Creating Risks

Risks can be created by selecting the Create Risk button at the top right of the page. Doing this will open a side window where user will need to fill out information such as:

Risk Name: The name of the risk

Risk Description: A brief outline/description of the risk

Risk Category: What area of the business the risk impacts (e.g. IT services, reputation, financial etc.)

Risk Owner: The employee that is responsible for managing the risk

Likelihood: A scale from 1-5 as to how likely the risk is to occur

Impact: A scale from 1-5 for the level of disruption the risk will cause

Mitigation Strategy: What steps the business will take to manage or prevent the risk

Mitigation Status: Indicates whether the risk is ongoing, resolved, or currently being monitored

Control Association: Shows what security controls the risk impacts, if applicable

Risk Treatment Decision: What steps the business has taken to address the risk

Once this information has been filled in, click Submit to log the risk.

Reviewing Risks

Risks within the Risk Register should be regularly reviewed and updated to match any increase in likelihood or impact to the business. They can be examined in more detail within the OneClickComply platform by selecting Review on the associated risk, as shown below:

Once selected, a new page will be opened, expanding on the different categories that the risk is broken down into. For a refresher on these categories, click here.

Let's have a look at an expanded version of the above task:

This risk, an outdated server, can now be examined in more detail. Let's look at the four new sections on this page:

Risk Description: A more in-depth explanation of the risk e.g what the risk is, the potential damage to the business, or any other important details.

Mitigation Strategy: Allows users to detail the steps that the business has taken, or will take, in order to reduce the impact on operations.

Review Frequency: Lists how regularly the business should go back and review this risk.

Documentation: An area for users to upload documentation that is relevant to this risk. For example, an insecure network could have the results of a penetration test attached to evidence the fact that the business is aware of the need to secure it.

Updating risk details

If needed, risks can be updated by selecting the Update button when reviewing a task in greater detail. This will open a new window and allow users to modify the information associated with the risk, and attach any documentation as required.

Updated on: 26/06/2025