Matchmaker Exchange (MME) has recently been implemented at Oslo University Hospital to enable matchmaking of genotypic and phenotypic information for consented rare diseases cases, in the first instance with SciLifeLab at Karolinska University Hospital. A condition of this service going live is approval by the hospital’s Information Security Officer, using a risk assessment approach. Consequently, and as a part of Norway’s BigMed precision medicine project, a risk assessment was performed on this MME implementation, applying the principles of ISO 31000 and 27005 for risk identification, analysis and evaluation. Risks identified were also assessed using the local health institution’s 1) risk rating scale for information security and 2) safety principles and requirements for IT infrastructure and applications. This poster will describe the findings of the risk assessment, generalized to capture broader implications for other institutions looking to assure local implementations of MME, and to draw conclusions on the applicability of risk assessments for implementation of services based on federated systems for data access.