If the default ISMS Risks & Treatment plan does not fit your organisations own Risk Methodology, our Support team can create a Custom Risk Map for you. This can be applied to all existing and future Risk Maps created in your platform. Or, you can have it applied to a specific map.

The following can be customised in ISMS.online risk maps:

  • The number of impact and likelihood levels - for example, in the default ISO 27001 risk map, there are five levels
  • The labels for impact and likelihood levels - for example, in the default ISO 27001 risk map, impact labels are: Insignificant, Minor, Moderate, Major, Severe
  • The scoring methodology (numbers on the risk map squares) - this can be 'Additive' (impact + likelihood), 'Multiplicative' (impact x likelihood) or 'Sequential' (1,2,3,4,5...)
  • The reminder period for each colour level - in the pre-configured ISMS Risks & Treatments map these are 1, 3, 6 and 12 months
  • The colour levels for the map, and where those colours will go. The following colours are available for risk maps in ISMS.online:

  •  (Grey, Turquoise, Blue, Orange, Black, Brown, Yellow, Purple, Green, Red.)

The easiest way to provide us with this information is to provide us with your methodology (including a coloured map, so we can understand how you would like each square to be coloured).

How to request a Custom Risk Map

To request a custom Risk map, you can first create your desired risk map by completing the following steps:

1. Go to work, then all work:

2. Select 'Create New':

3. On the drop down menu, select 'Tool':

4. Select 'Create New' next to 'ISO 27001 Risk and Treatment Plan':

5. Go through the steps as outlined and create the risk map to the desired customisations.

6. Email us at support@isms.online with your desired specifications as well as a link to the risk map you have created

Please Note: We would usually apply this customisation to all existing and future Risk Maps. Unless you would only like this required to a specific map, in which case please let us know which one.

As per all support requests, we will ensure this work is completed within 5 working days from receiving the required information. 

The above information will need to be reflected in '6.1 Risk assessment process' of your Policies and Controls Project.