You might need to conduct a Privacy Impact Assessment (PIA) or Information Security Checklist when developing new processes, projects or IT systems
As individuals we all want our own personal data to be protected, and to be sure that the systems they are stored on are secure. The university is committed to protecting the personal data which it processes. We need to work together to ensure that this happens. Here are areas to consider when you are processing personal data or designing new ways of processing this data.
Privacy Impact Assessments (PIA) help you fix problems at an early stage by identifying and minimising privacy risks. A PIA provides reassurance for individuals and for the university. It may help you simplify your processes and collect less data.
This is for new systems or engagements with external vendors/suppliers. If you would like more information about PIAs or data sharing agreements, please contact compliance@gre.ac.uk.
An Information Security Checklist is required if your project, process or system involves software, or any IT system or product, whether designed in-house or procured externally.
The full information security checklist requires input from the requesting department project lead and the vendor. Please provide as much detail as possible on the system and its proposed use at the university.
A lightweight version of the full checklist is required for free tools or platforms. This allows our security team to perform appropriate checks and advise on suitable alternatives where appropriate. As we have no contract with the suppliers, colleagues must read and understand the risks and mitigations of using such free online tools. You can find our Information Security check list for free systems and services here.
If you are requesting software via the AMP process which requires data sharing with third parties an Information Security Checklist is also required.
For advice about our Information Security Checklists please email information-security@greenwich.ac.uk.