If the default ISMS Risks & Treatment plan does not fit your organisations own Risk Methodology, our Support team can create a Custom Risk Map for you. This can be applied to all existing and future Risk Maps created in your platform. Or, you can have it applied to a specific map.
The following can be customised in ISMS.online risk maps:
- The number of impact and likelihood levels - for example, in the default ISO 27001 risk map, there are five levels
- The labels for impact and likelihood levels - for example, in the default ISO 27001 risk map, impact labels are: Insignificant, Minor, Moderate, Major, Severe
- The scoring methodology (numbers on the risk map squares) - this can be 'Additive' (impact + likelihood), 'Multiplicative' (impact x likelihood) or 'Sequential' (1,2,3,4,5...)
- The reminder period for each colour level - in the pre-configured ISMS Risks & Treatments map these are 1, 3, 6 and 12 months
- The colour levels for the map, and where those colours will go. The following colours are available for risk maps in ISMS.online:
(Grey, Turquoise, Blue, Orange, Black, Brown, Yellow, Purple, Green, Red.)
The easiest way to provide us with this information is to provide us with your methodology (including a coloured map, so we can understand how you would like each square to be coloured).
How to request a Custom Risk Map
To request a custom Risk map, you can first create your desired risk map by completing the following steps:
1. Go to work, then all work:
2. Select 'Create New':
3. On the drop down menu, select 'Tool':
4. Select 'Create New' next to 'ISO 27001 Risk and Treatment Plan':
5. Go through the steps as outlined and create the risk map to the desired customisations.
6. Email us at support@isms.online with your desired specifications as well as a link to the risk map you have created
Please Note: We would usually apply this customisation to all existing and future Risk Maps. Unless you would only like this required to a specific map, in which case please let us know which one.
As per all support requests, we will ensure this work is completed within 5 working days from receiving the required information.
The above information will need to be reflected in '6.1 Risk assessment process' of your Policies and Controls Project.