BOOST YOUR PRODUCTIVITY & TRANSFORM YOUR RISK REGISTER IN JIRA

June 26, 2023
Table of Contents

    Why Jira for your Risk Register?

    Risk Management is an essential governance practice for enterprise, product, portfolio, information security and project management. For many of us, the Risk Register is still stuck in a MS Excel spreadsheet that someone like the Project Coordinator or the Risk Manager tries to keep updated.

    Managing your risks in Jira will allow you to automate the risk management process and get rid of possible human-errors, especially while establishing risk traceability. Check out how you can build a Risk Register in Jira.

    Advantages of Managing Risks In Jira

    You can manage all the different types of risks in one Jira project with the Risk Manager Plus:

    • manage your Enterprise, Information Security, Product and Project Risks in Jira Cloud;
    • build global Risk Model and Risk Table Templates & assign them to your existing Jira projects for your risk management purposes;
    • build 2- or 3-dimensional Risk Matrices;
    • build Risk Model for RPN (Risk Prioritization Number);
    • customise Risk Models with up to 10 user-defined Risk Characteristics (Severity, Likelihood, Detectability, etc);
    • customise Risk Models with up to 10 user-defined Risk Iterations (Initial, Current, Target, etc)
    • use several Risk Models in one Jira Project;
    • build your custom Jira Risk Register – a Multi-Sheet Risk Table for managing all your risks in the same project;
    • create an Object Register for risk related data that can easily be used in risk management across your organisation;
    • track your progress in meeting the requirements of ISO/IEC 27001 & automatically generate the Statement of Applicability;
    • report your risks in Jira Dashboard or in Confluence.

    Main Modules of Risk Management

    The SoftComply Risk Manager Plus app provides the risk managers with 5 dedicated risk modules to work in:

    • Risk Models
    • Risk Registers
    • Object Registers
    • Information Security Dashboard (for ISO/IEC 27001 compliance)
    • Risk Reporting in Jira Dashboards & Confluence Cloud

    Risk Models

    Risk Model is the central element of risk management, it is the basis on which your risks are assessed.

    With the Risk Manager Plus app you can design your own Risk Models. In fact, you can design the templates for Risk Models that anyone in your organisation can use. You can define the type of the Risk Model: Risk Matrix or Risk Score (i.e. RPN – Risk Prioritisation Number), up to 10 Risk Characteristics (i.e. Impact, Likelihood, Detectability, etc) with their levels and descriptions. You can also define the number of times you wish to assess the risks, i.e. Risk Iterations like Initial, Post-Market, Target, etc.

    Unique about Risk Models in the Risk Manager Plus

    1. Ability to use multiple Risk Models in one Risk Project – you can assign various Risk Models to one project, preferably to different Jira issue types. This feature supports managing all your risks in one project.
    2. With the Risk Manager Plus, a Risk Manager can create global Risk Model templates for the entire organisation to use. Only with sufficient permissions can users create and modify templates for the organisation.

    Risk Manager Plus provides full customisability of your Risk Models thereby supporting the majority of Risk Management methods and frameworks that are being used in project, product, enterprise, governance and information security risk management.

    Risk Registers

    Most Risk Managers have, at some point in their career, used the Excel spreadsheets for risk management. Although Excel is an amazing tool, it was not built for Risk Management (you can read why it does not really manage to do the job here). Because of the risk managers’ familiarity with Excel, we have created a Jira Risk Register – a multi-sheet Risk Table that can be used as the main workspace for managing risks. This Jira Risk Register is fully customisable to fit the exact risk management needs of your organisation.

    You can create the Risk Table template that is available for anyone managing risks in your organisation. You have the possibility to create multiple sheets for the Risk Table to support different types of risks to be managed on separate sheets yet in one Jira project. You can add the types of columns to each sheet that you wish, including the risk management fields that correspond to the Risk Models that you want to be used in the project.

    Unique about Risk Registers in the Risk Manager Plus

    1. Risk Manager Plus on Jira Cloud is the only risk app that provides users with the Jira Risk Register, i.e. Risk Table in which you can manage (not just view) the risks – create, edit, sort, group, filter risks.
    2. Risk Manager Plus provides users with a Jira Risk Register / Risk Table where users can create multiple sheets – this supports managing all your different types of risks in the same Table and the same Project.

    Users can assign a different Risk Model to each Sheet of the Jira Risk Register thereby assigning various Risk Assessment methods to the same Jira Project to assess different types of risks.

    Object Registers

    Object Registers are a brand new feature of the Risk Manager Plus app. Object Registers are central repositories for risk related data that are globally available and centrally controlled like Hazards, Assets or Controls. You can manage these data sets across your organisation while keeping the list continuously up to date. You can use the data sets in your Risk Table when managing risks ensuring consistent risk data input in your projects.

    Unique about Object Register in the Risk Manager Plus

    Risk Manager Plus on Jira Cloud is the only risk app that has an Object Register feature to support consistent use of organisation-wide risk related data like Assets, Controls, Hazards and Harms.

    Information Security Risk Management

    The SoftComply Risk Manager Plus app comes with a powerful Information Security Management Module (integrating the full functionality of the SoftComply Information Security Risk Manager app).

    This module includes the Information Security Dashboard with a Checklist monitoring your progress towards compliance with the ISO/IEC 27001 as well as a Traceability Matrix indicating the coverage status between assets, risks and controls.

    The Information Security Module comes with a pre-populated and configurable set of ISO/IEC 27001 Controls.

    Once you are ready for the ISO/IEC 27001 audit, you can generate your Statement of Applicability automatically from the Information Security Dashboard.

    Unique about Information Security Module in the Risk Manager Plus

    The SoftComply Risk Manager Plus is unique as it is the only Risk app on Jira Cloud to have a dedicated Information Security Module integrated to it. Thanks to this module, you can speed up your compliance towards ISO/IEC 27001.   

    Risk Reporting

    You can report risks in Jira dashboard using Jira filters as well as the SoftComply Risk Manager Plus dashboard gadgets for Risk Table and Risk Matrix.

    You can also report your risks in Confluence. That is especially important for all of those companies that may want to add risk matrices and jira risk register views to product risk reports, the templates for which you may already have created within Confluence. 

    Unique about Risk Reporting in the Risk Manager Plus

    SoftComply Risk Manager Plus is unique as it has a Risk Reporting extension to Confluence: the SoftComply Risk Manager for ConfluenceThis is a free extension that displays the Jira Risk Register, the Risk Matrix and the Risk History macros on your Confluence pages.   

    Summary

    SoftComply Risk Manager Plus is the ultimate risk app on Jira Cloud supporting most risk management methods from Governance to IT Security risk management and everything in between.

    Using the SoftComply Risk Manager Plus on Jira Cloud significantly speeds up your risk management through automation, especially when it comes to establishing traceability between risks and risk controls and test cases. With the Risk Manager Plus, you can manage all the different types of risks in one Jira project. You can also report risks in different ways – either using the Dashboard gadgets in Jira Dashboards or creating Risk Reporting macros in Confluence.

    As with any Jira Cloud app, you can try it out for free for 30 days. SoftComply Support team is happy to help you set up your risk management the way you need in the Risk Manager Plus.

    HOW TO LEARN MORE

    Join SoftComply’s free webinars and live demos on Risk Management that are held regularly.  

    Schedule your own live demo with the SoftComply team:

    Table of Contents

    Ready to get started?

    Contact us to book a demo and learn how SoftComply can cover all your needs

    New Cybersecurity Risk Management Features in Jira
    Picture of Marion Lepmets

    Marion Lepmets

    CEO
    November 8, 2024

    The Role of Cybersecurity in Medical Device Safety The Global medical device market is a $800 billion business that is rapidly growing, especially in the area of software as a medical device (SaMD). The majority of the SaMD segment is made up of the digital health and digital therapeutics solutions,...

    Medical Device Compliance Guide
    Picture of Marion Lepmets

    Marion Lepmets

    CEO
    September 23, 2024

    Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

    CVSS-FDA-cybersecurity-medical-devices-1712x599-c
    Picture of Matteo Gubellini

    Matteo Gubellini

    Regulatory Affairs Manager
    September 16, 2024

    This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....