Introducing New Risk Status: Treatment in Progress

We've updated our risk management process. The latest change introduces a 'treatment in progress' status, indicating the team is currently undertaking mitigation tasks. Additionally, we've refined a few risk statuses for better accuracy, aligning them with ISO and NIST recommendations and incorporating valuable feedback received.

Use cases

1. Improved Visibility: The new 'Treatment in Progress' status improves visibility into ongoing risk mitigation efforts. This allows stakeholders to monitor the progress of mitigation tasks and allocate resources more efficiently.

2. Dynamic Risk States: The feature that allows transitioning between different risk states based on user actions (such as creating mitigation tasks or adding residual risk) mirrors the dynamic nature of risk management. This provides the flexibility to adapt to changing circumstances and requirements.

What’s New?

A risk is considered to be in an 'Open' state immediately after creation before any risk assessment has been conducted.

Users can initiate the initial risk assessment and link any existing mitigating controls to the risk. Following this step, the risk is deemed to be in an 'Assessed' state.

Users have the option to either create a mitigation task or add residual risk. If a mitigation task is created, the risk is considered to be in 'Treatment in Progress' until the risk is closed.

Alternatively, if residual risk is added without creating a mitigation task, the risk is considered to be in a 'Treated' state.

If a user adds a mitigation task and closes it, the risk status will change to 'Treatment in Progress'. If they then add a residual risk, the status will update to 'Treated'.

However, if a user adds a mitigation task after the addition of residual risk, the risk state reverts to 'Treatment in Progress' until all the mitigation tasks are completed.

Additionally, we are discontinuing the practice of automatically closing a risk after a residual risk assessment. Now, the risk will stay in the treated state unless a user chooses to close it from the actions menu on the risk detail page.

In summary, a risk is considered to be treated when a residual risk is added, and if present, mitigation tasks are completed. It is considered a 'treatment in progress' when the mitigation tasks are overdue and not yet completed.

If you have any questions or issues, please reach out to your assigned Customer Success Manager. They'll be happy to assist you!

To view all the product updates, please click here.