ID.RA-P: Risk Assessment
Description
The organization understands the privacy risks to individuals and how such privacy risks may create follow-on impacts on organizational operations, including mission, functions, other risk management priorities (e.g., compliance, financial), reputation, workforce, and culture.
Framework Subcategories
ID.RA-P1: Contextual factors related to the systems/products/services and the data actions are identified (e.g., individuals’ demographics and privacy interests or perceptions, data sensitivity and/or types, visibility of data processing to individuals and third parties).
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.RA-P2: Data analytic inputs and outputs are identified and evaluated for bias
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.RA-P3: Potential problematic data actions and associated problems are identified
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.RA-P4: Problematic data actions, likelihoods, and impacts are used to determine and prioritize risk
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.RA-P5: Risk responses are identified, prioritized, and implemented
[csf.tools Note: Subcategories do not have detailed descriptions.]