Event-Based Privacy Risk Assessment and Treatment Tool PIMS-FORM-06-4
Implementation Guidance This Excel sheet must be removed from the final version of the document.
Design This spreadsheet has been designed using CertiKit's colour scheme. To choose a different table colour scheme, click in the table, select the Table Design menu tab and choose a different style. The same applies to the drop-down menu "slicers" at the top of the screen. Click in one slicer, then hold down the Shift key and click on the rest, one by one. This will select them all. Then click on the Slicer menu tab and choose a different style. You can also create your own table and slicer styles using your own colour scheme to reflect your organization's branding.
Purpose of this document This document should be used to perform a event-based risk assessment, including assessing the expected effects of treatments.
Areas of the standard addressed The following areas of the ISO/IEC 27701 standard are addressed: 6. Planning 6.1 Actions to address risks and opportunities 6.1.2 Privacy risk assessment 6.1.3 Privacy risk treatment 8. Operation 8.2 Privacy risk assessment 8.3 Privacy risk treatment
General guidance The key objective of the risk assessment is to ensure that all of the serious risks that need treatment are identified so that something can be done about them. Remember that the standard requires you to assess the impact of a risk to both the PII principal and the organization. The risk score is based on the higher of these two impacts. Be careful not to make your risk assessment too large or complicated as much of the impact will be lost and it will be difficult to repeat at a later date. This tool is intended to be used to assess the effects of the proposed treatments also, so that the level of residual risk can be shown. If you need to select more than one control for a specific risk simply list all of the controls in the same cell by copying and pasting them from the Reference Controls tab. Keep track of which risks each control is applied to on the Reference Controls tab. This will help with your Statement of Applicability.
Review frequency It is a good idea to revisit this risk assessment on a regular basis and to ensure that new risks that occur are identified and assessed.
Toolkit version number ISO/IEC 27701 Toolkit Version 2
Copyright notice Except for any specifically identified third-party works included, this document has been authored by CertiKit, and is ©CertiKit except as stated below. CertiKit is a company registered in England and Wales with company number 6432088.
20/01/2026
Page 1 of 10
[Insert classification]