Risk Assessment Methodology for Software Stacks

Aims to provide a risk assessment framework for software stacks

In the genomics community, many groups lack training in security assessments. The GA4GH Data Security Work Stream is exploring developing a policy framework on risk assessment methodology for software stacks.

Jump to...


  • Aims to outline concrete steps to assess risk in software stacks

Target users

Data custodians, data protection authorities, and security officers

Work Stream
In progress
Product Lead
  • David Bernick
Staff Contact

Community resources

Dive deeper into this product!

Currently under exploration, the Risk Assessment Methodology for Software Stacks product would offer best practices that relevant groups may use to develop their own policies. The product may consist of several parts including:

  • a how-to on assessing risk aligned to a known framework;
  • a methodology or algorithm for groups to self-service risk assessments beyond what is in the Data Security Infrastructure Policy (DSIP).

Don't see your name? Get in touch:

  • Dixie Baker
    Martin, Blanck and Associates
  • Thomas Conner
    Broad Institute of MIT and Harvard