Data Collection System Privacy and Security Risk Assessment

Security Risk Assessment

Security risk assessment is fundamental to the security of any organization. It is essential to ensure that controls and outlay are fully equal with the risks to which the organization is exposed.

Many conventional methods for performing security risk analysis are becoming more and more shaky in terms of usability, flexibility and adaptability to evolving big data strategies. KI Design’s security risk assessment methodology explores the basic elements of risk and introduces new risk measurement tools. Our principles-based methodology ensures compliance with security policies, industry standards, and legislation.

Project Objective

Evaluate and mitigate any privacy and security risks related to the adoption of a new data collection system to be used by front-line service providers.

Approach

KI Design offered tailored information, access, privacy and security services following the Privacy in Design method, focusing on issues most relevant to the organization. We provided privacy and security expertise, recommendations and practical implementation tools to support the adoption of a new data collection system used by front-line service providers to enter client information into the organization’s electronic health record system.

We conducted a review in four stages:

Legal Analysis: Analyzed applicable legislation to identify privacy requirements and outlined a data governance policy detailing privacy and security roles and responsibilities.

Security Analysis: Reviewed the data collection system’s security controls to ensure an adequate level of protection.

Privacy Analysis: Reviewed administrative privacy policy and practices through the lens of Privacy in Design principles.

Risk Measurement and Recommendations: Evaluated privacy and security risks, reviewed control methods, and outlined plans for risk mitigation.

Methods

Highlights