Skip to content
Log in

Risk register

Definition

A structured record of all identified risks, each with its description, inherent risk score, owner, treatment decision, controls selected, residual risk score, and review date. The authoritative record of an organisation's risk posture.

Related terms

Residual risk
The risk that remains after controls are applied. If residual risk exceeds the organisation's risk appetite, further treatment is required or management...
Risk appetite
The amount and type of risk an organisation is willing to accept in pursuit of its objectives, as defined by its governing...
Risk owner
The individual or role accountable for ensuring a risk is treated appropriately and that the treatment remains effective. Owners should control the...
Risk treatment
The process of selecting and implementing options to modify risk. ISO/IEC 27005 defines four treatment options: accept, avoid, mitigate (reduce), and transfer...
Statement of Applicability (SoA)
A mandatory document listing every ISO/IEC 27001 Annex A control with a statement of whether it is included or excluded, the justification...

Explained in

  • Risk Treatment and the Risk RegisterA structured record of all identified risks, each with its description, inherent risk score, owner, treatment decision, controls selected, residual risk score,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account