Setup Risk Policy

Modified on Tue, 18 Jul 2023 at 03:25 PM

Setup Risk Policy

Within RiskRecon there are 2 types of Risk policies: the Alert Policy and the Action Plan Policy. Both need to be configured to work properly with your organizations risk management strategy. 

RiskRecon has a Risk matrix which can be configured for all the different security criteria. The way you configure these will determine what issues will show up in the action plan, or will be alerted upon when the issues arises. 

Please note that changing the risk configuration will not affect the scoring what so ever.

In order to get to the Risk Policy tab, got to "My Account" and then to "Risk Policy" here we can start configuring.

From here we can configure the Alert Policy (or disable this entirely) an configure the Action Plan Policy. We can do this per Inherent Risk Rating. (As configured in the Setup Risk Configuration)

In order to do this we can use the Configuration Wizard (recommended) or set all risk Security Criteria separately. If you want to start over or you made a mistake you can always click Reset Configuration to reset this to their basic setup.

Within the Configuration Wizard you can chose out of several risk configurations, they all explain separately what the they do and on the right side you will see what issues will be within scope and which ones will be left out. (You can always finetune these afterwards). We recommend the Strict Policy configuration but this might differ per Inherent Risk Category. For example with a vendor/3rd party that has a Low Criticality we might not want to see or deal with all the issues, but instead maybe only the P1 & P2 issues.

Once decided click on "Use this Configuration" and then click "Yes" and later on confirm a second time.

The Configuration Wizard is the same for the Action Plan Policy and the Alert Policy.

Adjusting manually

If you decide you want to adjust the Risk Configuration manually you can do so by clicking on the Risk Security Criteria and then use your mouse to adjust what vector you want to include in the alerts / action plan. If you are happy with the choices click Apply and it will be set. (If the vector is brightly coloured it means its included.)

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article