Secureframe makes it fast, easy and cost efficient for companies to achieve and maintain privacy, security and compliance in accordance with CCPA

July 20, 2022—San Francisco—Secureframe, the all-in-one platform for continuous security compliance, today announced it has added the California Consumer Protection Act (CCPA) privacy framework to its suite of governance, risk and compliance (GRC) solutions. 

Secureframe now enables organizations doing business in California to meet, maintain and demonstrate accountability for CCPA requirements, helping reduce the risk of penalties and civil lawsuits. Secureframe enables businesses to set up the right policies and procedures to deliver and track employee training, demonstrate compliance with CCPA regulations and stay current with the latest CCPA requirements so they can achieve and maintain privacy, security and compliance with speed and ease. 

“CCPA is a recent law that has not been given enough attention, yet the fines can be significant as they are per violation, without a cap and can be applied retroactively, so companies need to be compliant today,” said Shrav Mehta, CEO, Secureframe. “With changes coming in 2023 and anticipated stricter enforcement by California’s regulators, Secureframe’s CCPA privacy framework, paired with our in-house compliance experts, makes it fast, easy and cost efficient for all businesses to achieve and maintain privacy, security and compliance.”

“We used Secureframe’s security compliance platform to get both SOC 2 and ISO 27001 compliance and we’ve been impressed by how quickly and easily we got audit ready, and by how much expert support we received from Secureframe throughout the process,” said Yingsong Wang, Information System Security Engineer at Haystack Team Inc. “The security training videos Secureframe provides have made tracking compliance across our employees incredibly easy. We're so excited that Secureframe has expanded its service offerings to GDPR and CCPA. We are confident Secureframe will continue to help Haystack achieve and maintain its future compliance needs seamlessly with the same level of support."

Secureframe’s launch of its CCPA framework enables organizations, their executives and, specifically, Chief Information Security Officers (CISOs) to:

  • Stay focused on serving customers and growing their business: The Secureframe security compliance platform, combined with the CCPA privacy framework, helps organizations and their compliance officers achieve and maintain CCPA compliance so they can stay focused on serving their customers and growing their businesses. 
  • Have peace of mind that they are staying current with the latest CCPA requirements: As CCPA regulations change, Secureframe updates its frameworks, communicates those changes to customers and shows any gaps in compliance so organizations and their compliance officers have the tools, information and reporting they need to stay compliant.
  • Track that all employees have completed CCPA training to stay compliant with the law: Secureframe delivers its own proprietary training that can be assigned to specific users and tracked within its platform to enable organizations to stay compliant with CCPA requirements. 

The California Consumer Protection Act (CCPA) went into effect on January 1, 2020 and while no fines have been publicly issued as of June 2022, for-profit organizations that target or collect the personal data of California residents must follow this law. Organizations that fail to comply with CCPA can be fined up to $2,500 per unintentional violation and $7,500 per intentional violation, as well as face civil lawsuits from consumers. For more information on CCPA, read the Secureframe blog, CCPA Compliance: A Guide to California’s Data Privacy Law.

Secureframe’s new CCPA privacy framework joins the General Data Protection Regulation (GDPR) privacy framework, both now generally available today. Organizations interested in achieving and maintaining their organization’s CCPA and/or GDPR compliance may request a demo at

About Secureframe

Secureframe is the leading all-in-one platform for continuous security compliance. Secureframe makes achieving and maintaining the most rigorous global privacy, security and compliance standards, including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR and CCPA, fast, easy and cost effective. With more than 100 integrations to core services such as AWS, Google Cloud, Azure, Github, JAMF and Okta, Secureframe automatically and continuously collects audit evidence, runs and tracks security awareness training, monitors infrastructure and more to make compliance fast and easy for hundreds of customers, including AngelList, Fabric, Doodle, Dooly, Lob, Slab and Stream.