The Risk Assessment module takes you from raw threat identification through structured scoring to residual risk — producing a defensible, exportable risk register your stakeholders can act on.
A complete, structured workflow — from identifying threat actors to communicating residual risk after controls are applied.
Score each threat by the actor's capability and intentions to produce a consistent, comparable threat level across your risk register.
Assess impact across physical, reputational, operational, financial, and legal dimensions — configurable to your organisation's framework.
Compute inherent risk from the threat level and impact score on a visual 5×5 matrix before any controls are applied.
Maintain a reusable library of security controls, each rated for effectiveness, and apply them to individual threats with per-threat tracking.
Automatically compute residual risk after controls are applied, giving decision-makers a clear before/after picture.
Connect risks directly to live Situation Report events, keeping your risk register grounded in observed ground truth.
The controls library lets you build and reuse a catalogue of security measures. Apply controls to specific threats and watch residual risk recalculate automatically — giving you a clear, auditable before/after view for every risk in your register.
Risk Assessment is built for practitioners who need to quantify, justify, and communicate security risk to decision-makers.
Building and maintaining a defensible, audit-ready organisational risk register.
Producing structured risk assessments for clients across multiple engagements.
Needing clear residual risk outputs to prioritise security investment decisions.
Build your first risk assessment in minutes — no installation required.