Enterprise Risk Platform
RiskSphere
Real Risk Management, Not Just a Spreadsheet
RiskSphere turns risk assessment from a tedious annual exercise into a continuous risk-management programme that genuinely protects your business.

RiskSphere
Enterprise Risk Platform
$4.45M
Average cost of a data breach globally
Source: IBM Cost of a Data Breach 2023
287 days
Average time to identify and contain a breach
Unmanaged risk = a long window of exposure
83%
Of organisations have experienced more than one data breach
Source: IBM Security 2023
A Risk Register in a Spreadsheet Isn't Enough
Many companies have a risk register — but it lives in a spreadsheet updated once a year ahead of an audit. That isn't risk management; it's cosmetic documentation.
Risk evolves every day: new vendors join, new systems are deployed, teams grow. A static risk register doesn't reflect the threats your business actually faces today.
ISO 27001:2022 Clause 6.1 requires a systematic, repeatable risk-assessment process. RiskSphere automates this cycle so your team focuses on mitigation, not administration.
How RiskSphere Works
A simple, structured process your team can run right away.
Identify & Record Risks
Log new risks with full context: affected assets, threat sources, exploited vulnerabilities, and the potential impact on the business.
Assess: Likelihood × Impact
Rate every risk using a matrix configured to your company's standard. The system calculates the inherent risk score and plots the risk on a heatmap automatically.
Define the Treatment Plan
Choose a treatment strategy: mitigate, accept, transfer, or avoid. Assign an owner, deadlines, and implementation milestones that can be tracked in real time.
Implement & Track Controls
Track the implementation progress of the chosen security controls. Every status change is recorded automatically in the audit trail with a timestamp and the name of who made it.
Periodic Review & Residual Risk
Run scheduled risk reviews. RiskSphere calculates residual risk after controls are applied and shows how the organisation's risk profile trends over time.
Features & Capabilities
Built to meet real operational needs — not just a checklist of features that look good in a brochure.
Comprehensive Risk Register
Record every risk with complete attributes: affected asset, threat, vulnerability, likelihood, impact, risk owner, and treatment status — all in one structured view.
Risk Assessment Matrix & Heatmap
Visualise your organisation's risk profile in an interactive heatmap. Instantly identify which risks need immediate attention based on likelihood × impact scoring.
Treatment Plan & Tracking
Create risk treatment plans (accept, mitigate, transfer, avoid) with assigned owners, deadlines, and milestones. Track implementation progress in real time.
ISO 27001 & NIST CSF Frameworks
Automatically map risks to ISO 27001:2022 Annex A and NIST CSF controls. Identify control gaps based on risks that remain unaddressed.
Executive Dashboard
Concise reports designed for senior management — risk summary, risk-profile trends, treatment status, and security-programme metrics in an easy-to-understand format.
Risk History & Trend Analysis
Track how your organisation's risk profile changes over time. Identify risks that are worsening, those successfully mitigated, and recurring threat patterns.
Compliance & Supported Standards
RiskSphere is designed to help your organisation meet the relevant control requirements and information-security standards.
Actions to Address Risks and Opportunities
RiskSphere implements the risk-assessment and risk-treatment processes required by ISO 27001:2022 Clauses 6.1.2 and 6.1.3.
Threat Intelligence
Supports the collection and analysis of relevant threat information to update risk assessments on a regular basis.
Identify — Risk Assessment
Aligned with the Identify function of the NIST Cybersecurity Framework, specifically the Risk Assessment (ID.RA) category.
Banking IT Risk Management
Supports IT risk-management requirements under OJK regulations for the banking and financial sector.
Service Level Agreement (SLA)
The following SLAs apply to all RiskSphere Customers and form part of the mutually signed Service Agreement. All Customers receive full access to every platform feature.
Uptime
99.5%
Monthly service availability, excluding scheduled maintenance announced 24 hours in advance
Critical Incident Response
4 business hours
First response time for issues with a significant operational impact
Normal Issue Response
1 business day
First response time for support requests and general technical questions
Data Backup
Daily
Automatic daily data backup, retained for a minimum of 30 days
RTO (Recovery Time)
8 hours
Maximum time to restore service after a major incident affecting platform availability
RPO (Recovery Point)
24 hours
The most recent data point guaranteed to be recoverable in a system-failure scenario
Incident Notification
≤ 2 hours
Maximum time to notify Customers once an availability incident is identified
* All SLAs are measured monthly and apply from the subscription activation date.
Who Needs RiskSphere?
This platform is designed to address the real pain points of different roles across the organisation.
Risk Manager / Internal Audit
Needs a system that can produce an audit-ready risk register and treatment-plan reports without rebuilding everything from a spreadsheet.
CISO / IT Security Manager
Wants real-time visibility into the entire information-security risk landscape — not an annual snapshot that's already stale by the time it's presented.
Board / C-Level
Needs concise, visual, and actionable risk reports for strategic decisions about security investment.
Frequently Asked Questions
Still have questions about RiskSphere? Reach out to our team via the contact page or the footer.
How is RiskSphere different from an ordinary spreadsheet risk register?
A spreadsheet risk register is a static document that quickly goes stale and is hard to manage collaboratively. RiskSphere is a dynamic system — every change is saved in real time, approval workflows and notifications run automatically, and the audit trail records every modification. Dashboards and reports can be generated at any time without rebuilding the data by hand.
Does RiskSphere support custom risk-assessment methodologies?
Yes. Although RiskSphere ships with ready-to-use ISO 27001 and NIST templates, you can adjust the rating scales, likelihood and impact criteria, and scoring weights to match your organisation's business context and risk-management policy.
Can several departments use RiskSphere at the same time?
Absolutely. RiskSphere supports multiple departments with role-based access control. IT, compliance, operations, and management teams can access the relevant areas with permissions appropriate to their roles.
How does RiskSphere help during an ISO 27001 audit?
RiskSphere produces a draft Statement of Applicability (SoA), risk treatment plan, residual-risk reports, and review history — the key evidence auditors request for Clause 6.1. These documents can be exported in a ready-to-submit format.
Is our risk data secure in RiskSphere?
Data is stored with encryption at rest and in transit. Access is controlled with multi-factor authentication and an audit log that records every access and change. Our infrastructure is hosted in ISO 27001-certified data centres.
Ready to Try RiskSphere?
Schedule a free demo and see firsthand how RiskSphere can simplify enterprise risk platform in your organisation.
