Table of contents
  • 1. QUICK START GUIDE
  • 2. SET UP YOUR RISK PROJECT
    • 2.1. RISK MODEL and Customisation
    • 2.2. RISK TABLE and Customisation
    • 2.3. OBJECT REGISTERS and Customisation
    • 2.4. Enabling INFORMATION SECURITY RISK MANAGEMENT
  • 3. RISK REPORTS
  • 4. PERMISSIONS
    • 4.1. Risk Manager Admin
  • 5. BOOK A DEMO
Risk Manager Plus on Cloud User Guide

1. QUICK START GUIDE

  1. Open (or create) a Jira Project in which you want to manage your risks.
  2. Find the “Risk Management“ tab from the Project panel.
  3. Click on the „Risk Model“ and Enable a risk assessment model for your Project, choosing from the list of available Risk Models.
  4. Next, you will be guided by the tool to choose a Risk Table from the list of table templates to manage your risks.

Here is a short video tutorial walking you through the steps listed above – SoftComply Risk Manager Quick Start Guide:


2. SET UP YOUR RISK PROJECT

2.1. RISK MODEL and Customisation

A Risk Model determines the way you assess the risks – the number of risk characteristics you need and the risk evaluation method that you use.

You can create your own Risk Models from scratch, just follow the guided Create Model configuration. The existing Risk Model Templates can be fully configured, following the steps below:

  • Go to “Apps” → “Risk Manager Plus” → “Risk Models” page to create your own risk models or to edit any of the existing Risk Model Templates provided.
  • All Risk Model attributes are customisable, i.e. you can add and name your own Risk Characteristics (classifiers like Probability, Impact, Detectability, etc), define Risk Classes, Risk Assessment Iterations (steps like Initial, Current, Target, etc).

You can also follow this short video tutorial to set up and customise your Risk Models in the Risk Manager Plus:

 

Risk Models are all global templates for your team(s) working in your Jira instance and they can be used in any of the Jira projects in which you manage risks.

Define your own Risk Model or choose one from the listed templates
Define the number and names for your Risk Iterations following the wizard

Unlimited configurability:

  • You can have many risk assessment models in one Jira project.
  • You can assess one risk (Jira issue) in different ways (multiple risk models assigned to risks).
  • You can use different risk models for different risks (Jira issues) inside one Jira project.

2.2. RISK TABLE and Customisation

A Risk Table provides you with an overview of your risks in a familiar spreadsheet format – you can work on your risks either in this Risk Table view or in a Jira issue view one risk at a time, as each risk is an individual Jira issue.

A Risk Table in the SoftComply Risk Manager Plus can have several sheets to best organise your risks. You can define and name each Table sheet yourself.

You can create your own Risk Table from scratch or you may customise the existing Risk Table templates provided:

  • Go to “Apps” → “Risk Manager Plus” → “Risk Tables” page to create your own Risk Table or edit any of the existing Risk Table Templates provided;
  • You can also add sheets (tabs) and define columns as you would in Excel;
  • Next, connect your Risk Table with a Risk Model and assign the Jira fields (column types) to your table columns for additional information about your risks;
  • Each Table sheet in your global Risk Table can be connected to a different Risk Model, making it easy to work with different Risk Models in a single risk project (e.g. you can conduct Hazard Analysis on one sheet and FMEA on the other sheet).

You can also follow this short video tutorial in creating and configuring your Risk Tables in the Risk Manager Plus app:

 

List of global Risk Table templates, their sheets and number of Jira projects the Risk Table template is assigned to

2.3. OBJECT REGISTERS and Customisation

Object Registers are a feature of Risk Manager Plus Cloud that allows you to create custom data structures (i.e. data tables) and link these structures to Jira issues like you would link other issues. Custom data structures are like database tables that you can build inside the Risk Manager Plus application. When these registers are filled with data you can link Jira issues with data objects. In other words, the registers are like complex customisable dropdown lists you can use as Jira issue fields.

There are many benefits of using Object Registers and its data, e.g. in ISO27001 there are IT risk controls. Each Control object has: Reference to ISO standard, Clause, Objective and Control description. You can list all of them to one dedicated register and reuse them in multiple risk projects. Same applies to the Hazards in ISO14971 risk management. Each Hazard can consist of Title, Group and other data fields.

You can also follow this short video tutorial in creating and configuring your Object Register in the Risk Manager Plus app:

 

First, navigate to the Risk Manager Plus App page and select Object Registers from the left menu.

Next, you can create a new register and enter the details about your objects in it.

You can add fields to the register yourself to include all the data that you wish the objects to have in the register. The “Title” field will be visible in your Risk Table, so make sure you give each object a title you will later recognise:

 

Make sure to include the Object Registers field(s) to the Risk Table template:

And then link the Register to a Project where you wish to use it – simply select from the list of projects. Make sure to assign the Risk Table template where you have added the Object Register fields to the same project.

You can now start filling in your data in the Project Risk Table view:

After having entered the data to your project and linked different Objects to Risks, you will have a full overview of the risk coverage on the Object Register’s global page. You can also add links to existing Risks directly from here:

 

2.4. Enabling INFORMATION SECURITY RISK MANAGEMENT

The SoftComply Risk Manager Plus app includes the full functionality of the SoftComply Information Security Risk Manager App to support you in compliance towards ISO/IEC 27001.

In order to enable the functionality of the Information Security Risk Manager, please go to the top menu in Jira and select Apps > SoftComply Risk Manager Plus > Open Settings and scroll down to the InfoSec Risk Management.

Once the functionality is enabled, you will be prompted about installing the missing components:

After installing the missing component, you will be able to use the Information Security Dashboard and you will have the Controls from the ISO/IEC 27001 pre-populated for you to speed up your information security risk management. You can find the Controls list in the Object Registers section of the Risk Manager Plus.

For the full functionality of the Information Security Risk Management module, please see the SoftComply Information Security Risk Manager User Guide.

3. RISK REPORTS

From the project, you can export the Risk Model and Risk Table reports.

Risk Model can be exported as PDF:

Risk Table can be exported as PDF or into CSV format:

You can also get reports across different projects that use the same Risk Model (aggregated Risk Model Report):

  1. Go to Apps > Risk Manager Plus > Risk Models
  2. Click on the Report icon behind the specific Risk Model

3. Choose the projects where the chosen Risk Model is used to be included in the overall risk report:

Once the report is generated, you can view the statuses of all risks across the selected Jira projects that use this specific Risk Model.

Confluence Reporting

There is a free extension of SoftComply Risk Manager apps for reporting risks on Confluence Cloud. Read more at https://softcomply.com/product/risk-confluence/

4. PERMISSIONS

4.1. Risk Manager Admin

Risk Manager Plus has one special role – Risk Management Administrator.

All Jira Administrators are Risk Management Administrators by default and you can assign this role to the users/groups under “Apps” → “Risk Manager Plus” → “Settings“ → “Permissions“.

Risk Management Administrators can:

  • add/edit/remove Risk Model and Risk Table global templates;
  • assign Risk Model and Risk Tables to Jira Project.

Regular Jira users can work with the Risk Manager Plus tool using the global templates created for them and provided that risk management is enabled in the project that they have access to.

5. BOOK A DEMO

To learn more about the SoftComply Risk Manager Plus on Jira Cloud, you are most welcome to book a DEMO CALL with the SoftComply team.