Privacy Risk Management Framework

FRTIB adheres to the process described in NIST SP 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations, to incorporate information security and privacy risk management activities into the system development life cycle. The SAOP collaborates with FRTIB’s CTO and CISO to:

• Analyze data elements used by each of FRTIB’s information system, including the information processed, maintained, and transmitted by each system, based on an impact analysis compliant with NIST FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems; and
• Conduct a privacy impact assessment that assesses the privacy risks for each of FRTIB’s information systems.