Skip to Main Content
Cyber GRC Ideas Portal
Status Pending Product Manager's Review
Created by Guest
Created on Oct 26, 2022

Ability to identify Risks not covered by any controls in the IT compliance product

Raiffeisen as part of it's use-case testing would like to

• Identify risks which aren’t covered by any control
• Identify assets which are not affected by a dedicated risk

I tried Orphans - but the Assets are related to the Orgs and the Risks related to the Assets), so they don't show up there.

Within the product, with reports available OOTB how would it be possible to identify all

  1. Risks which are not covered by any control? The RCM Report would have been an option but it is not available in the IT Compliance app

  2. Assets which are not affected by a dedicated risk. Assets affected show up, but how do you identify the remaining ones - Is the only option to look at the sum total and subtract it from there.

If a method to identify with a 'none-selected' in the Related Controls in the Risks Library Report were there, all such Risks with no controls linked to them (even though Orgs/Assets are linked to them and are therefore not 'orphans') would be useful.

Thanks.

  • Attach files