A. Introduction
What is Risk Assessment?
ISDM 5.1 and 5.2 requires that Data Owner will submit risk assessment report to ISDM sub-committee. There are two types of risk assessments:
1. Information Risk Assessment shall access the IT system or other information system for its risks which are subjected to be exposed. How would be impact to affect such system, and its possiblity to be happened. The risk assessment shall also include the security measures to mitigate such risks. After the security measures would be applied, what would the residual risk and impact?
2. A privacy risk assessment component shall be added to the aforementioned risk assessment when personal data is involved. The purpose of the privacy risk assessment component is to identify and mitigate privacy risk through ensuring conformance with applicable legal, regulatory and policy requirements for privacy, determining the risk and effects, and evaluating protections and alternatives processes to mitigate potential privacy risks.
What is DMPTool?
DMPTool is a tool which can help us in Risk Assessment. It can:
- Keep our plan current, and in one single environment
- Understand what is necessary to be included in the Facility Security Planning
- Use as a guide for us to handle with data
- Share the plan with your team members
- Align with ISDM policy
How can I start with DMPTool?
- All you need is an email address (e.g. @hku.hk) and an internet browser
B. Use DMPTool to create Data Management Plan
1. Start with your browser and visit the DMPTool (https://dmptool.org)
2. Create login account:
a. Click “Sign-in” and select “Option 1: if your institution is affiliated with DMPTool”.
b. Input “The University of Hong Kong” for text box – “Look up your institution here”. Then, press “Go” button.
c. Input your first/last name, email and password. Check “I accept the terms and conditions” and press “Create account”.
d. “My Dashboard” shall be displayed.
e. To begin with a risk assessment, please click “Create plan” button
f. Please input following information:
1. What research project are you planning?The title of your Risk Assessment.2. Select the primary research organizationPlease accept the default value of “The University of Hong Kong”3. Select the primary funding organizationPlease check the box “No funder associated with this plan or my funder is not listed”.4. What DMP template would you like to use?Please select template of “Risk Assessment”.
Remark of “research project” above:Please note that DMPTool.org is originally designed for research projects. However in the context of ISDM policy, Data Management Planning is not necessary limited to be research projects. In this regard, ISDM Data Management Planning can be used for any HKU’s department.
- Information Risk Assessment
Enter the email address to whom you may want to share your plan.
You may share different level of permissions:
- Co-owner: can edit details, change visibility and add collaborators
- Editor: can comment and make changes
- Read only
Please “send invitation” then.
Download
You may download the Risk Assessment in various formats, e.g. PDF, HTML, etc.