Risk & Compliance

Identify, score, and treat
privacy risks systematically

ISO 31000-compliant risk register with database-computed scores, interactive heat maps, treatment plans, and automatic alerts when risks reach critical thresholds.

Request a Demo All Features

ISO 31000 Risk Register

Create and manage risks with likelihood (1-5), impact (1-5), category, treatment plan, and owner. Risk scores and severity are auto-calculated by the database, not by application code.

5x5 Heat Map

Interactive risk heat map aggregated via SQL. See how risks distribute across likelihood and impact axes, and spot clusters of critical, high, medium, and low risks at a glance.

Auto-Calculated Scoring

risk_score = likelihood x impact. severity = critical (16+), high (10+), medium (5+), low (<5). Both are PostgreSQL generated columns, so the math is always correct at the database level.

Treatment Plans

ISO 31000 treatment options: accept, mitigate, transfer, avoid. Each risk has a treatment plan, responsible owner, review date, and optional JIRA ticket link.

Critical Risk Webhooks

When a risk score reaches critical (16+), the risk.critical webhook fires immediately. You can also auto-create JIRA tickets for critical risks when integration is enabled.

Compliance Score Integration

Risk register completeness is dimension #7 (weight 8%) of the compliance health score. Unaddressed risks directly lower your compliance grade.

Why teams choose this

Database-computed risk scores eliminate calculation errors
Interactive 5x5 heat map for board-level risk communication
Automatic webhook alerts when risks reach critical threshold
ISO 31000 treatment framework: accept, mitigate, transfer, avoid
JIRA integration for existing risk management workflows
Partial indexes on active risks keep queries fast
Risk register completeness feeds into compliance health score
Full audit trail for every risk creation and status change
RISK

Ready to get started?

See risk assessment in action with a personalized demo.

Request a Demo