Risk & Compliance

Identify, score, and treat
privacy risks systematically

ISO 31000-compliant risk register with database-computed scores, interactive heat maps, treatment plans, and automatic alerts when risks reach critical thresholds.

Request a Demo All Features

ISO 31000 Risk Register

Create and manage risks with likelihood (1-5), impact (1-5), category, treatment plan, and owner. Risk scores and severity are auto-calculated by the database — never by application code.

5x5 Heat Map

Interactive risk heat map aggregated via SQL. Visualize risk distribution across likelihood and impact axes. Instantly see clusters of critical, high, medium, and low risks.

Auto-Calculated Scoring

risk_score = likelihood × impact. severity = critical (≥16), high (≥10), medium (≥5), low (<5). Both are PostgreSQL GENERATED columns — mathematically guaranteed at the database level.

Treatment Plans

ISO 31000 treatment options: accept, mitigate, transfer, avoid. Each risk has a treatment plan, responsible owner, review date, and optional JIRA ticket link.

Critical Risk Webhooks

When a risk score reaches critical (≥16), the risk.critical webhook fires immediately. Auto-create JIRA tickets for critical risks when integration is enabled.

Compliance Score Integration

Risk register completeness is dimension #7 (weight 8%) of the compliance health score. Unaddressed risks directly impact your compliance grade.

Why teams choose this

Database-computed risk scores eliminate application-level calculation errors
Interactive 5x5 heat map for board-level risk communication
Automatic webhook alerts when risks reach critical threshold
ISO 31000 compliant treatment framework (accept, mitigate, transfer, avoid)
JIRA integration for existing risk management workflows
Partial indexes on active risks keep queries fast
Risk register completeness feeds into compliance health score
Full audit trail for every risk creation and status change
RISK

Ready to get started?

See risk assessment in action with a personalized demo.

Request a Demo