DMPTool – Risk Assessment

A. Introduction

What is Risk Assessment?

ISDM 5.1 and 5.2 requires that Data Owner will submit risk assessment report to ISDM sub-committee. There are two types of risk assessments:

1. Information Risk Assessment shall access the IT system or other information system for its risks which are subjected to be exposed. How would be impact to affect such system, and its possiblity to be happened. The risk assessment shall also include the security measures to mitigate such risks. After the security measures would be applied, what would the residual risk and impact?

2.  A privacy risk assessment component shall be added to the aforementioned risk assessment when personal data is involved. The purpose of the privacy risk assessment component is to identify and mitigate privacy risk through ensuring conformance with applicable legal, regulatory and policy requirements for privacy, determining the risk and effects, and evaluating protections and alternatives processes to mitigate potential privacy risks.

What is DMPTool?

DMPTool is a tool which can help us in Risk Assessment. It can:

  • Keep our plan current, and  in one single environment
  • Understand what is necessary to be included in the Facility Security Planning
  • Use as a guide for us to handle with data
  • Share the plan with your team members
  • Align with ISDM policy

How can I start with DMPTool? 

  • All you need is an email address (e.g. and an internet browser

B. Use DMPTool to create Data Management Plan

1. Start with your browser and visit the DMPTool (

2. Create login account:

a. Click “Sign-in” and select “Option 1: if your institution is affiliated with DMPTool”.

b. Input “The University of Hong Kong” for text box – “Look up your institution here”. Then, press “Go” button.

c. Input your first/last name, email and password. Check “I accept the terms and conditions” and press “Create account”.

d. “My Dashboard” shall be displayed.

e. To begin with a risk assessment, please click “Create plan” button

f. Please input following information:

1. What research project are you planning?
The title of your Risk Assessment.
2. Select the primary research organization
Please accept the default value of “The University of Hong Kong”
3. Select the primary funding organization
Please check the box “No funder associated with this plan or my funder is not listed”.
4. What DMP template would you like to use?
Please select template of “Risk Assessment”.
Remark of “research project” above:
Please note that is originally designed for research projects. However in the context of ISDM policy, Data Management Planning is not necessary limited to be research projects. In this regard, ISDM Data Management Planning can be used for any HKU’s department. 
g. Template of ISDM Risk Assessment consists of 6 sections:
Project Details
Only “Project title” is mandatory but the others are optional to be supplied.
Plan overview
It is the general overiew of Risk Assessment.
Information Risk Assessment
“Information Risk Assessment” consists of only 1 section. The questions of this section are self-explanatory.
  • Information Risk Assessment
Press “+” above to enter the details of your Information Risk Assessment.
Data Privacy Risk Assessment
“Data Privacy Risk Assessment” consists of 5 parts. The questions of each section are self-explanatory.
Press “+” above to enter the details of your Data Privacy Risk Assessment.
You may invite collaborators to work with your risk assessment (via email).

Enter the email address to whom you may want to share your plan.

You may share different level of permissions:

  • Co-owner: can edit details, change visibility and add collaborators
  • Editor: can comment and make changes
  • Read only

Please “send invitation” then.


You may download the Risk Assessment in various formats, e.g. PDF, HTML, etc.