Some of the data, particularly from other Source Organisations, may not be available for the vulnerability Purpose, so that the controller for that information needs to be ‘asked’ to provide it.
To access information, the Source Organisation will need to;
agree in principle ( or not ) to the Lawful and Ethical reuse of their data, for the vulnerability Purpose
be convinced that their information is necessary and valuable
set out the terms of use for their data, including security, and information life-cycle arrangements
If agreement is reached, the Source Organisation will need to
set up a data product which may include a transformation to match the requirements and minimise data disclosure