After developing the AvePoint Privacy Impact Assessment tool four years ago, Robert Yonaitis, CIPM, CIPT, noticed there had not been much innovation in assessment tools. While the General Data Protection Regulation has prompted the need for visualization of data flows, the assessments themselves had yet to evolve beyond basic questionnaires.
It’s why Yonaitis helped to develop the Beydata Librarian, a risk management system designed to help companies identify, mitigate and monitor risk throughout the organization.
Rather than just having a risk management system centered on questionnaires, Yonaitis said the Librarian is meant to have a strong visual component, where users can create flow charts, drag and drop images, add text, and monitor dashboards.
When an organization uses the Beydata Librarian, they will have the option to use one of the several regulatory risk frameworks to best suit their needs. The frameworks include the U.S. National Institute of Standards and Technology Privacy Framework, the Centre for Information Policy Leadership Privacy Risk Matrix, and the International Organization for Standardization Security Risk Assessment templates.
“We’ve worked with the NIST risk templates and generally accepted practices, so when you get to a task that you’ve decided has risk associated with it, you can pull it up, put in and calculate your risk, and at any point you can show and demonstrate that to regulators,” Yonaitis said.
While conducting an example for Privacy Tech, Yonaitis said Beydata’s default data protection impact assessment matches up with requirements for the GDPR.
Organizations will be asked a series of questions related to risk within their company. A normal assessment might ask 40 questions, but companies will have the ability to customize the process if they know they do not have any risk pertaining to the subject of the question, such as risk related to businesses or individuals. Yonaitis said this can save the CISO, programmer manager or whoever is answering the questions time by removing questions if they know there is no risk involved within their company.
Creating an assessment starts by choosing the type of assessment the organization wishes to conduct, including third-party assessments, cloud data protection impact assessments, data security or consent.
From there, organizations can start filling in their flow charts with all the steps of the assignment. In the flow chart, tasks are represented by rectangles. When putting in a task, the person conducting the assessment will answer questions related to the task at hand. For each task, privacy professionals will have the ability to attach assessments for review.
On the flow chart, actions are represented by diamonds. Once an action is taken, the flow chart will break off into different sections depending on the action taken.
When assignments are in progress, the head of a privacy team can examine a color-coded flow chart to see where they are in the process. Users can check a progress log to see every task within an assignment, when they were last modified, when it was started, and when it was completed.
Dashboards also give privacy teams a similar visual view of the progress of the assignment.
As users start and progress through the assessment, they can assign tasks to people within their teams. The system will also alert teams if too many assignments have been given to one individual or to the team overall.
After the assessment is completed, reports can be printed out and given to auditors is several different formats, including immutable PDFs or HTML-based rich texts.
Another feature Yonaitis said allows the Librarian to stand out is its hybrid deployment. The Librarian can be set up and used by anyone in a company, regardless of their location. Yonaitis said he and his team use the Librarian across four different states on both coasts, while also using it in the cloud.
One group Beydata hopes will use the Librarian is schools. It is why they launched the Beydata School Librarian Project. Every K–12 or primary school can get the enterprise edition of the Librarian for free, as well as permanent ownership and unlimited updates.
“We are going to put this product out there for free for all K–12 primary schools globally to try and help keep track of every system that you have running, where the data is running and what’s happening with your student data,” Yonaitis said.
Yonaitis said Beydata is working on versions of the Librarian Project in French, Spanish, German and Dutch.
Of course, schools aren’t the only area Yonaitis and Beydata are targeting. The company had three different target audiences they are hoping to reach. Yonaitis said the company wants to direct companies with larger privacy teams and consultants to the Enterprise edition of the Librarian.
However, for a company who has one person conducting the assessments, rather than a team, the Personal edition is the one Yonaitis and Beydata are looking to court.
Yonaitis envisions a great market in Europe but believes the growth will be limited if the product is only offered in English. Beydata is working to produce different languages for the Librarian and has put out a call for different communities to provide translation files.
If you want to comment on this post, you need to login.