Risk Management Functionalities
Neatly summarised.
Functionality | Description |
Risk Register | The risk register allows for registering risks, determining (acceptable) risk levels and implementing mitigation measures through risk acceptance flows. The risk matrix provides a visual overview of the (residual) risk of your organisation. Risks can be linked to many places in the platform, mainly controls and issues. |
Controls Library | In the control library, you can register controls per defined compliance requirements. Controls are used to mitigate risks by defining control objectives, assigning ownership, and scheduling assessments to monitor effectiveness. Controls are part of broader internal frameworks. |
Frameworks | Using the frameworks module, you can register internal and external (compliance) frameworks, which serve as a central reference point for your organisation’s compliance requirements, policies, and standards. Each framework can be broken down into specific requirements, which can then be linked to controls and risks throughout the platform. Our Content Hub contains a collection of best-practice templates, such as ISO/IEC 27001 and NIS2 frameworks. |
Issues | Issues capture any findings, weaknesses, or non-conformities relating other parts of the platform that require follow-up. Each issue can be linked to relevant risks, controls, and more to maintain context and traceability. From an issue, action plans can be initiated. |
Action plans | The Action Plans module helps you track and manage follow-up actions that arise from issues, risks, or assessment results. Each action plan outlines what needs to be done, by whom, and by when. You can assign owners, set due dates, and monitor progress, ensuring accountability and timely resolution. |
Control Assessments | Control Assessments provide a structured approach to evaluate whether your controls are effectively designed and operating as intended. These assessments can be scheduled periodically or conducted on an ad-hoc basis. During an assessment, control owners are asked to provide evidence or explanations that demonstrate how the control functions in practice. The results help identify gaps, support audit readiness, and strengthen your risk and compliance posture over time. |