# CCPA Vendor Assessor

> Source: https://bryter.com/de/use-cases/ccpa-compliance-software/

A CCPA Vendor Assessor automatically assesses vendors under CCPA compliance. Our CCPA compliance software guides the user through a series of questions to determine whether the processing of personal data falls within the scope of the definition of ‘sale’ regarding customer data, which includes any arrangement involving an exchange of value between the business and a third party for the personal information.

#### Background

As businesses are increasing their efforts to comply with the strict CCPA requirements, the assessment of vendors and their CCPA compliance is becoming a focal point. A vexing issue in conducting third party due diligence is how to interpret the broad definition of ‘sale’ under the CCPA and how to determine whether specific exceptions are applicable. As a solution, businesses conduct case-by-case due diligence, which, due to the high volume of agreements and increasing complexity of the guidelines, is proving to be an onerous and time-consuming task. However, ensuring that vendors are fully CCPA compliant is essential also from a risk mitigation point of view as infringements can lead to substantial statutory damages.

With BRYTER, law firms can build an automated CCPA Vendor Assessor to allow businesses to self-assess whether a vendor satisfies all requirements under CCPA and whether any exceptions, such as the ‘Service Provider’ exception apply. To start the assessment, the user is guided through a series of questions and these inputs determine the scope and obligations the particular vendor needs to comply with and whether these requirements are met. Due to the open architecture of the BRYTER platform, the embedded modular logic of our [risk and compliance](https://bryter.com/team/risk-and-compliance/) tool can easily be amended to account for any changes in the law and to provide a tailored solution for a specific business, its vendors, services and products.