Risk Assessment on Personal Information

Service Introduction

The Personal Information Protection Act has taken effect nowadays. To help businesses quickly set up the personal information guarding mechanism, Acer Cyber Security Inc. (ACSI) has launched "Risk Assessment of Personal Information" services, which provides all units with "personal information diagnosis” and “correction service”, enable businesses to have a 360-degree analysis conduct by professional security team, ranging from IT process, information access process to enterprise operation process. Following the examination, business can take measures on possible leak access, to gear up for full security defense in advance.

Service Features
  • Incorporate managerial and technological solutions
The approach to Personal Information Protection Act will be divided into two aspects - management and technology. First, we have to locate the personal data, includes paper and digital file, in the business’ system. The easiest way to do so is to use the life cycle of data, which starts from data collection to data usage, access, transmission, storage then to the final stage of removal and deletion, to carry out a thorough examination. ACSI applies Auto Discovery, an automated data search tool, to locate confidential and sensitive data. This is the only the beginning, next step is to build up and import security management standards and plans.
  • Comply to international standard verification methodology
Following the principal of P-D-C-A, conduct effective audit, recording and attest, are important proofs to show business’ responsibility to safe guard personal information. Security management specification and plan in conjunction with the audit, recording and attest would be the core tools to the management.
·     With ongoing effort to improve, ACSI provides personal data consultancy services. In addition to personal information in-depth asset examination, we also provide other professional security services to carry out system audit and technology testing on a regular base. This would offer business a seamless personal information defense management project.
Service Categories Personal information Risk Assessment Variance Consultancy (A)
Privacy Impact Analysis
Implementation of Privacy  Information Management System (B)
Service Content Operations process analysis and personal information data life cycle analysis Data mining
Data mining Personal Information Protection Act compliance check
Personal Information Protection Act compliance check Personal Information Protection Act variance analysis
Personal Information Protection Act variance analysis Risk assessment variance analysis
Risk assessment variance analysis Correction and prevention measures
  Implementation and operation of personal information management system
Service output Consultancy service report, include:
·         Description of personal information management and its rights & liabilities in use
·         Variance analysis report
·         Personal information leakage defense service plan
·         Variance analysis on Risk assessment implementation
·         Variance analysis on Risk assessment implementation
·         Establish information security policy system.
·         Management system structure design report.
·         Management system structure building report.
·         Implementation & operation and maintenance & monitoring report
·         Education & training on implementing plan
·         Pre-evaluation and certification assistance
Expected Benefits:
With personal information service package of ACSI, business and organizations will fully control and understand the risk of personal information. Therefore, could carry out correction and prevention measures in advance. It is expected to help business achieving the following goals:
  1. Analyzing current internal data distribution in response to Personal Information Protection Act
  2. Analyzing the security risk of internal endpoints and provide implementation plan
  3. Reducing the risk and loss when data are taken away by employees
  4. Providing consultation on endpoints security and internal security management