Risk Register

A living document or database where an organization tracks its identified risks. It typically lists each risk, its estimated severity (impact and likelihood), the owner (person responsible for addressing it), and what's being done about it. A risk register helps even a small company stay organized about threats - it's like a to-do list for risks.

‍

For example, your risk register might include entries like "Unauthorized access to payroll system - Impact: High, Likelihood: Medium, Owner: IT Manager, Mitigation: Implement MFA by Q4."

‍

Regularly reviewing this list ensures nothing falls through the cracks.