Canonical FrameworkCompliance & Audit

CCPA / CPRA

CCPA / CPRA control-mapping starter for businesses handling California resident data. It references notice, access, deletion, correction, sensitive-information limits, sale or sharing opt-outs, and the CPPA's automated decisionmaking requirements; operators must implement applicable consumer-request processes separately.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

US

References

3 references

Mapped Control Domains

6 mapped domains

Deployment

Regulated SaaS

Referenced Frameworks, Standards & Obligations

California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100 et seq.)CPRA (effective Jan 2023)California Consumer Privacy Act Regulations (11 CCR, Division 6, Chapter 1; effective Jan. 1, 2026)

Mapped Control Domains

Data Privacy
Consumer Rights
Opt Out
Data Sale Restrictions
Automated Decision Opt Out
Transparency

Deployment profiles

Regulated SaaS

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.