If you’re considering using Excel for your Risk Register, this video explains why that might not be the best choice.
Instead, we introduce a more effective alternative using Jira and dedicated risk management plugins. If you prefer watching over reading, check out the full video.
The document where an organization or a risk manager records all identified risks, their analysis, mitigation plans, and ownership details is commonly referred to as a Risk Register. It is a centralized tool for monitoring and managing risks throughout a project or organizational risk management process.
Risk Registers are most often built and manually maintained in an Excel spreadsheet that a Project or Risk Manager tries to keep up to date but Excel has significant drawbacks.
There are 3 main issues with manual risk management in Excel:
These issues may result in incorrect risk prioritizations leading to critical risks being overlooked. This is why we recommend creating the Risk Register in Jira with the help of dedicated risk management plugins like the Risk Manager Plus.
Let’s look into how you can automate your risk management in Jira by setting up a dedicated risk management app to meet your risk management needs.
To avoid the pitfalls of Excel, you can automate your risk management process using Jira. Jira supports plugins specifically designed for risk management, such as the SoftComply Risk Manager Plus. These tools help keep your data up-to-date and reduce errors through automation. They come with templates for risk models and risk registers that you can further modify to meet your risk management requirements.
Setting up a risk register in Jira is straightforward. Start by selecting a risk management app from the Atlassian Marketplace. Choose a template that fits your needs and customize it to align with your risk management process. This customization can include defining risk assessment steps and modifying risk characteristics.
For Risk Models, you can customise the provided templates by specifying:
For Risk Registers, you can customise the ready-made templates by modifying:
The SoftComply Risk Manager Plus offers a dedicated Information Security Risk Management module for companies who want to comply with the ISO 27001.
The InfoSec module provides the following features:
The Information Security Risk module comes with a template for an Asset-based Risk Register where you can identify all your information assets and their descriptions, add risks related to each of them and pick relevant ISO 27001 controls to mitigate these risks.
ISO 27001 controls have already been added to the app, in a module called the Object Register. You can view the detailed description and the control group of each control as defined in the ISO 27001 when working in the Risk Register.
Any additional data to the controls regarding their applicability to your organisation’s information security policy as well as any source information can be added to controls in the Object Register (controls repository).
To monitor your information security risk management progress, you can check the coverage status of assets, risks and controls in the InfoSec Dashboard of the app.
The Dashboard also provides you with the ISO 27001 Checklist where you will find all the ISO 27001 requirements and detailed explanations on how to meet them. You can add links to documents and Jira projects for any evidence of meeting these requirements to easily monitor tasks that still need to be completed.
After having reviewed your information security risks, you can automatically generate the Statement of Applicability.
Using Excel for your risk register might seem like a simple solution, but it comes with many risks. Automating your risk management in Jira not only helps maintain accuracy but also ensures compliance with international standards.
Try the Risk Manager Plus app for free for a month, and consider scheduling a demo to explore more about its capabilities. Click the link to start your trial or book a demo today!
This article was originally published at the SoftComply website on July 16th, 2024.
Marion Lepmets _SoftComply_
CEO
SoftComply
Munich, Dublin, Tallinn
3 accepted answers
0 comments