Risk Management · Register, auditing & treatment

What is risk management? It is the discipline of identifying what could go wrong, deciding how bad it could be, choosing what to do about it, and proving you did so. ISMSVision gives you a living risk register, consistent assessments, a configurable matrix, control linkage, and treatment tracking—plus auditing (schedule, calendar, checklists, and a 384-question ISO 27001/27002 bank) so assurance work stays in the same module. An audit report is being added to summarise outcomes for reviewers.

What’s included

Risk register
Auditing & checklists
ISO audit bank (384)
Controls & NCs
Audit report (soon)

Start free trial Module pricing · from £30/mo

Risk dashboard with summary cards, attention table, and register status

Configured status flow showing progression and exception routes

Workflow automation canvas with approval branch and outcomes

How ISMSVision solves business problems

Boards ask for “top risks” while teams maintain parallel spreadsheets. ISMSVision connects risk to controls and to the rest of the ISMS—so you can prioritise spend, prove treatment, and answer auditors without re-inventing the narrative every quarter.

One register, not five

Consolidate operational, IT, and third-party risk views into records that leadership can actually track.

Decisions you can defend

Likelihood and impact live in a matrix everyone understands—less debate about “how red is red?”.

Link risk to reality

Tie risks to controls and evidence in Document Management—so assessments aren’t detached from what you run day to day.

From register to remediation

Auditing capabilities (schedule, question bank, checklists, upcoming audit report) are included in this module—see the Auditing page for detail. Pair with Document Management for evidence and Supplier Management for third parties. Compare module pricing when you are ready.

🧾

Auditing & assurance

Run internal and external audit programmes without a separate tool: register, calendar, structured checklists, and a built-in ISO 27001/27002 question library (384 questions). Raise non-conformities, risks, and opportunities for improvement from audit work.

Audit schedule and calendar
Question bank with CSV/seed import
Checklist execution on each audit
Audit report (in development)
Full auditing overview →

📋

Risk register

Maintain a structured register with ownership, sources, and status—so leadership sees what is open and what is accepted.

Central record for organisational risk
Traceability for assurance
Less duplication across teams

🎯

Scenario assessment

Describe scenarios and assess them consistently—reducing “gut feel” spreadsheets.

Structured assessment fields
Supports repeat reviews

📊

Risk matrix

Configurable likelihood and impact scales with a visual matrix—communicate priority fast.

Matrix configuration for your programme
Heat-map style clarity

🛡️

Control linkage

Connect risks to controls so treatment plans map to what you actually operate and test.

Aligns risk to control library
Supports audit narratives

🛠️

Treatment & follow-up

Track decisions and actions—so risks do not stall in “we are monitoring” limbo.

Treatment visibility
Ownership and accountability

🔗

Platform-native

Same users, roles, and security model as the rest of ISMSVision—one login, coherent governance.

Works with Service Management for operational context
Pricing · Sales

Why teams standardise here

One story

Risk, suppliers, and documents reference each other instead of living in silos.

Audit friendly

Clear records and linkage beats slide decks when assessors ask “show me”.

Module pricing

£30 per user per month (GBP)—mix and match modules; see full pricing.

Try it

Start a trial.

Make risk operational

Review module pricing, start a trial, or talk to sales about a phased rollout.

View module pricing Start free trial

See risk clearly—and manage it like any other operational work