Create a processing activity risk assessment

Use ARIS to create a processing activity risk assessment.

Prerequisites

Procedure

  1. Lancer ARIS.

  2. Enter the name of the relevant Record of processing activity model to the Recherche Search field.

  3. Click the relevant model in the list of results. The fact sheet is displayed.

  4. Click Éditer Edit > Éditer Contribute if the edit mode is not activated yet.

  5. In the Processing activities table, click the Processing activity details attribute of the relevant processing activity. The fact sheet is displayed.

    The link is only available if the elements are already assigned to the processing activity.

  6. Click the edit box of the Risks attribute to add a new element.

  7. Enter a name according to the respective processing activity and the risk type, for example, Salary payment GDPR risk, click Activer to transfer your input, then click OK to confirm your input.

  8. Click the Risks attribute. The fact sheet is displayed.

  9. Specify the relevant risk details. To do so, click the edit box of the respective attribute, enter the relevant information, click Activer to transfer your input, and click OK to confirm your input (only for some attributes).

    1. Responsible: Any user responsible for this risk.

    2. Description: Short description of the risk assessment.

    3. Compliance: Enable true for GDPR risks

    4. Assessment activities: Description of the activities to be performed during risk assessment.

    5. Groups*): The risk owner group and the risk reviewer group in charge.

    6. Transfer data to ARIS Risk and Compliance*): Enable Yes.

    7. Risk management-relevant*): Enable Yes.

    8. Assessment frequency*): The interval at which risk assessments are automatically generated.

    9. Event-driven assessment allowed: Indicates whether risk assessments can be generated not only automatically, but also manually.

    10. Execution time in days*): The number of days available to the risk owner to assess the risk.

    11. Start date of risk assessment*): The date the first risk assessment is generated.

    12. End date of risk assessment: The date when the risk assessment is completed.

      *) = Mandatory

The risk assessment schedule is created.

For detailed information, refer to the ARCM - Modeling Conventions manual and the ARIS Risk and Compliance online help.

Example

Processing activity risk assessment