The PIMS Unified Framework for Data-Related Risk Assessments support general data-related risks assessments, including for privacy, data protection and AI governance. See the PIMS Unified Risk Assessment Toolkit for the templates needed to conduct risk assessments using this Framework.
- The Framework provides a standard information gathering template, which can be used on its own or with a company’s existing privacy/data protection impact assessment, transfer or AI risk assessment programs. The template specifically collects information required by the CCPA Risk Assessment Regulations as well as GDPR.
- The Framework formally maps risk mitigation controls to inherent risk, so that only the existing residual risks from the processing are weighed against the expected benefits from the processing.
- The Framework allows companies to visualize the risk-benefit balance, supporting risk escalation and executive review. Documentation created by using the tool also supports recordkeeping goals, allowing companies to demonstrate that they have complied with risk assessment requirements in applicable laws.
- Final decisions about whether to undertake a particular processing activity should be made internally, leveraging existing processes to determine risk acceptability.