Professional Documents
Culture Documents
Risk Assessment Matrix Shortlisted
Risk Assessment Matrix Shortlisted
Risk Assessment Matrix Shortlisted
International Standard for the Protection of Privacy and Personal Protection (ISPPPI) DATE: Nov 2020
Post-M
Severity of Describe mitigation measure(s) to reduce likelihood and/or
Description of risks and potential impact on individuals Likelihood of Risk Risk Rating
Impact severity of harm Likelihood of
Risk
Describe risks and their possible impact, for example: TUE applications (and Describe steps and measures that mitigate risks and/or severity of impact:
supporting documents) contain highly sensitive medical information. Risks Guidance/education measures for athletes so they know how to securely send
include insecure transmission from athletes to ADOs (e.g. regular email or in their application and documents; confidentiality agreements with all TUEC
mail), failure to redact information provided to TUE experts, employee members; restricted access to TUE info internally; privacy and security
snooping, etc. The impact of a breach would be severe given the sensitivity of
2 3 6 policies for staff, General security controls for internal systems (2FA
1
the information concerned and possible reputational impact for the athlete. authentication, firewalls, anti-malware, etc.)
Technical 0
Challenges
Technical
Challenges
2021 CODE IMPLEMENTATION SUPPORT PROGRAM VERSION: 2
International Standard for the Protection of Privacy and Personal Protection (ISPPPI) DATE: Nov 2020
0
2021 CODE IMPLEMENTATION SUPPORT PROGRAM VERSION: 2
International Standard for the Protection of Privacy and Personal Protection (ISPPPI) DATE: Nov 2020
SESSMENT MATRIX
nal information. You are required to carry out this assessment for whereabouts information and sensitive personal information under Article 9.6 of the ISPPPI,
ct for any activity that involves the processing of personal information.
k Rating Key
2021 CODE IMPLEMENTATION SUPPORT PROGRAM VERSION: 2
International Standard for the Protection of Privacy and Personal Protection (ISPPPI) DATE: Nov 2020
Privacy Manager
Risk Mitigation
Sign Off
Post-Mitigation
Name Date
Severity of Residual Risk
Impact Rating
3 3
0
2021 CODE IMPLEMENTATION SUPPORT PROGRAM VERSION: 2
International Standard for the Protection of Privacy and Personal Protection (ISPPPI) DATE: Nov 2020