Assessment types — PIA/AIA/Security types, scoring, tiering, and summary templates
Last updated: July 12, 2026 by Steve
Assessment Types
Assessment types are the top-level kinds of privacy and security assessment your office runs — Privacy Impact Assessment (PIA), Algorithmic Impact Assessment (AIA), Security (SEC), or a custom type. The type a coordinator picks at creation decides which templates are offered, whether the scoring and tiering tools apply, whether the harm-to-individuals lens appears on the risk register, and which summary template produces the closing report.
(screenshot placeholder — capture: the Assessment types list with a type selected and its scoring, harm-lens, and summary-template options visible)
Where to Find It
Open Settings from the app toolbar and choose Assessment types in the Privacy configuration group. This group is visible only to users who hold the relevant privacy configure permission.
Options and Fields
| Field | What it controls |
|---|---|
| Name and description | The type's label, translatable so it reads correctly in each active language. PIA, AIA, and Security are the standard types; you can add custom types. |
| Scoring and tiering | Enables the likelihood × impact risk register and overall-risk tiering on assessments of this type. When on, a note appears at creation telling the coordinator that scoring applies. |
| Harm-to-individuals lens | Enables the harm-to-individuals (RROSH) determination on the risk register for this type. |
| Summary template | The report template used to generate the regulator summary produced at closure. |
How It Affects Assessments
- At creation, the chosen type filters the template list — templates built for that exact type sort first, generic templates follow.
- For scored types, a note appears in the create dialog, and the assessment's Risks tab exposes the 5-point likelihood × impact register with the effective overall-risk override.
- For types that enable the harm lens, the risk register adds the harm-to-individuals (RROSH) determination.
- At closure, the type's summary template drives the generated regulator summary that the Closure tab exports.
- Security (SEC) assessments also unlock the SEC-only workflow — generate SSP/SAR actions and the Categorization, Controls, POA&M, and ATO tabs.
Best Practice
Seed your assessment types from a Configuration Pack so PIA, AIA, and Security arrive pre-wired to the right templates and scoring behavior, then adjust only what your program requires.