Finn O'Brien
Last updated: 29 October 2025
In this article, you will find:
Navigation guidance for accessing the Risk Register.
The process of creating and adding risks within platform.
The Risk Register can be used to create, store, and review various risks to your organisation, as outlined by compliance standards such as ISO 27001 and SOC 2. It can be accessed by selecting the Risk Register button from within Compliance > ISMS, as shown below:
Risk Register navigation guidance
Risks can be created by selecting the Create Risk button at the top right of the page.
Guidance for adding risks
Doing this will open a new window where you will need to fill out information such as:
Risk Name: The name of the risk.
Risk Description: A brief outline/description of the risk.
Risk Category: What area of the business the risk impacts (e.g. IT services, reputation, financial etc).
Risk Owner: The employee that is responsible for managing the risk.
Likelihood: A scale from 1-5 as to how likely the risk is to occur.
Impact: A scale from 1-5 for the level of disruption the risk will cause.
Mitigation Strategy: What steps the business will take to manage or prevent the risk.
Mitigation Status: Indicates whether the risk is ongoing, resolved, or currently being monitored.
Control Association: Shows what security controls the risk impacts, if applicable.
Risk Treatment Decision: What steps the business has taken to address the risk.
Once this information has been filled in, click Submit to log the risk.
