Skip to content

Feature

See your risk, manage it on purpose

A risk register with inherent and residual scoring and clear treatment strategies — defensible and audit-ready by design.

Threat-based assessments with documented decisions.

What you get

Built to be audit-ready

Inherent & residual scoring

Score each risk before and after controls so your decisions hold up to scrutiny.

Documented treatment strategies

Mitigate, accept, avoid or transfer — every decision recorded with its rationale.

Threat-based assessments

Assess risk against real threats with a clear, defensible paper trail.

Works across SOC 2, ISO 27001, HIPAA, CCPA, NIS 2, GDPR, DORA, ISO 27701, ISO 42001, 21 CFR Part 11 and HDS — import, customize and map the frameworks you need, or build your own.

In the product

See it in action

Governance · Risks

Risk register

Inherent Risk

LowHighCritical
Impact
Catastrophic (5)
5
4
1
Significant (4)
1
7
5
Moderate (3)
4
7
1
Low (2)
1
Negligible (1)
Improbable (1)
Remote (2)
Occasional (3)
Probable (4)
Frequent (5)

Likelihood

Residual Risk

LowHighCritical
Impact
Catastrophic (5)
5
4
1
Significant (4)
1
7
5
Moderate (3)
4
7
1
Low (2)
1
Negligible (1)
Improbable (1)
Remote (2)
Occasional (3)
Probable (4)
Frequent (5)

Likelihood

Frameworks

One platform, every framework you need

Per-framework pricing, made affordable for small companies.

  • SOC 2
  • ISO 27001
  • HIPAA
  • CCPA
  • NIS 2
  • GDPR
  • DORA
  • ISO 27701
  • ISO 42001
  • 21 CFR Part 11
  • HDS
  • Custom framework

Explore more

Related capabilities

Get audit-ready. Stay in control.

Start free, then pay per framework as you grow. Transparent pricing that doesn't punish you for being early.

See your risk, manage it on purpose · SOC2Start.io