Working with DPIA risk assessments

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read

    • Upon identifying a high-risk target in the preliminary assessment, Risk Executives and Data Processing Officers can utilize the DPIA Register module to generate, implement, and monitor DPIA risk assessments. If mitigation measures were chosen in the GDPR DPIA assessment, a corresponding risk mitigation task is generated based on the selected measures from the completed assessment.

    Note:
    Starting with the Rome release, GRC: GDPR DPIA Accelerator is being prepared for future deprecation. It will be hidden and no longer activated on new instances, but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    Create a new risk record and initiate a DPIA assessment

    Using the options in the DPIA Register module, you can create risk records and track their life cycle. DPIA assessments are initiated on risk records.

    Before you begin

    Role required: sn_irm_gdpr_dpia.risk_executive or sn_irm_gdpr_dpia.data_processing_officer
    Note:
    Starting with the Rome release, GRC: GDPR DPIA Accelerator is being prepared for future deprecation. It will be hidden and no longer activated on new instances, but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    Procedure

    1. Navigate to All > GDPR DPIA > Risk Register > New.
      New risk record
    2. Fill in the fields, as described here.
    3. When you have completed your entries, save the record.

      An Assess button appears.


      Assessment tab showing the Assess button
    4. To initiate the assessment, click Assess.
      The risk record transitions to the Assess state and a message shows the number of assessments that were sent.

    Take a DPIA assessment

    When you have been identified as a respondent of a DPIA assessment, you must access and take the assessment.

    Before you begin

    Role required: None
    Note:
    Starting with the Rome release, GRC: GDPR DPIA Accelerator is being prepared for future deprecation. It will be hidden and no longer activated on new instances, but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    Procedure

    1. Navigate to All > GDPR DPIA > DPIA Assessments > My Assessments.
      All DPIA risk assessments for which you are a requested respondent are shown.
      Risk instances
    2. Open the assessment you want to take.
      Risk assessment

      The fields are described here.

      Field Description
      Number Auto-generated record number.
      Metric type Metric type of this assessment.
      Due date Date by which the assessment must be completed. The system populates the due date from the value in the metric type Assessment duration field. The system generates email notifications related to the due date.
      Note:
      By default, the system runs the Cancel Expired Assessments script every 30 days to cancel expired survey, assessment, and quiz instances that are in the Work in progress or Ready to take states.
      Expiration date Date by which the assigned user can repeat the assessment.
      State State of the assessment.
      Assigned to User this assessment is assigned to. This field becomes read-only when the state is In progress, Complete, or Canceled.
      Signature result Verification provided by the recipient when a signature is required. This value is either the recipient's full name from the User [sys_user] table or checked, indicating that the recipient acknowledged reading the assertion by selecting a check box.
    3. Click Take Assessment.
      DPIA assessment questions
    4. Answer the questions to the best of your ability, then click Submit.
      Note:
      The last question in the assessment allows you select one or more mitigation measures. If you selected one or more measures, a Risk Mitigation task is automatically created, and the Response field on the risk is set to Mitigate.

    View the progress of responses for an assessment

    Risk executives and Data Processing Officers can view the responses from all assessment takers while the assessment is in progress. The percentage completed for each respondent is shown.

    Before you begin

    Role required: sn_irm_gdpr_dpia.risk_executive or sn_irm_gdpr_dpia.data_processing_officer
    Note:
    Starting with the Rome release, GRC: GDPR DPIA Accelerator is being prepared for future deprecation. It will be hidden and no longer activated on new instances, but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    Procedure

    1. Navigate to All > GDPR DPIA > DPIA Register > In-Progress.
      In-progress assessment
    2. Click the assessment for which you want to view the progress of respondents, then scroll down to the Assessments tab.
      Note:
      The assessment must be in the Respond state.
      In-progress assessments showing percentage completed
    3. To view the completed responses for an individual respondent, click View Responses.

    View assessment responses for an individual respondent

    Risk executives and Data Processing Officers can view the responses from individual assessment takers.

    Before you begin

    Role required: sn_irm_gdpr_dpia.risk_executive or sn_irm_gdpr_dpia.data_processing_officer
    Note:
    Starting with the Rome release, GRC: GDPR DPIA Accelerator is being prepared for future deprecation. It will be hidden and no longer activated on new instances, but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    Procedure

    1. Navigate to All > GDPR DPIA > DPIA Assessments > All Assessments.
      All DPIA assessments
    2. Click the assessment number of the assessment you want to review.
      View DPIA assessment
    3. Click the View User's Response related link.
      Viewing a respondent's responses