.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
The Risk Register is where you document, assess, and monitor all identified risks to your organization. Compliance frameworks require you to maintain an active risk management process — this module provides the structure and audit trail.Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
What the risk register is for
Every organization faces risks — data breaches, service outages, vendor failures, regulatory changes. Compliance frameworks like SOC 2 (CC3.1–CC3.4), ISO 27001 (A.8), and HIPAA require you to formally identify these risks, assess their likelihood and impact, decide how to handle them, and track them over time. The Risk Register centralizes this process so your team can manage risks collaboratively and auditors can see that risk management is active and ongoing.Viewing your risks
The risk register shows all identified risks with:| Column | Description |
|---|---|
| Risk Name | Short description of the risk |
| Category | Operational, Technical, Compliance, Financial, or Strategic |
| Likelihood | Rare, Unlikely, Possible, Likely, or Almost Certain |
| Impact | Negligible, Minor, Moderate, Major, or Severe |
| Risk Score | Calculated from likelihood × impact (Low, Medium, High, Critical) |
| Treatment | Mitigate, Accept, Transfer, or Avoid |
| Owner | Who is responsible for managing this risk |
| Status | Open, In Treatment, or Closed |
Adding a new risk
- Navigate to Data Library → Risk Register in the sidebar.
- Click + New Risk.
- Enter the risk name and description — be specific about what could go wrong and what would be affected.
- Select the category, assess the likelihood and impact, and assign an owner.
- Choose a treatment strategy:
- Mitigate — Implement controls to reduce the likelihood or impact
- Accept — Acknowledge the risk and document the rationale for accepting it
- Transfer — Shift the risk to a third party (e.g., insurance, outsourcing)
- Avoid — Eliminate the activity that creates the risk
- If mitigating, document the specific controls or actions being taken.
- Click Save.
Risk scoring
DSALTA calculates a risk score by combining likelihood and impact. The scoring matrix produces four risk levels:- Low — Monitor periodically, no immediate action needed
- Medium — Implement controls within your standard timeline
- High — Prioritize remediation, assign an owner, set a target date
- Critical — Immediate action required, escalate to leadership
Risk Library
DSALTA includes a pre-built risk library with common risks mapped to compliance frameworks. Instead of starting from scratch, browse the library and add relevant risks to your register with one click. Each pre-built risk includes suggested treatment strategies and control mappings.Reviewing risks
Risks should be reviewed regularly — quarterly at minimum, or whenever your environment changes significantly. During a review:- Assess whether the likelihood or impact has changed.
- Verify that treatment plans are being executed.
- Close risks that have been fully mitigated or are no longer relevant.
- Add new risks identified since the last review.