Creating a Risk

Add a Risk to the Register

The risk register lives under Compliance in the sidebar. Open Compliance, then Risks, and click Add to create a new risk.

Describe the Risk

  1. Enter a title and description.
  2. Choose a category such as operational, security, compliance, financial, reputational, legal, or other.
  3. Set the status to reflect where the risk sits in its lifecycle: identified, assessed, treating, monitoring, or closed.

Score Inherent and Residual Exposure

Rate likelihood and impact from 1 to 5 for both inherent exposure (before treatment) and residual exposure (after your controls). ISO Mate multiplies likelihood by impact to produce a score from 1 to 25 and assigns a level band automatically.

Assign an Owner and a Treatment Plan

  1. Assign an owner who is accountable for the risk. The owner receives notifications about assignments, reviews, and escalations.
  2. Choose a treatment strategy: accept, avoid, mitigate, or transfer.
  3. Document the treatment plan in the rich text field.

Link Controls, Frameworks, Tasks, and Incidents

On the risk detail page you can link the controls that treat the risk, the frameworks it relates to, tasks that carry out the treatment, and any incident that realized the risk. A reference code such as RISK-0001 is assigned automatically.

¿Le resultó útil este artículo?