Live demoFictional sample data. Explore every screen. Nothing you click is saved.Fictional sample data. Nothing is saved.
Sign up for a real accountSign up12Compliance
Identify risks, score them on a 5x5 likelihood x impact grid, and track residual risk after mitigating controls. Read-only auditors see the register but cannot edit it.
| Impact 5 | 5 | 101 | 151 | 20 | 25 |
|---|---|---|---|---|---|
| 4 | 4 | 8 | 121 | 16 | 20 |
| 3 | 3 | 61 | 91 | 121 | 15 |
| 2 | 2 | 4 | 6 | 8 | 10 |
| 1 | 1 | 2 | 3 | 4 | 5 |
| Likelihood 1 | 2 | 3 | 4 | 5 |
Overly broad IAM roles could allow lateral movement into prod data stores.
Mitigation: Least-privilege IAM roles enforced; access reviewed quarterly (CC6.1, CC6.3).
Key subprocessor's SOC 2 report lapsed; bridge letter not yet obtained.
One device group below target for full-disk encryption enrollment.
Mitigation: MDM policy pushed; remaining devices remediating this week.
Incident response relies on one engineer for a critical subsystem.
Support workflow allowed a CSV export to a personal device before DLP rollout.
Mitigation: DLP policy blocks unmanaged-device exports; incident closed (CC7.4).
Mobile SDK captures device identifiers beyond documented scope.
Mitigation: Contractual DPA amendment signed; SDK config scoped down.