Conducting a risk assessment is the first step in building your organization’s risk management program. In Secfix, this is done by completing four guided surveys that cover different areas of potential risk. For the complete overview of Risk Management in Secfix, refer to the Risk Management Guide.
How to Conduct a Risk Assessment in Secfix
1. Access the Risk Assessment Section
Navigate to Risk Management > Risk Assessment in your Secfix account.
2. Plan Team Sessions
Schedule collaborative sessions with your team.
Allocate at least 30 minutes per survey to encourage discussion and brainstorming.
3. Complete the Four Core Surveys
You will need to complete surveys in these categories:
Legal: Covering regulatory and compliance risks.
HR: Assessing workforce policies and training gaps.
Tech: Identifying technology vulnerabilities and cybersecurity concerns.
InfoSec: Focusing on information security management and data protection.
💡 Tip: Answer questions based on your current company state, not future intentions.
4. Add Custom Risk Scenarios
As you complete the surveys, add any custom risks specific to your business that are not already prompted.
💡 Tip: Aim for at least 10 risk scenarios in total — while quality matters more than quantity, auditors may question too few entries.
5. Submit
Your progress saves automatically for 15 days, so you can comeback to the survey within this timeframe.
Review and edit responses before submission.
Once submitted, scenarios will be generated automatically in the risk register.
What Happens Next?
Continue to Step 2: Completing the Risk Register to review, assign owners, and build treatment plans.