Getting Started With Risk Assessments
DataGrail makes it easy to start creating Risk Assessments and collaborating with your team to better understand the privacy risk in your organization.
DataGrail User Roles
Only the following will have access to the Risk Assessments tab without being assigned as a contributor to an assessment:
- Super Admin
- Risk Assessments Admin
Workflow
In the Risk Assessments tab of DataGrail, you will find:
- All previously created assessments and their associated: name, state, contributor assignee, personal data likelihood, percentage of completion, due date, renewal date, and the approving user
- The ability to create a new assessment
- The total count of all created assessments
All previously created assessments will be sorted in ascending order based on creation date, with the earliest assessment created displaying last on the list.
Select Download CSV on the Risk Assessments page to download a CSV export of all Assessments created in DataGrail.
Creating New Assessments
To get started, select Create New Assessment and choose the Assessment Template that best aligns with the risk or activity being documented. There are a variety of prebuilt templates available by default for DPIAs, AI Risk Assessments, and more! DataGrail also allows you to create a Custom Assessment Template for more unique use cases.
After selecting a Template, you will be prompted to enter the following details:
- Assessment Name
- System(s)
- Business Process(es) (optional)
- Due Date (optional)
- Renewal Cycle
With the Assessment created, you can start to Add Contributors, who can help populate it.
Adding Contributors
A Contributor is someone who has information on the relevant system that will help populate the Assessment. Contributors can be internal to your business, like a system owner, or external to your business, such as a contact for the vendor.
To add a Contributor, select Add New Contributor from your newly-created Assessment.
Adding a new Contributor will automatically send an email to the invitee with a link to view and edit the assessment as well as an optional message from the user who sent the invite.
A Contributor can only be added to an Assessment in the Not Started or In Progress state.
Existing Contributors (who have not completed the Assessment) can be removed or resent the invitation by selecting the eclipses on the far right.
Completing Assessments
To complete an Assessment, you must review and populate all required fields in each Assessment section.
You can move back and forth between sections by:
- Utilizing the Back and Next buttons respectively
- Selecting the desired section directly on the left-hand menu
The currently selected section will always be highlighted in the left-hand menu.
Submitting Assessments
When an invited Contributor has completed filling in the Assessment, they are able to submit it. Selecting Submit prompts a confirmation to the user with:
- A notice about the implications of submitting the Assessment.
- A field to add an (optional) message to the Assessment Owner.
- Buttons to both Cancel and Submit Assessment.
Submitting an Assessment does not mean it is complete. This action will update the Contributor Status in the UI and only indicates that the Contributor has completed their review and contribution.
Approving Assessments
When all Contributors have completed their review, it is time for the Assessment Owner to approve the Assessment.
This action is only available to Super Admin and Risk Assessments Admin roles, and is available through the Approve Assessment button in the bottom left corner when viewing the Assessment.
Once the Assessment is approved, a PDF version is available to download directly within the app. This can be done by selecting the Download PDF option.
Once an Assessment has been approved, its sections cannot be modified and Contributors cannot be added or removed. If you would like to assess the given system again, you can select Create New Version which will create a new Assessment.
Assessment Statuses
Assessments can be in one of four statuses, which each provide a percentage of completion:
- Not Started: No changes have been made to the Assessment.
- In Progress An Assessment is transitioned to this state, if one of the following is true:
- Edits have been saved to this Assessment by the editing user.
- The invited Contributor on the Assessment was removed from the assessment by an Admin.
- The invited Contributor on the Assessment completed the assessment and submitted it.
- Pending Approval: The invited Contributor(s) have completed the Assessment and submitted it for Approval.
- Approved: A Super Admin or Risk Assessments Admin have approved the Assessment.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.