If the default ISMS Risks & Treatment plan does not fit your organisations own Risk Methodology, our Support team can create a Custom Risk Map for you. This can be applied to all existing and future Risk Maps created in your platform. Or, you can have it applied to a specific map.
The following can be customised in ISMS.online risk maps:
- The number of impact and likelihood levels - for example, in the default ISO 27001 risk map, there are five levels
- The labels for impact and likelihood levels - for example, in the default ISO 27001 risk map, impact labels are: Insignificant, Minor, Moderate, Major, Severe
- The scoring methodology (numbers on the risk map squares) - this can be 'Additive' (impact + likelihood), 'Multiplicative' (impact x likelihood) or 'Sequential' (1,2,3,4,5...)
- The reminder period for each colour level - in the pre-configured ISMS Risks & Treatments map these are 1, 3, 6 and 12 months
- The colour levels for the map, and where those colours will go. The following colours are available for risk maps in ISMS.online:
- (Grey, Turquoise, Blue, Orange, Black, Brown, Yellow, Purple, Green, Red.)
There are two ways to request a risk map customisation depending on if you have already scored your risk map or not and these are as follows:
Customising a risk map within the platform
If you have a risk map where none of the risks have been scored, you can customise your risk map using the following steps:
1. Select the settings option on the top right of your risk map:
2. Scroll down to the 'Change colours, labels, size or review periods' and select 'configure risk map':
3. From here you should see all the options listed above and you should be able to go through all of these and customise your risk map to your specifications
Requesting a Custom Risk Map Through Support
How to request a Custom Risk Map
If you have an existing risk map that has risks that have already been scored, you can request a risk map customisation through our support team. To request a custom Risk map, you can first create your desired risk map by completing the following steps:
1. Go to work, then all work:
2. Select 'Create New':
3. On the drop down menu, select 'Tool':
4. Select 'Create New' next to 'ISO 27001 Risk and Treatment Plan':
5. Go through the steps as outlined and create the risk map to the desired customisations.
6. Email us at email@example.com with your desired specifications, the maps you would like customising as well as a link to the template risk map you have created
While we do our best to ensure that any changes does not impact existing scoring / readings, some times we have no choice but to clear any existing readings from an existing risk map when applying the customisation.
We recommend taking an export of the risk map before any customisation work happens so you can attach the export to a control (e.g 6.1) to show the methodology before and after the customisation.
We would usually apply this customisation to all existing and future Risk Maps. Unless you would only like this required to a specific map, in which case please let us know which one.
As per all support requests, we will ensure this work is completed within 5 working days from receiving the required information.
The above information will need to be reflected in '6.1 Risk assessment process' of your Policies and Controls Project.