Risk Register

Managing risks in the Conformio Risk Register

You can access the Risk Register from the list of Registers and Modules, located in the left navigation pane of your Conformio account.

Risk Register - Support Center
Figure 1. Accessing the Risk Register

The Risk Register is a very important part of Conformio, and it was created in such a way as to lead you through managing your risks step by step.

In the left sidebar, on the Wizard tab, you can see helpful text and tips on what to do in the register.

Risk Register - Support Center
Figure 2. Overview of Risk Register

Conformio leads you through the selection of all assets and connecting those assets to vulnerabilities and threats. There is already a defined list of assets, as well as vulnerabilities and threats, from which you can choose. Also, if there is something not on the list, you are able to add your own items to each list.

Risk Register - Support Center
Figure 3. Adding assets

Risk Register - Support Center
Figure 4. If you don’t see an item you need on the list, you can add your own

For each asset-vulnerability combination, select all the necessary threats from the list. When you’re ready, click the “Next” button in the right sidebar so you can go to the next steps – Evaluation, Review, Treatment, and Acceptance.

Risk Register - Support Center
Figure 5. Adding a threat to the asset-vulnerability combination

In the next step, you evaluate the risks you created. You are defining impact and likelihood, as well as the persons responsible for the risk (risk asset owner and risk owner). These persons will be notified regarding what is happening with the risk and will be responsible for its treatment.

Be sure to add responsible people to each risk; otherwise, you won’t be able to go to the next step.

Risk Register - Support Center
Figure 6. Evaluation of the risks

After evaluation, the person responsible for reviewing the risks (the Risk Register owner) has to review the newly created risks.

Risk Register - Support Center
Figure 8. Review the risks

Those risks that are acceptable will not be visible in the next step, “Treatment” – only those that are not acceptable. Once all risk treatments are set up, you’ll be able to proceed further.

Let us know if you need any assistance: support@conformio.com

CONTACT US

OUR PARTNERS


  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.

  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.

  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.