Skip to main content
All CollectionsRisk Assessments
Add Treatments to a Risk Assessment
Add Treatments to a Risk Assessment

This article explains the different ways of adding treatments to a Risk Assessment.

Updated over 3 months ago

Once you have added all the relevant threats, start adding the treatments that are necessary to reduce the risk levels. Treatments are elements that are designed to mitigate the threat. We have chosen to use the terminology from the ISO 31000 standard and called it “Treatments”. It is also called “Mitigating Measures”, “Security Controls” or just “Controls”.

You have two ways of adding treatment in a risk assessment. You can either click on suggested treatment or create your own treatment. Follow the instructions below to do this.

Suggested treatments

Note, this functionality is only possible if this has been set up by an administrator on the Organization page.

  1. Click on the “Suggested Treatments” button and you will be able to see pre-defined treatments from the treatments template.

  2. Click into each to read about them by clicking on the little arrow.

  3. Deselect the ones you find irrelevant by clicking on the checkboxes.

  4. Click import to add the treatments to your risk assessment.

  5. Afterward, click on each treatments to assess their implementation and the effect it has on the active threats.

  6. If you change an automated effect, a wand will appear. Click it to change back to the automated effect.

  7. Click on save.

Filling out the necessary information

Once you have imported the treatments into your RA, you need to fill out the information regarding the treatment. The description can be predefined depending on how much has been filled out by your organization.

Cost

Cost allows you to add a cost for the mitigation. This can also be a negative number - to indicate a saving.

Responsible

Add the person who is responsible for this treatment. You can select from users who have access to this Risk Assessment.

Implementation

In the Implement section, the user has to define the current implementation state of the Treatment. The user can choose between:

  • Implemented

  • Implemented - Over Specified

  • In Progress

  • Not Implemented

  • Not Implemented - Accepted Risk

  • Not set

If the treatment is not implemented or in progress, select a deadline. Select “Not implemented – Accepted Risk” if this treatment deliberately has not been decided to be implemented. This option requires you to leave a comment.

Effects

The effects tab allows the user to specify how effective the respective treatment is at mitigating each threat.

The user can choose between 4 different types of effects it has on each threat:

  • None

  • Low

  • Medium

  • High

Scoring

The effects of a treatment are assigned points based on their level of effectiveness.

  • None: 0 points

  • Low: 1 point

  • Medium: 2 points

  • High: 3 points

If multiple treatments are assigned to a threat, an average is calculated. The average treatment effect is used to determine the overall effectiveness of the treatments in mitigating the threat.

To reduce a High Threat Level to a Medium Risk Level, the average treatment effect must be at least 1.5. To reduce it from High to Low, the average treatment effect must be at least 2.5.

Files

The Files tab allows the user to drop any files that are relevant to that treatment.

Mandatory treatments

Clicking the Suggested Treatment button will reveal the Treatment Suggestions list, where mandatory treatments will be marked with an exclamation mark next to the checkbox. Additionally, the checkbox for mandatory treatments will be disabled, preventing it from being unchecked.

Create treatments

You can create your own treatments in case you would like to supplement the suggested treatments, or if this is the primary way of adding treatments in your organization. To create your own treatment, follow the instructions below:

  1. Click on the Create treatment button.

  2. Fill out the information regarding the treatment manually.

  3. Click on save.


🤔 Didn't find what you were looking for?

Don't worry! We are here to help. Feel free to write directly to us on support@humanrisks.com and we will be of assistance.


Did this answer your question?