Iβd start by doing a gap analysis of the requirements of CPRA/CCPA. Iβd wager itβs easier to solo that pair first before going full US Data Privacy via Vanta - Just my $0.02.
The multiple frameworks aspect is entirely based on how many automated controls exist within their add-on frameworks. NIST-based ones have historically been lacking in automated controls, but have improved recently.
