The EN 16571 RFID Privacy Impact Assessment software (the RFID PIA Recorder) mitigates the risk inherent and significantly reduces the effort involved with manual privacy impact assessments. It follows all the process steps defined in EN 16571 in a straightforward manner that results in an accurate risk assessment of your RFID application. This will enable the RFID application to be re-assessed when there are changes to key features to the system either from within the enterprise or based on RFID technology.
All the processes in EN 16571 are covered by the software, enabling the RFID operator to produce a valid RFID Privacy Impact Assessment with input about the specific application, saving many hours of work and producing the highest quality results. Your PIA is confidential to your organisation and never seen by CNRFID-CSL.
Your organisation is in the process of developing a new RFID application or has an existing RFID application, and you want to show users of the application that you take RFID privacy seriously. The persons responsible for the application and an internal compliance officer use the RFID PIA Recorder to perform the RFID privacy impact assessment.
The RFID PIA Recorder steps you through entering all of the data required for an EN 16571 RFID privacy impact assessment. This includes data about the RFID application and the associated data stored on RFID tags or in computer hardware that is part of the system. All information you entered is stored in a location of your choice, so can be kept perfactly safe and private.
Once you have identified the RFID products in your application, the RFID PIA Recorder will automatically provide the relevant Privacy Capability Statements, which EN 16571requires the RFID manufacturers to provide to comply with the standard. These privacy capability details are then built into the PIA process.
The RFID PIA Recorder allows everyone involved in the completion of the privacy impact assessment to collaborate by storing the RFID PIA data on a network drive, it can be accessible to all who need it. The RFID PIA Recorder automatically locks the file while it is in use, to prevent two people from updating it simultaneously.
The RFID PIA Recorder applies the relevant risk values to the data, applies the risk values of the threats and vulnerabilities based on the air interface protocol to arrive at an initial risk score. It then considers the countermeasures that are possible from the RFID products you use and advises of any other countermeasures that you can apply to mitigate the risks
The entire process produces a secure and confidential RFID Privacy Impact Assessment that is held on your organisation’s computer system. Nothing is stored on the CNRFID-CSL system other than you purchase details and software licence.
The RFID PIA Recorder will also produce the contents of the RFID Privacy Impact Assessment Summary Report, which the European Commission Recommendation requires to be made publicly available to users of the RFID application.
The RFID PIA Recorder creates an RFID Privacy Impact Assessment that fully complies with EN 16571 requiring the minimum of input about your application, with all the technology aspects built into the software. This will enable you to publish your RFID PIA Summary Report with confidence. It will also provide a sound base for any subsequent review of your RFID Privacy Impact Assessment.
There are many benefits to using the RFID PIA Recorder versus trying to complete an RFID privacy impact assessment on your own. These include:
The RFID PIA Recorder software can be purchased for £700. This includes two user licences and covers one RFID application. It costs only £45 for each additional user, should you require. Additional RFID applications costs £175. Annual renewal is 20% of the previous year’s listed price. All prices are exclusive of VAT, which will be added where applicable.
The first step is to fill in a simple form to let us know a little about your organisation's use of RFID, and also the level of expertise within your organisation. We can then determine the best approach for you.
If you believe your organisation lacks the capabilities to carry out an RFID privacy impact assessment, you should consider using our consultancy service You do not need to decide that now because it will become apparent during pre-sales discussions regarding the software.