Skip to main content
CENEDRIL MANUAL
Open Cenedril
Documentation · Risk Register

Use the risk register

Updated on 3 min Open in Cenedril

Goal View all organizational risks from the ISMS in one place, plot them on the risk matrix, filter by level, owner or treatment, and read off the residual risk after treatment.

The risk register gathers every risk from your ISMS into one read-only view under Documentation → Risk Register. At the top you see a summary by risk level, below it the risk matrix, and finally a searchable list with risk analysis, treatment and residual risk per scenario. The content is generated automatically from your ISMS Wizard risk scenarios.

Open the register

Open the risk register

In the sidebar open Documentation and select Risk Register. The page shows two tabs: ISMS Risks (risks from the ISMS Wizard) and Data Privacy Risks (assessments from the data protection impact assessments). Each tab shows the number of risks it contains.

The risk register with the “ISMS Risks” and “Data Privacy Risks” tabs, the level tiles and the risk matrix below them.

Read the summary by level

At the top of the page each risk level has a tile with the number of risks at that level. When residual data exists, each tile shows two values with an arrow between them: the count before treatment and the count after treatment.

Plot and filter risks

Read the risk matrix

Below the tiles sits the Risk Matrix. Each dot represents a risk scenario, positioned by impact and likelihood. When residual data exists, the matrix compares the original position with the position after treatment. Clicking a dot scrolls to the matching risk card in the list.

The risk matrix plots each scenario by impact and likelihood; the popover shows priority, description, owner and risk score.

Filter and search risks

The filter area narrows the list: use All Levels, All Owners, All Types (asset-based or event-based) and All Treatments (avoidance, retention, controls, sharing, controls & sharing, untreated). The search box scans assets, threats, vulnerabilities and descriptions. To the right, a count shows how many of the existing risks match the current filters; Clear filters removes the narrowing again.

Individual risks in detail

Expand a risk card

Each risk appears as a card with a short description, score, level and treatment icon. Expand a card to see the full Risk Analysis (impact and likelihood), the chosen Treatment, the Linked Controls and the Residual Risk after treatment.

Data privacy risks

Switch to the data privacy risks

Switch to the Data Privacy Risks tab at the top. It shows the risks from your data protection impact assessments (DPIAs) with their assigned measures, separate from the ISMS risks on the first tab. If there are no DPIA risks yet, the Go to the Data Privacy Assistant button takes you straight there to start an assessment.

The “Data Privacy Risks” tab lists the assessments from the data protection impact assessments.

Result: you see the entire risk inventory from the ISMS on one page, can narrow it by level, owner, type and treatment, and read off the analysis, treatment and residual risk for each scenario. The second tab holds the risks from the data protection impact assessments.

Frequently asked questions

How do I edit risks in the register?

The register is a read-only view. It is generated automatically from your ISMS Wizard risk scenarios. You create and assess risks in the ISMS Wizard under risk identification; the register shows the result in one place.

What do the two numbers in the level tiles mean?

Once residual risk is recorded for risks, each tile shows two values with an arrow between them: on the left the number of risks at that level before treatment, on the right the number after treatment. Without residual data only a single number appears.

What do the ISMS Risks and Data Privacy Risks tabs show?

The “ISMS Risks” tab shows the risks from the ISMS Wizard with the matrix, filters and cards. The “Data Privacy Risks” tab shows the risk assessments from the data protection impact assessments (DPIAs) of your Data Privacy Wizard.

Why is my register empty?

No risk scenarios have been identified yet. The “Go to ISMS Wizard” button takes you straight to risk identification so you can create the first scenario.

Can I filter by owner?

Yes. The filter area offers dropdowns for level, owner, type and treatment, plus a free-text search. The match count is shown as “shown/total” to the right of the filters.

Documentation & Registers

Richtlinien & Verfahren erzeugen und verwalten

So finden, filtern, genehmigen und versionieren Sie in Cenedril Ihre Richtlinien und Verfahren unter Dokumentation → Richtlinien und Verfahren.

Security Operations & Threat Intel

Threat Intel hinzufügen und als Schwachstellen behandeln

So erfassen Sie in Cenedril eine Bedrohung im Bedrohungsregister, bewerten ihre Relevanz, verknüpfen sie mit Schwachstellen und machen aus einem Feed-Advisory eine Schwachstelle.