Are You Trying To Document And Assess All The Risks And Vulnerabilities For Your Entire Enterprise? You May Be Wondering How To Even Begin.

We recommend starting with a risk register. This is the most logical starting point – a universal first step – to gathering and assessing risk within the “four walls” of your organization, even if your organization is geographically dispersed.

A typical risk register will include a centralized inventory of all risks, by location, and allows you to assign a risk level. Once you have a full documented register – a holistic view into risk across the enterprise – it’s much more efficient to then map those risks through the lens of certain security frameworks, such as HIPAA, NIST CSF, HITRUST, PCI and others.

How ComplyAssistant’s risk register works

ComplyAssistant’s easy-to-use risk register module takes you through 6 comprehensive steps of collecting and assessing risk across the organization:

1) Identify and inventory all threats

Within our tool, you will document all threats throughout the organization. Each threat can be tagged by type of threat, such as environmental, human, computer systems, or network. The risk register module within our GRC software comes standard with a library of threats you can use immediately. You also have the flexibility to create your own threat list or modify the pre-set library based on the requirements of your organization

Risk Register Threats

2) Assess risk level

Within our risk register tool, you can also assess the risk level for each threat, based on two inputs:

  1. Likelihood of incident – How likely is it that the threat event would actually occur?
  2. Impact to the organization – What would be the total impact if the incident did occur?

The risk register tool will automatically calculate an inherit risk level based on your inputs.

Risk Register Threat Assessment

3) Choose how best to address each risk

Using the calculated risk level, you can then document how your organization chooses to manage the risk in four categories: avoid, control, accept or transfer. Our risk register module comes standard with a library of pre-set controls, or you can choose to create your own.

Risk Register Plan

4) Determine residual risk

Once controls are documented, the risk register will then calculate residual risk, indicating which areas need more attention in order to mitigate.

Risk Register Residual Risk

5) Determine maturity level

Developed in conjunction with our partners at Kardon, the ComplyAssistant risk register also includes a unique feature in the market, which calculates how mature your plan is based on documentation, training and preparedness of the incident team.

Risk Register Maturity Level

6) Assign an action plan

With all threats documented, risk levels assigned, and maturity stages determined, your organization will then have a complete view into enterprise risk, and a prioritized list of where to focus resources. Within the risk register, you can assign controls, actions and tasks to various members of your team, and track progress along the way.

Risk Register Action Plan

See The Software in Action.

Tell us about yourself and one of our friendly experts will contact you to arrange a time for a demo. The demo is about 30 minutes depending on questions. We look forward to connecting.

This site is protected by reCAPTCHA Enterprise and the Google Privacy Policy and Terms of Service apply.

Want more? Check out our blog post on how using a risk register can help avoid recreating the wheel each year during security risk assessments.