Report Risks Outcomes

The most important aspect of managing your information security controls effectively is to ensure they are mitigating actual risks your business faces.

In the reports module you can create:

• A Risk Matrix that reflects the risk matrix under your company settings.
• Risk graphs that visual your risk
• A table of risk related findings

You can include and filter information in the report such as:

• Practice area
• Risks by current ratings
• Treatment plans and target ratings (for professional account holders only)
• Key findings
• Standard controls
• Notes
• Action plans
• Supporting evidence and much more.

Reporting the Risk Matrix

Include the Risk Matrix in the introduction of your report to set the scene.

Create a Risk Section in a report

Create a Risk Graph

There are two types of graphs:

1. Bar Graph
2. Bubble Graph

Create a Table to describe Risk Findings

When you create a table some of the fields are automatically populated.

You can change what is included in your tables with a few simple steps.

Report High Risks by Filtering by Current Risk Rating

Use Key Findings and Action Plans to describe why the risk is high and what to do about it

Forecasting future risk (for Professional Accounts only)

To forecast the target risk rating you will need to have gone to the risk assessment as part of the assessment and selected a treatment plan and target risk rating for each of the high risks.

Once treatment plans and target risk ratings for each of the high risks are created you can use these fields to create a forecast risk rating for each risk.

What risk will we have if we take action? (for Professional accounts only)

Risk Commentary

‍