You are able to determine a generic risk that can be used later on when you identify a risk linked to a specific stakeholder, IM system, and processing activity,…
For example, a generic risk can be “hacking”. Whenever you are evaluating specific topics such as IM System X, you can specify this risk as an identified risk “hacking of IM system X”.
You are able to create generic risks within the risk dictionary, as well as during risk assessments such as a TIA or DPIA.
- Go to My Organization > Risk Strategy > Risk Dictionary
- Click “+ add risk” in the upper right corner
- Choose a name for your risk
- Describe the risk
- Select various risk types that are applicable. If yours is not listed, click the plus sign to create a new one.
- Click “save & exit”
The number of implementations refers to the number of times you linked the generic risk to an identified one. When you open your generic risk, a summary table of the identified risk will be visible.
Whether you perform a TIA or DPIA, you always follow the same steps:
You start with identifying a generic risk followed by specifying it for the case that you are working on. You can choose a risk that is already in your risk dictionary via a drop-down menu. If your generic risk is not available, you can also add a new one.
- Click on the “+” sign
- Fill in the requested details: name, description and type (see picture below)
- Click “submit”