1. TerraTrue
  2. How to Use Launches
  3. Launches

How to use the Risk Registry

Overview

The Risk Registry in TerraTrue provides a flexible solution to help your organization document, manage, and track risks in alignment with various organization risks as well as specific risk frameworks such as NIST, ISO 27001, FedRAMP, and more. This feature allows you to create, categorize, and maintain a repository of risks while enabling structured risk management practices within the platform.

Our first release of Risk Registry allows you to set up your risks and optionally associate the risks with Tasks. As a reminder, Tasks are used to provide structured feedback and ownership of responsibilities on a Launch, including critical information such as due dates and priorities. Association with Tasks allows for your risk mitigation efforts to be managed and tracked over time.

 

Accessing the Risk Registry

The Risk Registry is currently available under Org Settings > Tasks > Risk Registry. Users with the Risk Registry Editor role can create, edit, and manage risks and risk attributes. Launch creators and reviewers can create and edit tasks and associate it to a risk to track the mitigation efforts on a Launch.

 

Configuring the Risk Registry

Step 1: Configure & Manage Risk Attributes

Risk Attributes are custom fields that you can define to help describe a risk. TerraTrue allows you to create any number of attributes you want. 

  • Note: Prior to adding risks, we recommend that you set your risk attributes in advance so that there is less re-work needed in updating the risk items with the attributes.
  • Note: Severity and Likelihood are set as default attributes. The Risk Editor may edit these to fit the needs of the business.

To add a new risk attribute:

  1. Navigate to the Risk Registry.
  2. Click the Attributes tab
    • Note: Likelihood (High, Medium, Low) and Severity (Critical, High, Medium, Low) are available out-of-the-box and can be edited as needed. If you plan on sorting them in a particular order, we recommend placing a numeric value since the data table will sort by ABC/123 order. 
  3. Click + Add Attribute button above the data table.
  4. Select from Multiple Choice, Text, or User attribute types.
    • Note: 
      • Multiple choice allows for risk registry editors to select an attribute value from a pre-defined list for all risks.
      • Text allows for risk registry editors to enter a free-form text as an attribute value for all risks.
      • User allows for risk registry editors to select one or more TerraTrue users from a pre-defined list.

  1. Enter the Attribute name. If you select multiple choice as an attribute type, enter the pre-defined values for the attribute. Text and User attribute types are not-predefined and the values can be entered on the risk item.
  2. Congrats! Now your attribute is successfully added for any risk items to use. 

 

Step 2.1: Upload Risks

There are 2 ways to enter risks into the risk registry: Upload (for bulk population) and manual entry (for a single risk item at a time). In step 2.1, we will cover uploading bulk risks into the Risk Registry. In step 2.2 below, we will cover entering a single risk into the Risk Registry.

  1. Navigate to the Risk Registry.
  2. Click the right caret of the Add Risk Item button on the top right side of the page then click Import from .xlsx from the dropdown menu.

  1. TerraTrue provides a template to start your process of importing to simplify the import process and ensure accurate mapping. Please note:
    • Each attribute value must be mapped to an existing value for multiple choice attributes.
      • Note: To add multiple values to a single attribute, separate existing attribute values by “,” commas.
    • New Attributes cannot be created during import.
    • Rich text is not supported at this time for imports, but it is supported on manual risk entries (see section 2.2 below).
    • User Attribute Type imports are not supported at this time. User mappings to TerraTrue users can be done in the configuration step (see step 5 below).
  2. Collaborate with your teams and fill the template to upload all your risks. Once the template is populated, upload your spreadsheet then click the Next button to move to the next step.
  3. In the next step (configuration), TerraTrue supports convenient owner assignment through the bulk apply of a single owner to all the imported entries. These can later be changed manually per risk item in the preview (see next step) or in each risk item page.
  1. In the configuration step, TerraTrue supports the assignment of the values of risk attributes during the import. We have also created an inline editable preview of the imported risk items so that you may be able manually enter or select an attribute value for each published attribute.
  2. Next, Import the spreadsheet by clicking Import Spreadsheet and you’re done! The imported risk items should appear in your risk registry.

 

Step 2.2: Manually Create a Risk Item

  1. Navigate to the Risk Registry.
  2. Click Add Risk Item on the top right side of the page.

  1. Fill in the following fields:
    • Risk Item: A unique name for the risk.
    • Description: A detailed, rich-text description of the risk.
    • Status:
      • Published: Approved and actively managed that are available to attach to a Task
      • Draft: In progress risks that are not published
      • Archived: Risks that will no longer be available to attach to a task.  
        • Note: If the risk was already attached to a task created before it was archived, it will not be detached.
    • Risk Treatment: A detailed, rich-text outline of how the risk can be detected, controlled, and mitigated.
    • Owners: Users that own the risk item. 
    • Attributes: Custom fields that allow specifying additional attributes on the risk item.
  2. Click Save to add the risk to the registry.

 

Managing Risks

Risk Items have 2 tabs: Profile and Associated Tasks

 

Profile

The risk profile shows the risk items Details, Attributes, and Risk Treatment.

 

Editing Risks

Only Risk Registry Editors have the ability to edit a risk. To edit a risk, select the Edit button in any of the sections and update its content. Click save to finalize the update.

 

Associated Tasks

Associated Tasks will display all tasks in launches that are linked to the risk item. 

  • Note: Associated Tasks will only show tasks for launches that you have permission to access.

 

Associating Risks to Tasks

When creating or updating a task, you can associate it with a risk from the registry.

 

This link is visible within both the task details and the risk entry.

You may reset the risk linkage to associate with another risk if incorrectly entered or if it is no longer needed.

 

Audit Log

Currently, the risk registry will track overall risk item and risk attribute changes in the History tab of the Risk Registry.

  • Note: In a future release, the specific changes of each risk item will be in each Risk Item page and within each task.

 

We are continuously enhancing the Risk Registry to provide even more value and functionality over time. This initial version lays the foundation for future improvements based on user feedback and evolving needs. Shape the future of TerraTrue’s Risk Registry by partnering with us to provide feedback for future enhancements. Please contact your Customer Success Manager to partner with us for streamlined integration of the Risk Registry into your risk management processes.

Was this article helpful?
0 out of 0 found this helpful