The Components of Risk (print ref: Part 5, Annex A, Section A.1)
We can consider the risk of there being a breach of the Data Protection System in each area as being made up of three separate components. Each component can then be assessed and scored using the scheme suggested below:
Likelihood of Occurrence
What is the likelihood of a breach of the Data Protection System occurring in this area?
Score: High likelihood = 4; medium likelihood = 2; low likelihood = 1.
Impact
How would a breach of the Data Protection System in this area affect:
- the individual data subject?
- the data controller, managers and other staff in the short and long-term?
Score: Major impact = 4; significant impact = 2; little impact = 1.
Controls
How well can it be demonstrated that the Data Protection System in this area has been designed to minimise the impact of a failure on the organisation?
Score: Poorly designed = 4; moderately well designed = 2; robustly designed = 1.
Return to top
|