SecureSlateSecureSlate
Log inSign up
← All docsDocs

Risk Management

Add a Risk Scenario

Use Add Scenario in the Risks tab to capture specific risk events for your organization. Each scenario includes a name, description, category, owner, risk scores, treatment plan, and mapped controls.

From the sidebar, go to Risk → Risk Management → Risks, then click Add Scenario.
 
Add Risk Scenario form

Step 1: Define the basic details

Fill in the top section of the form:

  • Risk Name: A short, clear title for the risk (for example, “Vendor compromise of production systems”).
  • Description: A detailed explanation of the scenario—what could happen, how it might occur, and what assets or processes are affected.
  • Category: One or more categories that best describe the risk (for example, Vendor relationships, Privacy, Cloud & infrastructure). Custom categories you define in Settings will appear here.
  • Owner: The person responsible for monitoring and treating this risk.

Step 2: Score inherent risk

In the Risk Score section, start with Inherent Risk—the level of risk before considering existing controls.

Use the sliders to select:

  • Likelihood: How likely the event is to occur (based on the likelihood scale defined in Settings).
  • Impact: How severe the consequences would be if the event occurs (based on the impact scale).

As you move the sliders, SecureSlate calculates the inherent risk and shows the overall level (for example, Low, Medium, High, Critical).

Step 3: Score residual risk

Scroll down to the Residual Risk section.
 
Add Risk Scenario residual and treatment

Here you estimate risk after considering existing or planned controls:

  • Adjust Likelihood and Impact again to reflect the expected state once controls are in place.
  • Confirm the updated residual risk level shown (for example, Low).

Residual risk helps you document how much risk remains after mitigation.

Step 4: Choose a treatment plan

Under Treatment, choose how you plan to handle this risk:

  • Mitigate: Implement or improve controls to reduce likelihood and/or impact.
  • Avoid: Stop or change activities that create the risk.
  • Transfer: Shift responsibility to another party (for example, using insurance or a third-party provider contract).
  • Accept: Acknowledge the risk and keep it as is without additional action.

Pick the option that matches your organization’s decision for this scenario. You can later use notes or linked controls to justify the choice.

In Map Controls (Optional), you can link controls that reduce the residual risk score.

  1. Click Add Controls.
  2. Select the relevant controls (for example, vendor management controls, access controls, backup and recovery).
  3. Save your selections.

Mapping controls makes it clear which safeguards are used to manage the risk and helps tie your risk register back to the Controls workspace.

Save the risk scenario

When all required fields are complete, click Add Risk to create the scenario.

The new risk will appear in the Risks table with its inherent risk, treatment, status, and owner. You can update scores, treatment, and mapped controls over time as your environment or mitigation plan changes.

Last updated: March 10, 2026