Maintaining a risk register and conducting a periodic risk assessment is a critical requirement of all compliance certifications. ControlMap's Risk Register functionality allows you to easily manage and assess your organization's potential risks to ensure compliance.  Read further for instructions on how to manually add risks, upload them from a file or import sets of common risks.


TABLE OF CONTENTS


Add Risk

1. Navigate to the Risks section.

2. Click on Actions > Add Risk and enter details for the Risk.

  • Name - Provide an appropriate name to help identify the Risk.
  • Business Impact - Consequences that can arise if the risk is not mitigated.
  • Status- Choose from the following values.
    • Accepted - The risk applies to the business and will need appropriate controls and policies to address it.
    • Mitigated - The risk applies to the business but has been mitigated with existing controls and policies.
    • Closed - This risk does not apply to the business.
    • Transferred - The risk applies to the business, but the enforcement of controls and policies has been transferred to a Third-party.
  • Owner - Identify an owner responsible for mitigating the risk
  • Impact Area - Select the appropriate impact area.
  • Vulnerabilities, Threats, and Security Controls - Use the search functionality to link available vulnerabilities, threats, and security controls.
  • Likelihood - The possibility of the risk impacting the business. Possible values for likelihood are Rare, Unlikely, Possible, Likely, and Certain.
  • Impact Score - Score signifies the potential effect the risk has on the business, should it occur. Possible values for impact score are Negligible, Marginal, Significant, Critical and Catastrophic.

3. Click Save.



Upload


1. Go to Risks > Actions > Upload

2. Select Choose File to upload a CSV file that contains relevant risk information and then click Next.

3. Map the column header names from your CSV to their corresponding risk attributes and click Next.

4. Click on Start Import

5. Review your imported risks on the Risks tab to verify accuracy.  



Import Risk Set


1. Go to Risks > Actions > Import Risk Set

2. Select Common Risks, Cloud Risks, APP & API Dev Risks or Up and Coming Risks.

3. After selection, select Start Import to import the Risk Set.