Risk

Read and manage your risk posture

Find your risk posture, read the key risk score and KRI breaches, and drive it down over time.

Program Setup

8 steps

Create a risk initiative

Launch your risk program, the overall risk module, or its third-party (TPRM) submodule, depending on the framework you choose.

Risk Assessment

8 steps

Run a risk assessment

Assess a risk in any domain (operational, financial, IT and cyber, compliance and regulatory, legal, strategic, reputational, ESG, supply chain, and more) against an asset, using vulnerability and threat analysis with inherent risk scoring.

Risk Register

Work the risk register

Track identified risks with their inherent and residual ratings and owners.

Explore a risk

Drill into a single risk to see its profile, assessment, owners, treatment, and activity.

Assign risk owners

Make someone accountable for each risk.

Risk Treatment

Treat a risk

Choose a treatment strategy, apply controls, and assess residual risk.

Applied Controls

View applied controls

See the controls applied to your risks and audit them.

Risk Indicators

Track risk indicators (KRIs)

Add and monitor key risk indicators with targets and tolerances.

Quantitative Risk Analysis

Run quantitative risk analysis

Quantify risk in financial terms (annualized loss expectancy, simulation, scenarios) for board-ready communication.

Risk Views & Domains

View risk by domain

Read the risk dashboard and the operational, IT, cyber, and enterprise risk views.

Third Parties

Work the third-party register

Read and filter the Register tab, where your third parties and their risk live.

8 steps

Onboard third parties

Add one third party through a guided form, or onboard many at once from an Excel file.

Manage a third party

Set accountability, lifecycle stage and tier, and the reassessment cadence.

Offboard a third party

Run the exit checklist, record the reason and date, and sign off.

Act on a third party with Entity Tools

Assess risk, audit, request remediation or evidence, and send a questionnaire from a third party.

Third-Party Tiering

Manage criticality tiers

Define tiers and read the tier coverage and tier-by-risk matrix.

Third-Party Assessments & Evidence

Review third-party compliance posture

See objective posture across your third parties and spot the weak objectives.

Review third-party risk assessments

See inherent versus residual risk and how risks are being mitigated.

Review third-party evidence

Track artefact provision across your third parties.

Run due diligence on third parties

Start a due diligence review across selected third parties.

Send a questionnaire to a third party

Share a framework assessment with a third party by email or by link.

Complete a questionnaire as a third party

Open a shared framework link and complete the assessment as a third party.

Third-Party Gaps

Review third-party gaps

See which third parties have open gaps and where they concentrate.

Fourth Parties

Review fourth parties and concentration

See your extended supply chain and where providers are shared across vendors.

Continuous Monitoring

Set up continuous monitoring

Collect monitorable assets and track findings, coverage, and alerts for third parties.

Third-Party Insights & Trends

Read the program overview

Get the at-a-glance posture, status, and risk picture for the whole program.

Read trend analytics

Track remediation speed, coverage, responsiveness, and posture over time.

Review key risk indicators

Read each risk type score against tolerance and open its drivers.

Third-Party Audit

View third-party audit

See audit engagements and assurance for your third parties.

Third-Party Reporting

Generate third-party reports

Produce the register, assessment, due diligence, concentration, and board reports.