4.9 from 29 reviews

Score the risks. Treat them. Pass the audit.

Example risks are already scored in the register, with treatment and owner. Audit-ready for ISO® 27001 and TISAX®.

Excel vs. register

Risks do not belong in a spreadsheet.

Excel keeps up, until the auditor asks who owns risk #7, when it was last assessed, and why that score.

When risks live in Excel

  • Three versions, four inboxes - which one counts?
  • No history. The score, never the why.
  • Owners as cell text - risks orphan.
  • Re-assessment: every row, every date by hand.
  • Audit weeks drown in column formatting.

When risks live in the register

  • One source, one state, live for everyone.
  • Versioned history per risk, with author.
  • Owner, policies, and tasks - all linked.
  • Re-assessment is one click. Reminders automatic.
  • Audit prep: filter, export, done.
Live risk register

Every risk on one screen. Scored, owned, tracked.

Each row carries damage, likelihood, a named owner and a calculated risk class in a format auditors can follow for ISO® 27001 and TISAX®.

Risk register

Assessment & treatment

Risk class: Critical High Medium Low

R-001

Phishing emails targeting employees

Personnel Critical 20/25
LM
Damage 4/5 x Likelihood 5/5 Action

R-002

Unauthorized access to customer database

Data High 15/25
AB
Damage 5/5 x Likelihood 3/5 Action

R-003

Cloud service provider outage

Services High 12/25
MK
Damage 4/5 x Likelihood 3/5 Action

R-004

Physical theft of company laptops

Hardware Medium 9/25
MK
Damage 3/5 x Likelihood 3/5 Action

R-005

Insider threat from disgruntled employee

Personnel Medium 8/25
LM
Damage 4/5 x Likelihood 2/5 Action
Show 3 more

R-006

Natural disaster affecting data center

Facilities Medium 5/25
JR
Damage 5/5 x Likelihood 1/5 Accepted

R-007

Lost office key

Buildings Low 4/25
JR
Damage 2/5 x Likelihood 2/5 Auto-accept

R-008

Outdated emergency contact list

Documentation Low 3/25
AB
Damage 1/5 x Likelihood 3/5 Auto-accept

R-009

Unattended print output collected late

Hardware Low 3/25
MK
Damage 1/5 x Likelihood 3/5 Auto-accept

Example risks shown. Filter by severity, owner, control, or framework.

Sample view

Sample view with real example risks. You find the same fields, scale, and logic in the workspace after login.

Risk detail view

Open one risk and see every decision.

Score, treatment, acceptance reason, linked tasks and policies stay together before the auditor asks.

  • Score auto-calculated, here 20/25, risk class Critical.
  • Damage x likelihood on a 5-tier scale.
  • Acceptance reason next to the score, not buried in an appendix.
  • Linked to the policies and tasks that treat the risk.
valiido.app/isms/risks

Start with Valiido today.

What the register handles beyond the score.

Owners, decisions, links, history. Every row carries the answers before the auditor asks the question.

Damage x likelihood

5x5 matrix, risk class auto-calculated. No table to redraw at year-end.

  • R-001 Phishing emails LM
  • R-002 Ransomware attack TS
  • R-003 Customer database AB

One owner per risk

A person, not a department. If they leave, reassignment is a click.

Action Accepted Auto-accepted

Three decisions, in plain words

Action, accepted, auto-accepted. The reason sits next to the score, not in an appendix.

R-001 Phishing
Access Policy Task: enable MFA

Linked to policies and tasks

From a risk to the policy and the task that treat it - and back.

  • Today LM Score 16 → 20
  • Wed AB Action → Accepted
  • Mon TS Damage 3 → 4

Versioned history per risk

Who, when, from which value to which, with what reason. Audit trail on every record.

AuditMagic · Monday 03:00
14 risks checked
2 drift against ISO® 27001

Checked weekly by AuditMagic

Every Monday at 03:00 a report lands: which risks drift, what to do, in one sentence.

Risk management in four steps.

A practical lifecycle for risk assessment and treatment in ISO® 27001 and TISAX®. Valiido turns the standard work into routine.

1 / Identify

List the risks that matter

Example risks are already there, add your own anytime. Title, category, sources, vulnerabilities - one row per risk.

2 / Assess

Score damage and likelihood

1 to 5 on each axis, the register multiplies and classifies. 5x5 matrix for ISO® 27001 and TISAX®, no configuration.

3 / Treat

Plan treatment and document it

Accept with a reason, or link to the policy and task that treat it. Low risks auto-accept by a rule you set.

4 / Track

Re-assess on a schedule

Every change is versioned. Reviews stay on time and the history stays on the risk record.

The alternatives

What risk management usually costs.

Excel carries no price tag, only cost: 30 to 60 person-hours per audit cycle. Dedicated GRC platforms outprice most mid-market budgets.

Excel and manual upkeep

€0

+ 30 to 60 hours per audit cycle

Version chaos. No owners. No history. The audit-day risk never shows up on the invoice.

Traditional GRC platform

€15 to 30 k / year

The big enterprise suites. Powerful but heavy - the risk module is one slice of the bundle.

Valiido

from €149/month

Flat rate, 50 employees included. €124/month billed annually. Register, policies, guide - all in.

Frequently asked questions

Everything you need to know about Valiido, plans, and standards.

Keep your risk register ready for every review.

Assess risks, plan treatments, assign owners and keep every change traceable for ISO® 27001.

AuditMagic checks against Valiido best practices, ISO® 27001 and TISAX® every Monday.

Pick a plan and start today. No setup call, no consultant.

  • One named owner per risk
  • Versioned history on every row
  • Instant access after signup
Christopher Eller, founder of Valiido Christopher, Founder Questions? Message me.