Treat a risk
Open a risk's Treatment, pick a strategy (Avoid, Reduce, Control, Accept, Transfer), justify it, apply control measures where needed, then assess and apply the residual risk.
Try it in CybervergentOverview
Choose a treatment strategy, apply controls, and assess residual risk.
Step-by-step
- 1 Open a risk from the Risk Register and go to its 'Treatment' tab.
- 2 Under 'Risk Mitigation', select a strategy: Avoid Risk, Reduce Risk, Control Risk, Accept Risk, or Transfer Risk.
- 3 Enter the 'Treatment Justification', the 'Target Completion Date', and the 'Estimated Treatment Cost'.
- 4 If the strategy needs controls, click 'Add Measures', then 'Import Control' to apply controls under 'Risk Controls'.
- 5 Click 'Assess Residual Risk', then set the post-treatment likelihood and impact and the review or reassessment date.
- 6 Click 'Apply Treatment'. The residual rating updates on the register.
- 7 If your governance requires sign-off, the treatment shows as 'Draft' or 'Not Signed-off' until an approver signs it; approval is required for the treatment to take effect.
Related articles
Risk Posture Read and manage your risk posture Find your risk posture, read the key risk score and KRI breaches, and drive it down over time. Program Setup Create a risk initiative Launch your risk program, the overall risk module, or its third-party (TPRM) submodule, depending on the framework you choose. Risk Assessment Run a risk assessment Assess a risk in any domain (operational, financial, IT and cyber, compliance and regulatory, legal, strategic, reputational, ESG, supply chain, and more) against an asset, using vulnerability and threat analysis with inherent risk scoring. Risk Register Work the risk register Track identified risks with their inherent and residual ratings and owners.