Don’t Keep a Risk Register in Excel (Use Jira)

July 16, 2024

If you’re considering using Excel for your risk register, this video explains why that might not be the best choice. Instead, we introduce a more effective alternative using Jira and dedicated risk management plugins. If you prefer watching over reading, check out the full video.

Key Takeaways:

  • Excel Limitations: Manual risk management in Excel often leads to outdated risk data, human errors, and lacks an audit trail.
  • Automate with Jira: Using Jira and plugins like the SoftComply Risk Manager Plus will automate and enhance risk management.
  • Enhanced Features: Jira apps offer templates, customizable risk assessment models and risk registers, and modules for information security risk management compliant with the ISO 27001.
  • Free Trial and Support: You can try Jira apps for free and access dedicated support through demo calls.

What is a Risk Register

The document where an organization or a risk manager records all identified risks, their analysis, mitigation plans, and ownership details is commonly referred to as a Risk Register. It is a centralized tool for monitoring and managing risks throughout a project or organizational risk management process.

Risk Registers are most often built and manually maintained in an Excel spreadsheet that a Project or Risk Manager tries to keep up to date but Excel has significant drawbacks.

Why Excel Falls Short for Risk Registers

There are 3 main issues with manual risk management in Excel:

  1. Risk related data quickly becomes outdated when it is not regularly updated.
  2. Manual data entry and management is prone to human errors.
  3. There is a complete lack of audit trail, i.e. we do not know what has happened to risks throughout their lifetime.

These issues may result in incorrect risk prioritizations leading to critical risks being overlooked. This is why we recommend creating the Risk Register in Jira with the help of dedicated risk management plugins like the Risk Manager Plus.

Let’s look into how you can automate your risk management in Jira by setting up a dedicated risk management app to meet your risk management needs.

Automate Risk Management in Jira

To avoid the pitfalls of Excel, you can automate your risk management process using Jira. Jira supports plugins specifically designed for risk management, such as the SoftComply Risk Manager Plus. These tools help keep your data up-to-date and reduce errors through automation. They come with templates for risk models and risk registers that you can further modify to meet your risk management requirements.

Setting Up Your Risk Register in Jira

Setting up a risk register in Jira is straightforward. Start by selecting a risk management app from the Atlassian Marketplace. Choose a template that fits your needs and customize it to align with your risk management process. This customization can include defining risk assessment steps and modifying risk characteristics.

For Risk Models, you can customise the provided templates by specifying:

  • the number of risk assessment steps (risk iterations) – you can add up to 10 risk iterations
  • the names of these risk iterations
  • the Risk Characteristics used for assessing risks e.g. Impact, Likelihood, etc – you can add up to 10 risk characteristics
  • the levels, descriptions and order of the Risk Characteristics
Available Risk Model templates

For Risk Registers, you can customise the ready-made templates by modifying:

  • number of separate sheets in your risk register – in case you wish to assess different types of risks in one Jira project
  • the risk assessment model related to each risk register sheet – in case you wish to assess risks with different method
  • all the risk related data (prepopulated from the chosen risk assessment model) needed to describe the risks
  • any additional data required to automate risk management, e.g. risk owners and due dates
Available Risk Register templates

Advanced Risk Management Features for ISO 27001

The SoftComply Risk Manager Plus offers a dedicated Information Security Risk Management module for companies who want to comply with the ISO 27001.

InfoSec Dashboard in the Risk Manager Plus on Jira Cloud

The InfoSec module provides the following features:

  • A customisable template for an Asset-based Risk Register,
  • a customisable template for ISO 27001 Risk Model,
  • a pre-populated ISO 27001 Controls Repository,
  • a dedicated InfoSec dashboard with ISO 27001 Checklist where you can monitor your progress of meeting the ISO 27001 requirements,
  • traceability matrix for monitoring coverage status between a) information assets and identified risks, and b) risks and ISO 27001 controls,
  • automatic generation of the Statement of Applicability.

The Information Security Risk module comes with a template for an Asset-based Risk Register where you can identify all your information assets and their descriptions, add risks related to each of them and pick relevant ISO 27001 controls to mitigate these risks.

ISO 27001 controls have already been added to the app, in a module called the Object Register. You can view the detailed description and the control group of each control as defined in the ISO 27001 when working in the Risk Register. Any additional data to the controls regarding their applicability to your organisation’s information security policy as well as any source information can be added to controls in the Object Register (controls repository).

ISO27001 Controls Repository in the Risk Manager Plus app

To monitor your information security risk management progress, you can check the coverage status of assets, risks and controls in the InfoSec Dashboard of the app.

Traceability / Coverage Status in the Risk Manager Plus app

The Dashboard also provides you with the ISO 27001 Checklist where you will find all the ISO 27001 requirements and detailed explanations on how to meet them. You can add links to documents and Jira projects for any evidence of meeting these requirements to easily monitor tasks that still need to be completed.

ISO 27001 Checklist in the Risk Manager Plus app

After having reviewed your information security risks, you can automatically generate the Statement of Applicability.

Conclusion and Call to Action

Using Excel for your risk register might seem like a simple solution, but it comes with many risks. Automating your risk management in Jira not only helps maintain accuracy but also ensures compliance with international standards.

Try the Risk Manager Plus app for free for a month, and consider scheduling a demo to explore more about its capabilities. Click the link to start your trial or book a demo today!

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

New Cybersecurity Risk Management Features in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
November 8, 2024

The Role of Cybersecurity in Medical Device Safety The Global medical device market is a $800 billion business that is rapidly growing, especially in the area of software as a medical device (SaMD). The majority of the SaMD segment is made up of the digital health and digital therapeutics solutions,...

Medical Device Compliance Guide
Picture of Marion Lepmets

Marion Lepmets

CEO
September 23, 2024

Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

CVSS-FDA-cybersecurity-medical-devices-1712x599-c
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
September 16, 2024

This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....