Score the risks. Treat them. Pass the audit.
Example risks are already scored in the register, with treatment and owner. Audit-ready for ISO® 27001 and TISAX®.
Risks do not belong in a spreadsheet.
Excel keeps up, until the auditor asks who owns risk #7, when it was last assessed, and why that score.
When risks live in Excel
- Three versions, four inboxes - which one counts?
- No history. The score, never the why.
- Owners as cell text - risks orphan.
- Re-assessment: every row, every date by hand.
- Audit weeks drown in column formatting.
When risks live in the register
- One source, one state, live for everyone.
- Versioned history per risk, with author.
- Owner, policies, and tasks - all linked.
- Re-assessment is one click. Reminders automatic.
- Audit prep: filter, export, done.
Every risk on one screen. Scored, owned, tracked.
Each row carries damage, likelihood, a named owner and a calculated risk class in a format auditors can follow for ISO® 27001 and TISAX®.
Risk register
Assessment & treatment
| ID | Risk | Category | Damage | Likelihood | Score | Status | Owner | |
|---|---|---|---|---|---|---|---|---|
| R-001 | Phishing emails targeting employees | Personnel | 4/5 | 5/5 | 20 / 25 | Action | LM | |
| R-002 | Unauthorized access to customer database | Data | 5/5 | 3/5 | 15 / 25 | Action | AB | |
| R-003 | Cloud service provider outage | Services | 4/5 | 3/5 | 12 / 25 | Action | MK | |
| R-004 | Physical theft of company laptops | Hardware | 3/5 | 3/5 | 9 / 25 | Action | MK | |
| R-005 | Insider threat from disgruntled employee | Personnel | 4/5 | 2/5 | 8 / 25 | Action | LM | |
| R-006 | Natural disaster affecting data center | Facilities | 5/5 | 1/5 | 5 / 25 | Accepted | JR | |
| R-007 | Lost office key | Buildings | 2/5 | 2/5 | 4 / 25 | Auto-accept | JR | |
| R-008 | Outdated emergency contact list | Documentation | 1/5 | 3/5 | 3 / 25 | Auto-accept | AB | |
| R-009 | Unattended print output collected late | Hardware | 1/5 | 3/5 | 3 / 25 | Auto-accept | MK |
R-001
Phishing emails targeting employees
R-002
Unauthorized access to customer database
R-003
Cloud service provider outage
R-004
Physical theft of company laptops
R-005
Insider threat from disgruntled employee
Show 3 more Show less
R-006
Natural disaster affecting data center
R-007
Lost office key
R-008
Outdated emergency contact list
R-009
Unattended print output collected late
Example risks shown. Filter by severity, owner, control, or framework.
Sample view
Sample view with real example risks. You find the same fields, scale, and logic in the workspace after login.
Open one risk and see every decision.
Score, treatment, acceptance reason, linked tasks and policies stay together before the auditor asks.
- Score auto-calculated, here 20/25, risk class Critical.
- Damage x likelihood on a 5-tier scale.
- Acceptance reason next to the score, not buried in an appendix.
- Linked to the policies and tasks that treat the risk.
Start with Valiido today.
What the register handles beyond the score.
Owners, decisions, links, history. Every row carries the answers before the auditor asks the question.
Damage x likelihood
5x5 matrix, risk class auto-calculated. No table to redraw at year-end.
- R-001 Phishing emails LM
- R-002 Ransomware attack TS
- R-003 Customer database AB
One owner per risk
A person, not a department. If they leave, reassignment is a click.
Three decisions, in plain words
Action, accepted, auto-accepted. The reason sits next to the score, not in an appendix.
Linked to policies and tasks
From a risk to the policy and the task that treat it - and back.
- Today LM Score 16 → 20
- Wed AB Action → Accepted
- Mon TS Damage 3 → 4
Versioned history per risk
Who, when, from which value to which, with what reason. Audit trail on every record.
Checked weekly by AuditMagic
Every Monday at 03:00 a report lands: which risks drift, what to do, in one sentence.
Risk management in four steps.
A practical lifecycle for risk assessment and treatment in ISO® 27001 and TISAX®. Valiido turns the standard work into routine.
List the risks that matter
Example risks are already there, add your own anytime. Title, category, sources, vulnerabilities - one row per risk.
Score damage and likelihood
1 to 5 on each axis, the register multiplies and classifies. 5x5 matrix for ISO® 27001 and TISAX®, no configuration.
Plan treatment and document it
Accept with a reason, or link to the policy and task that treat it. Low risks auto-accept by a rule you set.
Re-assess on a schedule
Every change is versioned. Reviews stay on time and the history stays on the risk record.
What risk management usually costs.
Excel carries no price tag, only cost: 30 to 60 person-hours per audit cycle. Dedicated GRC platforms outprice most mid-market budgets.
Excel and manual upkeep
€0
+ 30 to 60 hours per audit cycle
Version chaos. No owners. No history. The audit-day risk never shows up on the invoice.
Traditional GRC platform
€15 to 30 k / year
The big enterprise suites. Powerful but heavy - the risk module is one slice of the bundle.
Valiido
from €149/month
Flat rate, 50 employees included. €124/month billed annually. Register, policies, guide - all in.
Frequently asked questions
Everything you need to know about Valiido, plans, and standards.
Keep your risk register ready for every review.
Assess risks, plan treatments, assign owners and keep every change traceable for ISO® 27001.
AuditMagic checks against Valiido best practices, ISO® 27001 and TISAX® every Monday.
Pick a plan and start today. No setup call, no consultant.
- One named owner per risk
- Versioned history on every row
- Instant access after signup