Help Center
News
Help Center
News
Sign in
Getting Started
General Settings
IT Settings
Risk Settings
Setting Risk models in General SettingsThe Data Protection Risk ModelThe Information Security / Asset Risk ModelMaturity model
Modules
Sharing & Group functions
Questionnaires
Features
How-To Guides & Tips
Get Help
Release Notes
Legal

Setting Risk models in General Settings

The platform supports four different risk models for various types of risks and elements. To access Risk settings, click the gearwheel in the top right corner and select General Settings. You need data protection manager or IT security manager privileges to do this.

Standards

Under the Standards tab, you will first find a list of standards that you can activate or create your own new standard. When you create it, you can choose one of two types of models. The data protection model and the information security model.

Data protection model

This model determines the risks of a process in terms of privacy and data protection. The focus of the impact of the risk is on the person concerned. This model is usually referred to as the process risk model or VVT risk model (Record of Processing Activities).

We explain how to set up or edit the data protection model in a separate article.

Information security model

The information security model allows you to calculate the risks to your assets within the organization. It relates exclusively to information security and cybersecurity. This risk model focuses on the impact of a loss of confidentiality, integrity, or availability of assets.

The information security model for assets is defined per international standard and then listed under Configure Model.

Learn how to enable the information security model for the different standards in the dedicated article.

Maturity Model

On the Maturity Model tab, you will find information about the maturity model, which will help you when working with assessments and international standards, for example.

Risk Scenarios

You may have already been confronted with risk scenarios in connection with different elements of your data protection compliance, especially regarding Assets or TOMs. This tab will let you edit existing risk scenarios by clicking on one of them and create or import new ones by clicking the Create button.

How you create risk scenarios is up to you. They need to apply to your situation. This is why you can also create new Risk Scenarios on the fly, e.g., when documenting a new Asset or creating a new DPIA. But of course, some risks always apply to all organizations regardless of their business activity, e.g., natural disasters.

Name the risk scenario and determine whether it is a Data Subject Scenario or an Asset Scenario.

A new risk scenario should be described with due diligence. The following should be considered:

  • Which scenarios are conceivable that could lead to damage?
  • What harm may occur to the identified data subjects due to the envisaged processing?
  • What actions and circumstances may lead to the occurrence of the respective harm events?
  • Which parties are involved and how? Are non-human sources of risk relevant, e.g., technical malfunctions?
  • What warranty targets may be impacted by the Scenario (data minimization, availability, integrity, confidentiality, non-linking, transparency, data subject rights)?

An ID number can be entered, e.g., from an external register. Save your entries.

To delete a Risk Scenario, click the three horizontal dots on the right side, click the garbage bin, and confirm the deletion.

Deadlines & Urgency

These deadlines apply to the treatment of a risk unless otherwise defined in the risk treatment plan.

Questionnaires

Under Questionnaires, you can define the color settings for the questionnaires. You can set the colors here. We distinguish between the primary color and the secondary color.

 

Was this article helpful?

English
Powered by Product Fruits