Risk Assessments

Risk assessment is a fundamental pillar of modern data governance and regulatory compliance. Philterd Data Services provides a sophisticated risk assessment engine designed to identify, quantify, and summarize the presence of sensitive information—specifically Personally Identifiable Information (PII) and Protected Health Information (PHI)—within your unstructured data.

By leveraging our risk assessment capabilities, organizations can gain a deep, data-driven understanding of their sensitive information exposure, allowing them to prioritize data protection efforts and demonstrate proactive compliance.

How Risk Assessment Works

A risk assessment operation is conceptually similar to a redaction operation but with a different objective. Instead of removing the identified sensitive information, the engine focuses on quantification and qualitative analysis.

1. Engine Analysis: The document is processed through our identification engine using a specific redaction policy that targets all types of PII and PHI.
2. Quantification: Every instance of sensitive data is identified and mapped to a scoring methodology (see below).
3. Aggregation: The engine calculates an overall risk score for the document based on the frequency and weight (sensitivity) of the identified PII/PHI.
4. Security: To ensure maximum security, the document is temporarily uploaded to an encrypted S3 bucket, analyzed, and then immediately and permanently deleted once the assessment results are generated.

Supported File Formats

The Philterd risk assessor is compatible with the most common organizational document types:

• Plain Text (.txt): Direct analysis of raw text content.
• Microsoft Word (.docx): Comprehensive parsing of Word documents, ensuring that PII/PHI is identified within the context of the surrounding text.
• Adobe PDF (.pdf): Deep scanning of text-based PDF documents across all pages.

Scoring Methodologies and Customization

Risk is not uniform across all data types. Philterd Data Services allows you to customize Scoring Methodologies to align with your organization's specific risk profile or regulatory environment.

• Weighted Scoring: You can assign different numerical weights to various PII/PHI types. For example, a Social Security Number (SSN) might be assigned a risk weight of 100, while a Zip Code might only be assigned a weight of 5.
• Total Document Score: The final risk score is calculated as the sum of the weights of every identified sensitive entity within the document. This provides a clear, numerical metric to compare risk across your entire document repository.

Intelligent Insights: AI-Powered Summaries

To bridge the gap between raw data and actionable intelligence, Philterd integrates advanced Artificial Intelligence (leveraging Amazon Bedrock).

In addition to the numerical score, every risk assessment generates a natural language AI Summary. This summary translates the technical findings into a concise, easy-to-read explanation. It highlights the types of sensitive information found and the potential impact, helping non-technical stakeholders quickly understand the document's risk profile without needing to interpret raw logs.

Performing a Risk Assessment via the Dashboard

Initiating a risk assessment is a streamlined process:

1. Navigate to the Risk Assessments Page: Access the section from the primary sidebar menu.
2. Initiate New Assessment: Click the New Risk Assessment button.
3. Configure Parameters:
   • Scoring Methodology: Select the predefined methodology that defines the weights for PII/PHI types.
   • Data Key: Choose the appropriate encryption key to be used for secure handling during the process.
4. Upload the Document: Drag and drop or select the file you wish to analyze.
5. Start Processing: Click Start Assessment. You can monitor the real-time status as it moves from PROCESSING to COMPLETED.

Interpreting Your Results

Once an assessment reaches the COMPLETED status, you can access a detailed results view:

• Overall Risk Score: A high-level numerical metric of the document's total risk.
• Granular Score Details: A comprehensive breakdown showing exactly how many instances of each PII/PHI type (e.g., Name: 12, SSN: 2) were found.
• AI-Generated Summary: The natural language narrative explaining the document's sensitive data profile.
• Audit Trail: Precise timestamps and status logs for the assessment operation.

Related Documentation

• Understanding Redaction Policies - Learn how policies drive identification.
• Redacting Documents - Move from assessment to active protection.
• Security - Deep dive into how we protect your data during assessment.
• Managing Contexts - Organize your assessment projects effectively.