Enterprise Risk Platform

RiskSphere

Real Risk Management, Not Just a Spreadsheet

RiskSphere turns risk assessment from a tedious annual exercise into a continuous risk-management programme that genuinely protects your business.

RiskSphere Icon

RiskSphere

Enterprise Risk Platform

Comprehensive Risk RegisterRisk Assessment Matrix & HeatmapTreatment Plan & Tracking

$4.45M

Average cost of a data breach globally

Source: IBM Cost of a Data Breach 2023

287 days

Average time to identify and contain a breach

Unmanaged risk = a long window of exposure

83%

Of organisations have experienced more than one data breach

Source: IBM Security 2023

A Risk Register in a Spreadsheet Isn't Enough

Many companies have a risk register — but it lives in a spreadsheet updated once a year ahead of an audit. That isn't risk management; it's cosmetic documentation.

Risk evolves every day: new vendors join, new systems are deployed, teams grow. A static risk register doesn't reflect the threats your business actually faces today.

ISO 27001:2022 Clause 6.1 requires a systematic, repeatable risk-assessment process. RiskSphere automates this cycle so your team focuses on mitigation, not administration.

How RiskSphere Works

A simple, structured process your team can run right away.

01

Identify & Record Risks

Log new risks with full context: affected assets, threat sources, exploited vulnerabilities, and the potential impact on the business.

02

Assess: Likelihood × Impact

Rate every risk using a matrix configured to your company's standard. The system calculates the inherent risk score and plots the risk on a heatmap automatically.

03

Define the Treatment Plan

Choose a treatment strategy: mitigate, accept, transfer, or avoid. Assign an owner, deadlines, and implementation milestones that can be tracked in real time.

04

Implement & Track Controls

Track the implementation progress of the chosen security controls. Every status change is recorded automatically in the audit trail with a timestamp and the name of who made it.

05

Periodic Review & Residual Risk

Run scheduled risk reviews. RiskSphere calculates residual risk after controls are applied and shows how the organisation's risk profile trends over time.

Features & Capabilities

Built to meet real operational needs — not just a checklist of features that look good in a brochure.

Comprehensive Risk Register

Record every risk with complete attributes: affected asset, threat, vulnerability, likelihood, impact, risk owner, and treatment status — all in one structured view.

Risk Assessment Matrix & Heatmap

Visualise your organisation's risk profile in an interactive heatmap. Instantly identify which risks need immediate attention based on likelihood × impact scoring.

Treatment Plan & Tracking

Create risk treatment plans (accept, mitigate, transfer, avoid) with assigned owners, deadlines, and milestones. Track implementation progress in real time.

ISO 27001 & NIST CSF Frameworks

Automatically map risks to ISO 27001:2022 Annex A and NIST CSF controls. Identify control gaps based on risks that remain unaddressed.

Executive Dashboard

Concise reports designed for senior management — risk summary, risk-profile trends, treatment status, and security-programme metrics in an easy-to-understand format.

Risk History & Trend Analysis

Track how your organisation's risk profile changes over time. Identify risks that are worsening, those successfully mitigated, and recurring threat patterns.

Compliance & Supported Standards

RiskSphere is designed to help your organisation meet the relevant control requirements and information-security standards.

Clause 6.1

Actions to Address Risks and Opportunities

RiskSphere implements the risk-assessment and risk-treatment processes required by ISO 27001:2022 Clauses 6.1.2 and 6.1.3.

A.5.7

Threat Intelligence

Supports the collection and analysis of relevant threat information to update risk assessments on a regular basis.

NIST CSF

Identify — Risk Assessment

Aligned with the Identify function of the NIST Cybersecurity Framework, specifically the Risk Assessment (ID.RA) category.

OJK POJK 11

Banking IT Risk Management

Supports IT risk-management requirements under OJK regulations for the banking and financial sector.

Service Level Agreement (SLA)

The following SLAs apply to all RiskSphere Customers and form part of the mutually signed Service Agreement. All Customers receive full access to every platform feature.

Uptime

99.5%

Monthly service availability, excluding scheduled maintenance announced 24 hours in advance

Critical Incident Response

4 business hours

First response time for issues with a significant operational impact

Normal Issue Response

1 business day

First response time for support requests and general technical questions

Data Backup

Daily

Automatic daily data backup, retained for a minimum of 30 days

RTO (Recovery Time)

8 hours

Maximum time to restore service after a major incident affecting platform availability

RPO (Recovery Point)

24 hours

The most recent data point guaranteed to be recoverable in a system-failure scenario

Incident Notification

≤ 2 hours

Maximum time to notify Customers once an availability incident is identified

* All SLAs are measured monthly and apply from the subscription activation date.

Who Needs RiskSphere?

This platform is designed to address the real pain points of different roles across the organisation.

01

Risk Manager / Internal Audit

Needs a system that can produce an audit-ready risk register and treatment-plan reports without rebuilding everything from a spreadsheet.

02

CISO / IT Security Manager

Wants real-time visibility into the entire information-security risk landscape — not an annual snapshot that's already stale by the time it's presented.

03

Board / C-Level

Needs concise, visual, and actionable risk reports for strategic decisions about security investment.

Frequently Asked Questions

Still have questions about RiskSphere? Reach out to our team via the contact page or the footer.

How is RiskSphere different from an ordinary spreadsheet risk register?

A spreadsheet risk register is a static document that quickly goes stale and is hard to manage collaboratively. RiskSphere is a dynamic system — every change is saved in real time, approval workflows and notifications run automatically, and the audit trail records every modification. Dashboards and reports can be generated at any time without rebuilding the data by hand.

Does RiskSphere support custom risk-assessment methodologies?

Yes. Although RiskSphere ships with ready-to-use ISO 27001 and NIST templates, you can adjust the rating scales, likelihood and impact criteria, and scoring weights to match your organisation's business context and risk-management policy.

Can several departments use RiskSphere at the same time?

Absolutely. RiskSphere supports multiple departments with role-based access control. IT, compliance, operations, and management teams can access the relevant areas with permissions appropriate to their roles.

How does RiskSphere help during an ISO 27001 audit?

RiskSphere produces a draft Statement of Applicability (SoA), risk treatment plan, residual-risk reports, and review history — the key evidence auditors request for Clause 6.1. These documents can be exported in a ready-to-submit format.

Is our risk data secure in RiskSphere?

Data is stored with encryption at rest and in transit. Access is controlled with multi-factor authentication and an audit log that records every access and change. Our infrastructure is hosted in ISO 27001-certified data centres.

Ready to Try RiskSphere?

Schedule a free demo and see firsthand how RiskSphere can simplify enterprise risk platform in your organisation.