Risk assessment & mitigation

Under data-protection, there are several types of risks to consider:

  • technical risks
  • organisational risks
  • privacy related risks

Risk assessment is a continuous improvement process. It requires several iterations to achieve an acceptable protection system.

Key Features

Risk assessment of digital assets

  • Each asset from the built-in asset register can be assessed against risks and vulnerabilities;
  • Ability to document the consequences on a per asset basis;
  • Ability to document the mitigation plans.

Risk assessment of suppliers (such as operators)

  • Each supplier from the built-in organisation register can be assessed against risks and vulnerabilities;
  • Ability to document the consequences on a per organisation basis;
  • Ability to document the mitigation plans.

Risk assessment of the processing activity

  • Each processing activity from the built-in records of processing register can be assessed against risks and vulnerabilities;
  • Ability to document the consequences on a per organisation basis;
  • Ability to document the mitigation plans.

Assessment of the processing activity against the principles of the POPI Act

  • Each process. or group of processes can be assessed against the POPI Principles
  • Compliance score;
  • Narrative of how the compliance to each of the principles is met.

General risk management features

  • Risk assessments can be downloaded in word or excel format
  • All risks are automatically added to the various modules (assets, organisations, services etc).
  • Ability to add risks specific to your organisations;
  • Tracking of the risk sources;
  • Business and moral impact;