Using Risk Policies

Modified on Thu, 19 Dec at 9:36 PM

Risk policies, found in 'Administration', are a pre-requisite to automatic risk calculations in the platform:



If you have not created risk policies, the default risk policy will be applied:


An administrator may update the default risk policy, create new risk policies, or delete risk policies.

   A note on deletion: you will need to dissociate any records utilizing a risk policy before it can be deleted.


Risk policies are used in the following modules and record types:


  1. Risk Management
    1. Assessments: Risk policies are applied to assessments during set-up of the Assessment Template (Administration) How to setup Assessment Templates
    2. Risk Groups: Risk policies are applied at the group level for risk registers: Create and use Risk Groups
  2. Enterprise Management
    1. Enterprise Assets: Risk policies are applied to Asset Types (Administration) and will be applied to all Assets created under that Asset Type: C1Risk Solutions: Managing Asset Types

Risk policies are based on a 0-100 percentage scale. This allows risk scores to be calculated, such as in the case of assessments, based on the identified risk as a percentage of the overall possible risk. For example:


       My assessment has 10 questions. 2 of these questions are information, but for the remaining 8, I have assigned a value of 0, 1, or 2 to the answer options, depending on the risk they pose to the organization. 


       A respondent answered 3 questions with answers representing the highest risk, and 2 questions with answers representing low, but some, risk. Thus, out of 10 questions, with a possible maximum risk score of 16, the risk score for this respondent's assessment was (3*2) + (2*1), for a total of 8. This represents a risk score of 50%.


Using the default risk policy, the risk identified by this assessment would be 50% and labeled as 'Medium'.


Risk policies can be adjusted, as needed, utilizing up to 5 tiers, customizing the naming of each tier, tier colors, and tier distribution across the 0-100 scale.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article