💡 Using the new Drata experience? Refer to Streamlined Risk Register Set Up (New Experience) for updated steps and screenshots.
When setting up your Risk Assessment, you can answer seven simple questions to automatically populate your risk register, eliminating the need to manually add each risk into the register. A risk register is used to identify, assess, and manage risks associated with an organization. It serves as a log or database that tracks all identified risks, their severity, and the action steps to mitigate them. This automation enhances efficiency and streamlines risk management.
It is crucial to answer the survey questions accurately to ensure all potential risks are covered. This accuracy helps in building a robust risk management framework that enhances your organization's compliance and operational resilience.
Get your Risk Assessment started
When accessing Risk Assessment, if you do not have any risk added to your risk register, you can answer seven questions to automatically populate your risk register instead of manually adding risks into your risk registry.
By the end of the survey, you can either retake the survey, automatically build your risk register, or exit the onboarding process.
If you exit the survey and need to retake it, you must delete all risks from your register. However, users with the Risk Management Pro subscription tier cannot re-trigger the survey even after deleting all risks. Archiving a risk is different from deleting a risk and will not allow you to retake the survey. To delete risks, select all risks, then go to Actions > Delete.
If you exit the survey and need to retake it, you must delete all risks from your register. Archiving a risk is different from deleting a risk and will not meet allow you to retake the survey. To delete risks, select all risks, then go to Actions > Delete.
Start the survey
Note: This is only for those who have Risk Assessment. Those who have Risk Management wont have access to this survey option.
To start the survey to automatically populate your risk register, follow these instructions. At the end of the survey, you will have the option to automatically populate your risk register or not.
Please Note: At this time, the risk assessment survey question can only be completed once. Users with the Risk Management Pro subscription tier cannot access the survey, and downgrading to Risk Management Standard to complete the survey and then re-upgrading to Pro is not officially supported and is generally not recommended.
Risk Assessment survey questions
Artificial Intelligence: Confirm if your organization uses its own AI systems or utilizes third-party AI systems. If your company uses its own AI system and a third party AI system, ensure to confirm both options.
Physical Site: Confirm if your organization owns or operates a physical site, including leased or operated office spaces.
Cloud Environment: Confirm if your organization uses cloud environments such as AWS, Azure, or GCP.
Regulatory Requirements: Confirm if your organization needs to adhere to guidelines like GDPR, ISO 27001, or HIPAA.
Software Development: Confirm if your organization develops software in-house, which involves certain risks.
Unsecured Devices: Confirm if your organization uses company-issued devices in non-secure settings like coffee shops.
Device Delivery: Confirm if your organization physically ships devices.
Build your risk register
After completing the survey, if you decided to build your risk register, your Risk Register will be automatically populated with the applicable risks based on your responses.
You can customize the Risk Register by adding or removing risks as needed. To add a risk, go to the Risk Library and view all of the available pre-populated risks, and add the desired risks you would like to manage into Risk Register. To remove a risk, you can easily remove the risk from the Risk Register.
Other resources
Learn more about Risk Assessment at Risk Assessment overview.