Risk Assessment and Mitigation

Privacy and Security Risk Management

The Kuma approach to risk management includes targeted interviews and technical requirements review sessions with system architects, developers, and operators to identify implicated risk to user and systems, which affords the opportunity to embed privacy and security throughout the policy and technical design of the system and user interfaces.

  • We provide privacy impact assessments (PIAs), privacy program assessments and risk reports, and privacy program and operations management.
  • We conduct risk assessments with careful review of sequence diagrams, data mapping, privacy and security operational life cycles to identify privacy and security implications throughout system interfaces, user interfaces and back-end exchanges and processing of information.
  • We focus on identifying relevant business and legal frameworks as foundational to an assessment, conducting stakeholder and questionnaire reviews to identify data mapping and data life cycle journeys including the customer experience, and analyzing risk in an objective and actionable manner. This approach yields a catalog of potential mitigating controls presented in a concise, approachable manner for business owner consideration and application.
  • We also pay particular attention to the targeted privacy nature of a risk assessment – such as the FIPPs, GAPP, CCPA and GDPR , privacy and civil liberties risks. The framework identified will enable the assessment of privacy risk to the system, to organizational participants, and to users across the entire data life cycle (collection, handling, processing, storing, distribution, storage).
  • We will further assess relevant state and federal legislation and industry standards where applicable, including records and information management requirements and schedules. The framework will couple the organizational privacy and security governance goals with related obligations, principles, and business objectives for the programs or systems.