|
The Privacy and Records Management Office, in partnership with Information Security, participates in the Business Impact Assessment (BIA) and the Cloud Computing Impact Assessment (CCIA) processes. The BIA is an internal evaluation that predicts the consequences of disruption of a business function. Within this process, the sensitivity, criticality, privacy compliance, information security needs, and information retention requirements of a new or existing information resource are determined. The BIA is the first phase of the Information Security Assurance (ISA) process, which protects information contained in the resource through its lifecycle.
The CCIA is an internal evaluation that addresses the sensitivity, criticality, privacy compliance, information security needs, and information retention requirements of new or existing technology solutions that use cloud computing. The BIA and CCIA ensure privacy compliance and also document the sensitivity of the system, which contributes to establishing a security plan. The executive sponsor of the system is responsible for completing and adhering to the BIA or CCIA. Completed BIAs and CCIAs must be submitted to, and approved by, the Chief Privacy and Records Management Officer, the business owner, and the manager of the Corporate Information Security Office.
|
|