Compliance Operations
      Back to home
      1. Help center
      2. Compliance Operations

      Risk registry and catalog

      A centralized location within the platform where you can view and manage all risks identified through assessments.

      Index:

      1. Risk registry and pane 
      2. Risk catalog
      3. Risk helper 

      1. Risk Registry

      The Risk Registry is a centralized location within the MineOS platform where you can view and manage all risks identified through assessments. Risks are created within assessments based on data-related findings, then automatically appear in the registry for further management.

      a) Overview of Existing Risks

      • The Risk Registry displays all identified risks within assessments, providing a single view for monitoring and managing these risks.
      • Each risk in the registry includes critical details like the assessment it belongs to, risk severity, systems involved, and any current mitigation efforts.
      • This view allows stakeholders to assess the organization’s overall risk status and prioritize mitigation actions.

      **Important to note: We do not allow to create new risks from the catalog 

      b) Creating New Risks in Assessments

      • New risks are created directly within Assessments as part of the data documentation process. While documenting an assessment, you may identify potential risks based on factors like data types, transfers, consent, or employee access.
      • For instance, if handling sensitive data, a high-risk level might be assigned due to exposure to data breaches or non-compliance. Once identified, this risk is automatically added to the Risk Registry.

      c) Editing Risks from the Pane

      • Once a risk is added to the Risk Registry, you can manage it either within the original assessment or directly from the Risk Pane in the registry.
      • The Risk Pane allows you to:
        • Update risk details (e.g., reassess risk level as mitigations are implemented).
        • Add comments or consult with IT and other teams to review mitigations.
      • You can edit risk attributes, such as inherent risk, mitigation mechanisms, and residual risk levels.

      d) Main Workflow: Documenting and Managing Risks

      • The typical flow for risk management starts in Assessments, where risks are initially identified based on data specifics.
      • When documenting an assessment, you may identify risks that could impact the organization’s data privacy (e.g., data type sensitivity, transfer locations, or consent issues). This risk is created in the registry, marked as high or low depending on initial evaluation.
      • As the assessment progresses, you can engage relevant teams (e.g., IT, legal) to determine whether this risk is acceptable, plan mitigation actions, and lower the residual risk. 
        For example, enforcing encryption or limiting data access might reduce the risk level.

      2. Risk Catalog

      The Risk Catalog is a customizable list of risk types, helping you standardize risk terminology and streamline identification across all assessments.

      a) Manage Your Risk Catalog

      • Configure the catalog according to your organization’s risk management frameworks. A consistent risk catalog ensures unified language and approach when assessing risks.

      b) Adding New Custom Risks

      • Users can create custom risks within the catalog, available for selection in assessments. Custom risks are added according to unique organizational concerns that may not be covered by default risk types.
      • Once created, these risks appear across all assessment types, allowing for consistent risk documentation.

      c) Editing custom risks 

      * will not impact existing risks 

      c) Hiding Mine’s Risks

      • Certain predefined risks by Mine are available to aid standardized risk identification across assessments. If a Mine risk is irrelevant to your processes, you can hide it in the catalog.
      • Note: Hidden risks will no longer appear in selection lists but will remain in records if they’re already in use in existing assessments.

      3. Risk Helper

      The Risk Helper feature provides actionable suggestions for certain predefined risk types, streamlining the risk analysis process based on your data and assessment type.

      a) How Does Mine Help You with Risk Analysis?

      • The Risk Helper analyzes specific data within an assessment, such as data types, access permissions, or transfer status, to suggest mitigations for common risks.
      • For example, if the system detects high-risk data or frequent data transfers, it might recommend data minimization or encryption as preventive measures.

      b) Business Impact Based on Assessment Data

      • Based on the assessment data and type (e.g., PIA, TIA), the Risk Helper contextualizes the potential business impact. It provides a clear understanding of how identified risks may affect the organization and suggests practical steps for mitigation.

      Next steps...

      Learn more about the Assessment Module