Because laws and regulations are very complex, Boardish currently only supports the latest GDPR regulation as part of the risk quantification, but we hope to have more in the future.
To select the regulation impact for your chosen threats, simply click on the blue plus button and then select your threat from the drop-down.
Once your threat is highlighted in the table, then choose the relevant regulation. If it is not applicable or you don’t want to include regulation impact in your calculations, select none.
In the case of GDPR you’ll need to consider whether your threat causes any personal information about a European citizen to be unlawfully obtained to third parties without the users consent.
For example, phishing is likely to have a medium impact because it’s likely that being compromised will grant someone access to your systems, even if that is just an email list or list of names. A fire or flood however probably doesn’t have a GDPR implication as cloud data won’t be compromised and physical data is likely to be destroyed.
If you’ve selected a regulation you’ll then select whether there is a low, medium, or high chance of impact from the next drop-down menu.
Another point to note is that if you’re a US company, with only US customers or clients, GDPR is likely not to apply to you. Don’t forget to click save and next to be taken to see your dashboard.
Don’t forget to click save and next before you progress to the next section. If you have any questions or concerns about filling in the Regulation Impact section, feel free to ask a question in our online Facebook community or drop us an email.
Boardish is currently still in Beta, so as with any new software, we’re doing our best to work out the kinks. If you discover a bug or you’re struggling to use Boardish first refresh the page. If the bug persists, please contact us directly or via the Facebook community so we can help you out.
Currently Boardish only supports GDPR but other regulations will be added in our next update version. This is because the legal minefield is hard to quantify specifically for each situation and often has a lot of other factors involved. We would rather our algorithm is accurate without the regulation impact than inaccurate with multiple regulation options.
Simply select none in both the regulation and regulation impact sections. Make sure to do this for all of your threats.