How long does the entire risk management process take?
The process duration depends on team collaboration, but each survey takes around 15-20 minutes. Completing and reviewing scenarios in the Risk Register and quarterly maintenance can be managed within scheduled sessions.
Can multiple team members work on the risk register at the same time?
Yes, multiple users can collaborate on reviewing and updating scenarios in the Risk Register.
Can I edit a submitted risk assessment survey?
No, surveys are saved locally in your browser cookies. Once submitted, scenarios are created and can be edited directly in the Risk Register. To add new scenarios, you can also fill out the survey again.
Can another user edit the survey I started?
No, in-progress surveys are saved locally in your browser cookies, and cannot be accessed or edited by other admin users. They will be able to fill out a new survey, that’s why it’s recommended to plan a meeting with the stakeholders and go through the surveys together.
What if I lose access to an unsubmitted survey?
Surveys are saved locally for 14 days. You may lose access if you clear cookies, use a different browser or device, or wait more than 14 days.
What if I can’t complete a survey at once?
Progress is saved locally for 14 days, allowing you to return and complete the surveys later.
How do I complete the risk register?
Document each scenario with descriptions, assign a responsible person, rate likelihood and consequence levels, and approve with risk owners.
What treatment strategies can I choose from?
Accept, Mitigate, Avoid, or Transfer risks, with strong justifications especially for acceptance.
What is residual risk and how is its rating calculated?
Residual risk is the remaining level of risk after mitigation measures are applied. Residual Risk Rating (RR) = Residual Likelihood (RL) × Residual Consequence (RC)
How do I maintain the risk register?
Regularly review risks, update levels, respond to alerts, add new risks, and track task progress. Reviews should happen quarterly. Secfix provides automated reminders and flags items for attention.
How often should I review the risk register?
At least quarterly, with updates whenever new risks or changes arise.
What are snapshots used for?
Snapshots capture the current state of your risk register for audits or internal reports. However, the app is designed to be used live during audits for up-to-date data.
Can I export reports for auditors?
Secfix is designed for real-time presentation during audits. While snapshots can be downloaded for reporting purposes, showing the live app is recommended.
Does Secfix provide templates or suggestions for mitigation actions?
Secfix does not provide specific mitigation actions. Users are responsible for deciding on their course of action, but they can discuss potential approaches and receive guidance during check-in calls with their Customer Success Manager.
What automation features does Secfix offer?
Auto-generated risk scenarios from survey answers
Automatic risk rating calculations
In-app reminders for quarterly reviews and overdue tasks
Attention triggers for risks needing review