Creating new types of risk assessments
In the portal, risk assessments have been automatically created, but it is also possible to make new types of risk assessments and customize what you want to assess risk on. In principle, the tool can be used as desired. For example, you can create a classification assessment, an information security risk assessment for the company and a GDPR risk assessment for the data subject on the same item and be able to see it separately.
Keep in mind that the new types of risk assessments that you create do not affect the dashboard in the portal. This means that creating new types of risk assessments will not close any “gaps” in the dashboard.
If you want to create new types of risk assessments, this is done through settings. Below is a guide that elaborates on where and how to create new types of risk assessments.
Where do I create a new type?
Below you will get a step-by-step guide on how to find the place in the portal where you can create new types of risk assessments.
- New types are created under settings, so you should start by clicking on “settings” in the menu bar on the left.
- When you click on “settings” the menu item will unfold with subitems. In the submenu, click “Data Elements”.
- “Data Elements” are divided into a few different categories. Here you need to click on the category “Risk assessments”, which will open some additional fields.
- To create new types of risk assessments, this must be turned on in settings. To do this, click on the icon. When it is dark blue as in the picture, it indicates that it has clicked on. When you click on the icon, this also causes the “Types” bar to appear.
- To be able to create new types and see types that have already been created, click on this bar.
- If you want to create a new type of risk assessment, click here and you will open a window. It will be discussed in more detail below how to create the new type of risk assessment.
How do I create a new type?
When you click on item number 6 in the image above, you will open a window with a form that you need to fill out to create a new type of risk assessment. The window looks like this:
The review below will be reviewed in three parts, which is reflected in the classification of points above.
- Under this point, you need to make decisions for the structure of your table, and the other parts of the table will adapt depending on whether you choose to have one or two axes and how high the axis should go up.
- Here you edit the different levels and choose which color each level should be indicated with. If you select only one axis in the top fields, you will only see “X axis levels” and not “Y axis levels”.
- In this field, you set the total calculation between the x and y axis, if you have chosen to have two axes, as in the example. If you choose to have only one axis, you won’t have to set the calculation in this field.
Below the three parts will be described in more detail:
- First, you must specify which name you want the type you create to have. You choose what you want to call it, and you type the name, by clicking on the box to the right and typing.
- This icon determines whether you are creating a risk assessment with one or two axes. By default, one axis is turned off, which means that you create a two-axis assessment by default. If you only want one axis, click on the icon to the right so that it is turned on. The icon turns dark blue when turned on.
- In this field, specify how far the X axis max should go. The highest you can choose is 10.
- If you are creating a risk assessment with two axes, set how high the Y axis max should go. Here you can choose a maximum of 10.
- This part is for specifying the name for the X axis. The name reflects what you are assessing based on, on the X axis.
- Here, you must specify the name for the Y axis if you are creating a two-axis risk assessment. The name, in turn, reflects what is assessed on the Y axis.
- Finally, you can choose how the risk should be calculated. Here you can choose between adding and multiplying.
Below, it will be discussed in more detail how to set the different levels that can be assessed by. Please note that the number of levels is determined by the X and Y axis max, which are specified in the fields above. Likewise, you should be aware that if you have selected only one axis, it will only appear for the X axis levels. In the example below, two axes are selected, where both maxes can go up to 5.
- All fields (option 1 – option 5) in both columns can be edited. Here you need to specify a “name” for each level. You may want to rate on low to high, after which you can call them “very low”, “low”, “medium”, “high”, and “very high”. It is up to you how you want to divide the levels and what you want to call them.
- Here you can choose which color you want the choice to reflect in. The colors you can choose from when there are 5 axes are the colors shown in the example.
Finally, when creating a new type, you must set what you want the calculation of the X and Y axis to have of label. This only needs to be set when creating a new two-axis type and will therefore not be available when only one axis has been created. In the example below, the settings are as follows: Two axes, both of which have a max level of 5. Calculation should be done by adding the two levels. When you choose the max level and the calculation form, the system will automatically make a proposal for what the total risk should be, but this is possible to adjust yourself.
- Next to each overall risk, you can see here which color this will reflect in the risk assessment.
- Here it is possible to edit what the total risk must be at the different levels, to be included under one of the 5 labels.
- If you want to, you can edit the name of the level by this field. You can click on the field and write a label for each level of overall risk, but you can also simply use the suggestion that the system provides.
How do I apply my new type of risk assessment
For example, when you create a new work process under data, you will be able to apply the new type of risk assessment to this end. This is done like this:
- Click here to create a risk assessment for the specific work process.
2. Click on “add risk” and choose from the risks created in your portal. In the example, “Evil People” is already chosen, which is why the “add risk” isn’t visible.
3. Once you have selected a risk, the “type” field will appear if you have multiple risk assessments under data elements in your settings. Here you need to click on the field to see the overview of the different risk assessments you can choose from.