How it works
Your organisation is in the process of developing a new RFID application, or you want to show to users of an existing application that you take RFID privacy seriously. The persons responsible for the application and an internal compliance officer use the CNRFID-CSL RFID Privacy Impact Assessment software to perform the assessment.
The software resides on your computer, or internal network (if the RFID Privacy Impact Assessment, is undertaken as a team effort). The software will ask questions about the RFID application, the data that is encoded on the tags and associated with the application. It will also require you to identify the tag and reader (interrogator) products used in the application.
Once you have identified the products, our software can automatically provide you with the relevant Privacy Capability Statements, which EN 16571requires the RFID manufacturers to provide to comply with the standard. These privacy capability details are then built into the PIA process.
With the built-in procedures, the people in the organisation responsible for the RFID application, data protections and security can share the procedure by providing the information requested about the data encoded on the RFID tag and stored on the applications.
The software applies the relevant risk values to the data, applies the risk values of the threats and vulnerabilities based on the air interface protocol to arrive at an initial risk score. It then considers the countermeasures that are possible from the RFID products you use and advises of any other countermeasures that you can apply to mitigate the risks
The entire process produces a secure and confidential RFID Privacy Impact Assessment that is held on your organisation’s computer system. Nothing is stored on the CNRFID-CSL system other than you purchase details and software licence.
The software will also produce the contents of the RFID Privacy Impact Assessment Summary Report, which the European Commission Recommendation requires to be made publicly available to users of the RFID application.
An RFID Privacy Impact Assessment that fully complies with EN 16571 requiring the minimum of input about your application, with all the technology aspects built-in with the CNRFID-CSL software. This will enable you to publish your RFID PIA Summary Report with confidence. It will also provide a sound base for any subsequent review of your RFID Privacy Impact Assessment.