28 Op Der Haart L-9999 Wemperhardt Grand-Duché de Luxembourg

Risk management

Risk management is the discipline that focuses on identifying, assessing and prioritizing
risks related to an organization's activities, regardless of the nature or origin of these
risks, in order to deal with them in a coordinated and cost-effective manner, so as to
reduce and control the probability of feared events, and to reduce the potential impact
of such events.
As such, it is a component of the company's strategy that aims to reduce the probability
of failure or uncertainty of all factors that could affect its business project. The
continuous management of a company's risk grid requires vision and vigilance on the
part of the manager and his advisors and managers, to adapt it to the realities on the
ground and the regulatory systems that apply to it.

Risk related to the IT system.

Each company in a digital mode is confronted with risks related to the different
technologies used, so Semago® supports you in analysing this risk, but also in keeping
the risk register up to date and in carrying out a regular evaluation.
This activity is called IT Risk Management which we offer as a service.

Privacy risk

Privacy has been a priority for Semago® for years, long before the DGPS, personal data
had to be managed, but few companies have been aware of this directive and the rights
and duties imposed on them. Since the arrival of the DGMP, it is an awareness at the
political level but not only, new obligations are made mandatory.
Among these obligations is risk analysis, which becomes mandatory in three cases: :

When launching the use of a new technology

When the data processed are sensitive in accordance with Article 9(1) of the DGPS.

When the data processed presents a high risk to human rights.

This is what is recommended by the legislation, at Semago® we assume that any
treatment generates a risk from an acceptable level to a high level and we recommend
that this exercise be carried out for all treatments and that the risks be monitored.

To do this, we propose the following solutions:

DPIA Manager as a service (Personal Data Impact Analysis) according to ISO 29000 series.

Risk management training.

Implementation of a framework to standardize the management of privacy risk.

+352 xxx xxx xxx

Semago® vous apporte ses conseils et ses savoir-faire dans les domaines de la Sécurité, la cybersécurité en protection des données, et en vie privée.