell Levine, CISA is the founder of Audit Serve, Inc. which was established in 1990. For the last 29 years at Audit Serve, Mitch has split his time between traditional IT and integrated audit consulting projects and global project initiatives. For the past eight years Mitch has been focusing more than half of his time on the regulatory implementation consulting projects which included HIPAA, Hitech, GDPR, CCPA, Part 500 Cybersecurity.

Mr. Levine spends 220+ days per year consulting which is the basis for the materials included in the seminars he teaches.
Over the past six years Mr. Levine has presented over 70 seminars to eighteen different ISACA and IIA chapters. Mr. Levine also was the primary writer and editor of Audit Vision which is published monthly and has a subscription base of over 3,500 audit and security professionals.

Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus and the corporate financial systems.

Founder at Audit Serve


Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

CPE Information

Earn up to 14 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present both days to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in person event


November 13, 2019 @ 8:00 am EST
November 14, 2019 @ 4:30 pm EST
GWDC Member Fee: $650.00, Other ISACA Chapter Member: $700.00, Non-Member: $780.00
Event Category:
Event Tags:
, , , , , , , ,


George Mason University, Room TBD
3351 Fairfax Drive
Arlington, VA 22201 United States
+ Google Map