General Information on Risks
To differentiate between general and processing-specific risks, consider the following points. In principle, these behave similarly to general/process-specific measures:
General Risks:
Affect the entire organization or have a template-like character.
Often encompass potential threats such as data theft, system failures, or general IT security gaps.
Creating and managing general risks requires the additional Risk Management module.
Processing-Specific Risks:
Are directly associated with specific processing activities.
Usually relate to the specific data, processes, and technologies used in these activities.
Selecting Risks in caralegal
Risks can be selected in several places:
Processing Activities - Page 5 "Measures and Risks"
Processing Activities/DPIA - Page 8 "Risk"
Asset Management - Page 3 "Risk Management"
Behavior - General vs. Specific
In principle, these behave similarly to measures, which can also be either specific or general.
You can choose from already created risks:
To make the overview easier, general risks are given the prefix "General:"
If you modify an existing risk, it will also change in all previously linked locations. Therefore, proceed with caution: ...
By clicking Edit as Processing-Specific, you can create a specific copy from a general measure. Typically, our clients restrict editing access by assigning organizational units precisely.
I recommend placing general measures at the top level, the so-called ROOT level, and assigning all units as "Additional Organizational Units".
The specific copy will receive its own Risk ID and is entirely independent of the general measure. This copy can now be modified as desired without affecting the general measure (and, consequently, any linked documents).
Note:
For a risk to be selectable in a processing activity, either:
Responsible Organizational Units OR
Additional Organizational Units
must match.
A risk that is created exclusively for Department A will not automatically be visible for Department B.