Risk assessment & mitigation

GDPR - EUIDPR: Under data protection law, there are several types of risks to consider that may impact the rights and freedomes of individuals:

  • data protection and privacy related risks
  • technical risks
  • organisational risks
  • compliance risk

ISMS - PIMS: The assessment and treatment of risks is the core of every ISMS & PIMS. The Bizoneo Risk Register can be used to conduct a risk assessment and treatment process which is conform to the requirements of ISO27001 Clause 6.1.

Risk assessment is a continuous improvement process. It requires several iterations to achieve an acceptable protection system.

Key Features

Context-specific risk assessments

  • Ability to assess assets, suppliers, or activities against risks and vulnerabilities;
    • Assets from the built-in asset register
    • Suppliers from the built-in organisation register
    • Processing activities from the built-in records of processing register
  • Ability to document the consequences on a per asset / organisation basis;
  • Ability to document the mitigation plans.

Assessment of the processing activity against the principles of the GDPR / EUIDPR

  • Each process or group of processes can be assessed against the GDPR / EUIDPR Principles
  • Compliance score;
  • Narrative of how the compliance to each of the principles is met.

Risk register

  • The risk register covers both the risk assessment and risk treatment process
  • All risks can be linked to the controls implemented to manage them
  • All risks can be linked to related assets, organisations and processing activities

General risk management features

  • Risk assessments can be downloaded in Word or Excel format
  • All risks are automatically added to the various modules (assets, organisations, services etc).
  • Ability to add risks specific to your organisations;
  • Tracking of the risk sources;
  • Business and moral impact;

Bizoneo - How can we help? DEMO REQUEST

ISO 27001
ISO 27701