Risk Management in TrustWorks

Table of contents

• Introduction
• Risk Register overview
• Understanding risk statuses
• Viewing and editing risk details
• Risk Templates
• Mitigation measures
• Upcoming improvements to Risk Management
• Conclusion

Introduction

Effective risk management is crucial for any organization, helping to identify, assess, and mitigate potential risks. TrustWorks offers a Risk Management module designed to streamline this process. This guide provides an overview of the Risk Register, details on managing individual risks, and explains how to create and implement mitigation measures.

Risk Register overview

When you open the Risk Management module in TrustWorks, the first thing you'll notice is the Risk Register. This table is a central hub for tracking and managing risks within your organization. Let's have a look at the key components of the Risk Register and what you can do with it.

The Risk Register is a table containing crucial information about identified risks, offering flexibility for managing and organizing your risk data. You can sort and filter by different attributes, making it easy to find specific risks or categories of risks. Here's a breakdown of what you'll find in the Risk Register:

• Risk Names: A unique identifier or description for each risk.
• Risk Level: The current threat level (high, medium, low) of the risk.
• Risk Type: Categorization of the risk into one of the following types: compliance, security, business, or individual impact.
• Owner: The user or team responsible for managing the risk.
• Status: Current status of the risk. Possible values are "Requires Review," "Open," "Accepted," "Residual," "Rejected," and "Eliminated."
• Related Entity: The entity to which the risk is related, such as a data repository, processing activity, or if it's unrelated.
• Creation Date: The date the risk was created or added to the register.
• Actions: Options to view or delete the risk.

Understanding risk statuses

Managing risk effectively requires a clear understanding of the current status of each risk. The status of a risk indicates its current state and informs the necessary actions to be taken.

Here's a closer look at each status available in the TrustWorks Risk Management module:

• Requires Review: This initial status is assigned to newly identified risks or suggestions from the AI Assistant. It means that the risk needs a thorough evaluation to confirm its relevance and accuracy before any further action.
• Open: After a risk has been validated, it is marked as "open." This status indicates that the risk is active and mitigation strategies need to be developed and applied to manage it.
• Accepted: Not all risks can or should be mitigated. When a risk is accepted, it means that the decision has been made to tolerate it as it is, based on a cost-benefit analysis. Continued monitoring ensures that this remains a viable option.
• Residual: Even after implementing mitigation measures, some level of risk may still remain. This "residual" risk is typically lower and within acceptable limits, reflecting the success of your mitigation strategies but also the impossibility of total elimination.
• Rejected: If a risk is deemed irrelevant or based on incorrect data, it can be rejected. This status helps maintain focus on genuine risks and ensures that resources are not wasted.
• Eliminated: The ideal outcome for any risk is its elimination, where it no longer poses a threat to the organization. Achieving this status is a clear indicator of effective risk management.

Viewing and editing risk details

When you view a risk from the list, you gain access to more detailed information. This view allows you to:

• Add/Edit risk description: Customize the risk's description to provide more context or update its details.
• Reassign owner: Change who is responsible for managing the risk. You can select a team or a user.

• Risk Matrix: A 3x3 matrix that shows the risk's severity and likelihood of harm. You can adjust these values based on new assessments or mitigation measures.

• Change related entity: Update the related entity to reflect the most accurate information.

Risk Templates

Another way to add risks is by adding them from one of the over 100 risk templates you will find in the platform. This means that you can efficiently generate risks for your DPIAs without manual input. These templates cover a wide range of categories, including privacy, compliance, information security, and business risks, ensuring a comprehensive approach to risk management.

You can easily access these templates from the ‘Risk’ section of the menu, where you also have the flexibility to create and add your own custom templates. This improvement is designed to make your risk management efforts more efficient, enabling you to focus on addressing the most pressing risks to your organisation.

And they are also available in the Processing Activities, in the Data Repositories, and in the Initiatives where you can add a risk from scratch as always, or you can import them from the templates. You can also click to show inherited risks from related data repository:

Mitigation Measures

Mitigation measures are strategies or actions taken to reduce or control risks. In TrustWorks, you can create mitigation measures manually or use an AI Assistant for assistance in suggesting effective measures.

Manual Creation of Mitigation Measures

When adding mitigation measures manually, you'll need to provide the following details:

• Mitigation Measure: The specific action or strategy to address the risk, like "Implement Data Minimization Principle."
• Description: A brief explanation of the measure and its intended impact.
• Effect on Risk: How the measure affects the risk; whether it eliminates or mitigates it.
• Owner: The user or team responsible for implementing the measure.

This approach offers flexibility and allows you to tailor mitigation measures to specific risks and organizational needs.

AI Assistant for Mitigation Measures

Alternatively, you can use the AI Assistant to suggest mitigation measures. This feature is especially useful when you're unsure of the best strategies or want to expedite the process. Here's how it works:

• The AI Assistant suggests mitigation measures based on the risk's context and type.
• You can review the suggestions, select the ones that apply, and assign an owner or team to each measure.
• By default, the selected mitigation measures will have a "requires review" status, allowing you to adjust them later.

Using the AI Assistant can save time and provide valuable insights into effective risk mitigation strategies. It helps ensure that all risks are addressed, even those that might require unconventional or innovative approaches.

Impact of Implemented Mitigation Measures

Once mitigation measures are implemented, they can affect the risk's likelihood of harm and severity of impact. This dynamic approach allows organizations to adapt to changing conditions and make informed decisions about risk management.

With these options, TrustWorks provides a comprehensive toolkit for addressing risks in a way that suits your organization's structure and risk profile.

Upcoming improvement to Risk Management

The TrustWorks Risk Management module is evolving to provide even more robust tools for managing risks. Here's what's on the horizon:

• Mitigation Measures included in the Risk Templates: This is the next step in the Risk Templates. It will help you be even more efficient when managing the risks in your organisation. When you add a risk from a template, it will automatically include mitigation measures.
• Mitigation Measures as Tasks: In future updates, mitigation measures will be assignable as tasks to the designated owners. This enhancement will make it easier to track who is responsible for implementing each measure and ensure that risk mitigation activities are completed efficiently.

With these upcoming improvements, TrustWorks aims to make risk management more efficient, organized, and effective for all users.

Conclusion

Risk management is a critical component of maintaining the safety and compliance of any organization. TrustWorks' Risk Management module offers a comprehensive set of tools to help you identify, assess, and mitigate risks. From the flexible Risk Register to detailed risk analysis and versatile mitigation measures, the module provides everything you need to manage risks effectively.

The ability to manually create mitigation measures and using the AI Assistant ensures that you have the flexibility to address risks in the most appropriate way for your organization. Additionally, upcoming improvements will make the risk management process even more streamlined and efficient.

By leveraging the features of TrustWorks, you can stay ahead of potential risks and create a safer, more compliant environment. Whether you're just starting your risk management journey or looking to improve an existing process, TrustWorks is designed to meet your needs and help you navigate the complexities of risk management with confidence.