Risk assessment & mitigation

GDPR - EUIDPR: Under data protection law, there are several types of risks to consider that may impact the rights and freedomes of individuals:

• data protection and privacy related risks
• technical risks
• organisational risks
• compliance risk

ISMS - PIMS: The assessment and treatment of risks is the core of every ISMS & PIMS. The Bizoneo Risk Register can be used to conduct a risk assessment and treatment process which is conform to the requirements of ISO27001 Clause 6.1.

Risk assessment is a continuous improvement process. It requires several iterations to achieve an acceptable protection system.

Key Features

Context-specific risk assessments

• Ability to assess assets, suppliers, or activities against risks and vulnerabilities;
  • Assets from the built-in asset register
  • Suppliers from the built-in organisation register
  • Processing activities from the built-in records of processing register
• Ability to document the consequences on a per asset / organisation basis;
• Ability to document the mitigation plans.

Assessment of the processing activity against the principles of the GDPR / EUIDPR

• Each process or group of processes can be assessed against the GDPR / EUIDPR Principles
• Compliance score;
• Narrative of how the compliance to each of the principles is met.

Risk register

• The risk register covers both the risk assessment and risk treatment process
• All risks can be linked to the controls implemented to manage them
• All risks can be linked to related assets, organisations and processing activities

General risk management features

• Risk assessments can be downloaded in Word or Excel format
• All risks are automatically added to the various modules (assets, organisations, services etc).
• Ability to add risks specific to your organisations;
• Tracking of the risk sources;
• Business and moral impact;