Aptible Comply

Risks Overview

Risk Management is a critical aspect of any security program. Without understanding the threats to your business, their impact, and likelihood, you can't prioritize mitigations and appropriate controls. Indeed, many compliance frameworks, such as ISO-27001, require a risk assessment as a crucial input to justifying the inclusion or exclusion of controls from the design of your Information Security Management System.

Comply provides a risk register that helps you:

  • Track threat events
  • Assess initial risk
  • Determine the appropriate response (mitigate, transfer, avoid, or accept the risk)
  • Map control responses and mitigating actions (tickets)
  • Compute the residual ("adjusted") risk as a result of those actions
  • Track which threat events are above or below acceptable "tolerance" threshholds

The default timeframe is for the last month, and at the top you can control the timeframe allowing you to choose from Last Week, Last Month, Last Quarter, or Last Year.

The Risks table will show you every Risk in your Risk Register along with details about acceptance, adjusted risk value, raw risk value, Controls mapped, and a breakdown of the status for Evidence collected for that Risk. Clicking on the Risks Raw Risk Value Tabs (All Risks, Very Low, Low, Moderate, High, Very High) will filter the chart to show only that status.

Clicking on a specific Risk in the table will take you to the Risk Details report.

Clicking on the name of the Risk in the details table will take you to more information about that Risk in your Risks.

The default timeframe is for the last month, and at the top you can control the timeframe allowing you to choose from Last Week, Last Month, Last Quarter, or Last Year.

The Evidence chart will show you how much evidence has been collected related to that specific Risk and what is labelled as Ok, Needs Attention, Non-Conformity, and Exceptions, with a daily breakdown. Clicking on an Evidence status will filter the chart to show only that status.

The Ticket Responses table shows every ticket that's been created that's been mapped to that Risk along with the Ticket owner, status, and due date. This table is sortable by any column. Clicking on a Ticket name will take you to that specific Ticket for more details.

On the right is all the information specific to that risk with the ability to edit, archive, and create a ticket. Mapping the risk to controls unlocks additional linking and functionality to other areas of the app such as audits.

Updated about a month ago


Next Up

Dive into the nuts and bolts of your Risk Register features:

Using Comply's risk register

Risks Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.