Adding, Uploading and Importing Risks

Creating a Risk Register and regularly performing a risk assessment is an integral part of a cybersecurity compliance program.

Starting from a pre-built set of risks or a risk library can be very helpful in working through the risk assessment process. That is because the most common sets of risks are useful across almost all organizations and to help improve your risk assessment project ControlMap has pre-loaded risk sets into the ControlMap hosted risk register.

You still will need to go through the Risk Assessment process, review and score the risks within each risk set along with adding new risks that are specific to your organization. Our hope in using ControlMap's pre-built risk sets is that your risk assessment process will be a lot faster and optimized allowing you to spend more time scoring, categorizing and mitigating risks and less time typing when starting from scratch.




Import Risk Set


1. Go to Risks > Actions > Import Risk Set

2. Select Common RisksCloud RisksAPP & API Dev Risks or Up and Coming Risks.

3. After selection, select Start Import to import the Risk Set.


Risk sets to choose from:


You  have 5 risk sets to choose from. You can preview risks by clicking on "View Risks" or import them with the import button. Use one or more risk sets and mix match as needed especially those starred below which apply to most companies.

  1. Common Risks**
    1. The most common set of risks that apply to most companies
  2. Cloud Risks**
    1. Risks that apply to cloud services and infrastructure such as AWS or Azure
  3. APP & API Dev Risks
    1. Risks associated with developing or hosting software including the OWASP Top 10
  4. Up and Coming Risks
    1. Less common risks that may be trending or on the rise
  5. SCF Risk Catalog
    1. The risk catalog as part of Secure Control Framework 2022


Add Risk

1. Navigate to the Risks section.

2. Click on Actions > Add Risk and enter details for the Risk.

  • Name - Provide an appropriate name to help identify the Risk.
  • Business Impact - Consequences that can arise if the risk is not mitigated.
  • Status- Choose from the following values.
    • Accepted - The risk applies to the business and will need appropriate controls and policies to address it.
    • Mitigated - The risk applies to the business but has been mitigated with existing controls and policies.
    • Closed - This risk does not apply to the business.
    • Transferred - The risk applies to the business, but the enforcement of controls and policies has been transferred to a Third-party.
  • Owner - Identify an owner responsible for mitigating the risk
  • Impact Area - Select the appropriate impact area.
  • Vulnerabilities, Threats, and Security Controls - Use the search functionality to link available vulnerabilities, threats, and security controls.
  • Likelihood - The possibility of the risk impacting the business. Possible values for likelihood are Rare, Unlikely, Possible, Likely, and Certain.
  • Impact Score - Score signifies the potential effect the risk has on the business, should it occur. Possible values for impact score are Negligible, Marginal, Significant, Critical and Catastrophic.

3. Click Save.






1. Go to Risks > Actions > Upload

2. Select Choose File to upload a CSV file that contains relevant risk information and then click Next.

3. Map the column header names from your CSV to their corresponding risk attributes and click Next.

4. Click on Start Import

5. Review your imported risks on the Risks tab to verify accuracy.