Risk Management Module

Secureframe is thrilled to elevate our services to meet the evolving needs of our valued clients. We're proud to unveil our new and improved Risk Management module! In response to valuable feedback from our community, we've refined and improved our Risk Management module to offer greater flexibility and enhanced functionality. We're committed to providing the best experience for our users

Main features: 

  • Risk Library
  • Robust workflows for risk assessment
  • Robust workflows for risk review
  • Robust workflow for risk mitigation and remediation

Our new Risk Management module is to help users streamline their risk identification, assessment, and management process. Using our new module & workflows, users can determine which risks are truly applicable to them and determine how to handle them. 

Risk Library/workflow

Our new risk library contains hundreds of common & pre- populated risks that you can select from and assess as you conduct your risk due diligence. As you add any of these risks to your Risk Management module, you will be able to review, document, treat the risk as needed for your risk management posture. If none of these risks apply to your organization, that’s fine, you can create custom risks!

Screenshot 2023-08-15 at 2.54.54 PM.png

In addition to our risk library, Secureframe allows you to create custom risks for your organization. Users have the same capabilities with these risks as the ones from the risk library, just with more customization capabilities. 

Screenshot 2023-08-15 at 2.55.08 PM.png

This is the first page within the risk assessment workflow and is where crucial details for each risk are to be inputted and defined. The platform includes validations to ensure that critical information is entered. If these are not filled out, the platform will not allow you to complete the risk assessment. The details page as seen below includes risk formula calculations and the appropriate owner, departments, category, and tags defined for each risk.

Screenshot 2023-08-17 at 12.26.36 PM.png

Assessment

As you create or select risks, you will need to conduct a risk assessment for each risk. This risk assessment involves selecting the impact and likelihood scores which are part of the formula to calculate overall risk. The likelihood-impact risk formula assesses the potential risk of an event by considering the probability of its occurrence (likelihood) multiplied by the magnitude of its potential consequences (impact). This helps prioritize and manage risks based on their overall potential impact on a system or project.

Screenshot 2023-08-17 at 6.38.00 PM.png

 

Treatment

Within the treatment section, your organization will determine how to handle the risk, whether that be via risk acceptance, transfer, avoidance, or mitigation. Within this screen you will justify any decisions regarding treatment as well as residual risk. Residual risk is the amount of risk or danger associated with an action or event remaining after natural or inherent risks have been reduced by risk controls.

  • Acceptance - Retain the risk as-is with no further changes.
  • Transfer - Shift the risk outside of your organization, e.g., cyber liability insurance
  • Avoid - Fix the risk and remove the risk entirely or reduce the threat of the risk.
  • Mitigation - Identify controls or other solutions to put in place that can reduce the threat of the risk. 

Screenshot 2023-08-17 at 6.40.15 PM.png

Screenshot 2023-08-17 at 6.40.24 PM.png

 

Review

This is where the risk assessment is completed. Please confirm all information and ensure the completeness and accuracy of it prior to hitting “complete assessment”.

Categories

These can be used to organize risks. 

Draft/Complete

Risks have two stages; draft and complete. Risks in draft can be worked on, completed, or deleted and are fully customizable as needed. Completed risks can be edited, however they must be reverted to draft in order to do that. Additionally, you can click into each risk to see relevant risk details and calculations. 

View History

View history is where users and/or auditors can export a history of risks and actions taken for them when needed for an audit or security questionnaire. Any updates to the risk item are captured here in a change log.

Screenshot 2023-08-17 at 6.42.05 PM.png

 

Risk Management Settings

Within settings, users can configure their “tags” and their “scoring” configurations. Please see the respective sections below for more information. 

Screenshot 2023-08-17 at 6.42.46 PM.png

Tags

Tags are used to assign relevant details, categories, & information to individual risks. Similar to categories, tags help risks provide context & information to the admins that are responsible for risk management. Secureframe provides Categories and Departments for you to choose from, but you can customize or add tags if needed.

Scoring

This is where users can assign or set weights for respective risk scores. Different scores & weights may impact different organizations differently, so we wanted to give our users the flexibility to weigh scores differently. Be sure to edit scoring before adding risks.

Screenshot 2023-08-17 at 6.43.39 PM.png

 

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.