Data Collection System Privacy and Security Risk Assessment
Security Risk Assessment
Security risk assessment is fundamental to the security of any organization. It is essential to ensure that controls and outlay are fully equal with the risks to which the organization is exposed.
Many conventional methods for performing security risk analysis are becoming more and more shaky in terms of usability, flexibility and adaptability to evolving big data strategies. KI Design’s security risk assessment methodology explores the basic elements of risk and introduces new risk measurement tools. Our principles-based methodology ensures compliance with security policies, industry standards, and legislation.
Evaluate and mitigate any privacy and security risks related to the adoption of a new data collection system to be used by front-line service providers.
KI Design offered tailored information, access, privacy and security services following the Privacy in Design method, focusing on issues most relevant to the organization. We provided privacy and security expertise, recommendations and practical implementation tools to support the adoption of a new data collection system used by front-line service providers to enter client information into the organization’s electronic health record system.
We conducted a review in four stages:
Legal Analysis: Analyzed applicable legislation to identify privacy requirements and outlined a data governance policy detailing privacy and security roles and responsibilities.
Security Analysis: Reviewed the data collection system’s security controls to ensure an adequate level of protection.
Risk Measurement and Recommendations: Evaluated privacy and security risks, reviewed control methods, and outlined plans for risk mitigation.
- Analyzed applicable legislation to identify privacy requirements for system adoption
- Collaborated with management to develop a data governance policy
- Identified privacy and security risks and developed mitigation plans
- Clarified privacy roles and responsibilities within a multi-jurisdictional context
- Developed data governance policy and implementation plans
- Measured compliance and risks
- Offered concrete plans to mitigate privacy and security risk