CCPA vs ISA 95

What It Is

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is a state regulation establishing consumer privacy rights for California residents. Its primary purpose is to grant control over personal information (PI), including broad definitions covering identifiers, inferences, and sensitive PI. It uses a rights-based approach with thresholds for applicability: $25M+ revenue, 100K+ CA consumers' data, or 50%+ revenue from sales/sharing.

Key Components

• Core consumer rights: know/access, delete, opt-out of sales/sharing, correct, limit sensitive PI use
• Obligations: notices at collection, privacy policies, DSAR handling (45-90 days), vendor contracts, GPC honoring
• Enforcement by CPPA and AG; fines $2,500-$7,500 per violation; private breach actions
• No certification, but compliance via audits and documentation

Why Organizations Use It

Mandatory for qualifying businesses to avoid fines, litigation, reputational harm. Provides risk mitigation, data governance efficiency, trust-building, market differentiation, GDPR alignment.

Implementation Overview

Phased: scoping/gap analysis (0-3 months), policies/contracts (1-4 months), technical controls (2-6 months), operationalization/training, ongoing audits. Targets for-profits in CA or handling CA data; cross-functional, tech-heavy for enterprises.

What It Is

ISA-95 (ANSI/ISA-95, IEC 62264) is an international framework standard for integrating enterprise business systems (ERP) with manufacturing operations (MES/MOM) and control systems. It organizes processes into Purdue levels 0-4, focusing on Level 3-4 interfaces. Primary purpose: reduce integration risks via semantic models for activities, objects, and exchanges. Approach: technology-agnostic hierarchical modeling.

Key Components

• Five-level hierarchy (physical process to business planning)
• **Eight partsmodels/terminology (Part 1), objects/attributes (2,4), activities (3), transactions (5), messaging (6), aliases (7), profiles (8)
• Core: equipment hierarchy, object models (materials, personnel), activity models
• Built on Purdue Reference Model; compliance via alignment, ISA training certificates

Why Organizations Use It

• Cuts integration costs/errors, enables IT/OT collaboration
• Drives OEE, traceability, Industry 4.0 agility
• Voluntary; supports regulatory audits, cybersecurity
• Builds trusted data for analytics, digital twins

Implementation Overview

• Phased: assess gaps, build canonical models, pilot integrations, govern rollout
• Workshops, middleware (OPC UA, MQTT), master data management
• Suits global manufacturing; scales by organization size
• No formal certification; internal audits, governance essential (178 words)