If the default ISMS Risks & Treatment plan does not fit your organisations own Risk Methodology, our Support team can create a Custom Risk Map for you. This can be applied to all existing and future Risk Maps created in your platform. Or, you can have it applied to a specific map.


The following can be customised in ISMS.online risk maps:


  • The number of impact and likelihood levels - for example, in the default ISO 27001 risk map, there are five levels
  • The labels for impact and likelihood levels - for example, in the default ISO 27001 risk map, impact labels are: Insignificant, Minor, Moderate, Major, Severe
  • The scoring methodology (numbers on the risk map squares) - this can be 'Additive' (impact + likelihood), 'Multiplicative' (impact x likelihood) or 'Sequential' (1,2,3,4,5...)
  • The reminder period for each colour level - in the pre-configured ISMS Risks & Treatments map these are 1, 3, 6 and 12 months
  • The colour levels for the map, and where those colours will go. The following colours are available for risk maps in ISMS.online:

  •  (Grey, Turquoise, Blue, Orange, Black, Brown, Yellow, Purple, Green, Red.)


The easiest way to provide us with this information is to provide us with your methodology (including a coloured map, so we can understand how you would like each square to be coloured).


How to request a Custom Risk Map


To request a custom Risk map, you can first create your desired risk map by completing the following steps:


1. Go to work, then all work:



2. Select 'Create New':



3. On the drop down menu, select 'Tool':



4. Select 'Create New' next to 'ISO 27001 Risk and Treatment Plan':


5. Go through the steps as outlined and create the risk map to the desired customisations.


6. Email us at support@isms.online with your desired specifications as well as a link to the risk map you have created



Please Note: We would usually apply this customisation to all existing and future Risk Maps. Unless you would only like this required to a specific map, in which case please let us know which one.


As per all support requests, we will ensure this work is completed within 5 working days from receiving the required information. 


The above information will need to be reflected in '6.1 Risk assessment process' of your Policies and Controls Project.