Skip to content

Risk matrix & overview

Purpose🔗

The Risk Matrix & Overview summarizes your assessments on a matrix. This allows you to see at a glance where risks accumulate in the portfolio and which areas are particularly critical.

Risk Matrix🔗

On the matrix you can see:

  • X-axis: Impact (e.g. low → very high)
  • Y-axis: Likelihood (e.g. very low → very high)

Each cell shows how many risks fall into this combination.
Clicking a cell opens the list of associated risks or resources.

Filter Options🔗

You can typically filter the risk matrix by:

  • Scope (e.g. "Security 2025")
  • Risk (processes, assets, service providers, …)
  • Residual risk assessment (e.g. only completed assessments)
  • other criteria, depending on configuration.

This allows you to focus, for example, on all "very high" risks of a specific scope.

Risk Analysis Overview🔗

In addition to the matrix, there is a tabular Risk Analysis Overview:

  • All risks per resource in list form.
  • With status, initial and residual risk, responsibilities.
  • Sort and filter functions (e.g. by criticality, date of last assessment).

Risk Matrix Configuration🔗

The basic configuration of scales (likelihood, impact, colors, thresholds) is done in the global Risk Matrix Configuration.

By default the scale follows BSI recommendations, but it can be adapted to your organization's requirements (e.g. different levels, different labels).

Notes & Best Practices🔗

  • Use the matrix regularly to identify trends (e.g. increase in critical risks in a specific area).
  • Combined with measure implementation rates, you can effectively visualize risk treatment progress here.