DRAFT: What is the risk register?

The Risk Register is part of the Compliance feature, which is not yet available on most customer systems, but is currently under development.

NIST defines a risk register as “a repository of risk information including the data understood about risks over time.” (For more info, see: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8286.pdf .) The risk register should include information like a description of the risk, its likelihood, severity of impact and current mitigation details, as well as ownership and information about how these data change over time.

In Isora GRC, you can access the risk register from the Compliance link on the main navigation bar. Clicking on Compliance opens a drop-down where you can choose Risk Register.

How to access the Risk Register

The risk register is used to track information about known risks that apply to specific organizational units.

For more info, see: