Performing a Risk Assessment
A risk assessment lets you evaluate the real-world impact and likelihood of a specific risk scenario — and define what should be done to reduce it.
You can perform assessments for:
- A processing activity (e.g. payroll handling)
- A system/asset (e.g. Microsoft 365)
How to Perform an Assessment
- First make sure that you have setup your risk template
- Select:
- Scope (asset or activity)
- Compliance domain (GDPR, NIS2, etc.)
- Open Risk Assessment for a processing activity or a Asset
- The risk scenarios will now appear
- For each scenario:
- Rate likelihood and describe possible consequences.
- Rate impact and describe security measures.
- Describe existing controls
- Suggest planned actions
- Provide an overall justification
Examples
- Scenario: Loss of availability
- Likelihood: Low
- Impact: High
- Controls: Redundant backup and 24/7 monitoring
- Final score: Moderate
After Assessment
- Export to PDF or Excel
- Create mitigation tasks directly from scenarios
- Reassess later using version control