Logo Image
Precyse Privacy Impact Assessment

Introduction

Welcome to this online ‘Privacy Impact Assessment’ that accompanies the PRECYSE Security Services Framework for critical infrastructures.

The purpose of the questionnaire is to assess your level of compliance with Standards and Best Practice in ensuring the security of information you hold on your administration network system. This may include information about your service users and/or employees and confidential information about your company.

ISO 27002 (2013) Standard collection of information security guidelines have been used in this privacy impact assessment. They are designed to help an organisation implement, maintain, and improve its information security management and provide hundreds of potential controls and control mechanisms designed to be implemented with guidance provided within ISO27001. The suggested controls are intended to address specific issues identified during a formal risk assessment. The Standard is also intended to provide a guide for the development of security standards and effective security management practices.

Any information that alone, or in combination with other information can identify an individual is considered personally identifiable information (PII) and is covered throughout Europe by legislation in the form of ‘Data Protection Directive95/46/EC’.

Directives are applied through data legislation in each Member State. Directive95/46/EC is currently under review. There is a proposal to replace it with data protection regulation that will be applied through European Commission Regulation uniformly in all EU Member States.

Given that ‘insider threat’ has been identified as a main security issue, questions related to staff access and privacy/security awareness training are also included.

Privacy Impact Assessment Process

  1. Click on the Next button below  

  2. Please fill in the responses ‘Yes’, ‘No’ or ‘Don’t know’.

  3. The responses you give will be used to measure the level of compliance within your organisation to legislation and best practice standards in relation to data protection and access to sensitive information and systems.  Scoring will be based on how critical the measure is judged to be.

  4. Information will be supplied relating to each of the questions you have answered. This will indicate:
    • The risk involved in non-compliance
    • Any relevant legislation.
    • ISO Standard 27002 (2013) best practice
    • PRECYSE technical solutions.

  5. On completing the questionnaire you will be able to see your level of compliance and overall score.

  6. Based on this, there will be recommendations and action points to allow you to improve compliance.