ISMS Copilot
Free tool

Risk Register Starter

Build a starter information-security risk register: capture assets, threats and vulnerabilities, score likelihood × impact on a 5×5 model, optionally add residual risk after treatment, and export CSV/JSON — a starting structure, not a risk methodology.

This is a generic 5×5 starter, not a prescribed methodology. Align the scales, scoring and acceptance criteria with your organization's own risk approach. It is not legal advice and not a substitute for a documented risk assessment process.

Risk profile (effective: residual where set, else inherent)

Low: 0Medium: 0High: 0Critical: 0Highest effective score: 0

Likelihood and impact use a 1 (very low) – 5 (very high) scale.

No risks yet. Add your first risk to start the register — everything stays in your browser.

Important

This tool gives you a starting risk-register structure and a transparent 5×5 score. It is not legal advice, not a risk methodology, and not a substitute for your own documented risk assessment, risk treatment and acceptance decisions. Calibrate the scales and thresholds to your organization.

FAQ

What scoring model does this use?
A transparent 5×5 model: risk score = likelihood × impact (1–25). Bands: 1–4 Low, 5–9 Medium, 10–14 High, 15–25 Critical. These boundaries are a common default, not a standard requirement — adjust them to your own risk criteria.
What is residual risk here?
If you estimate likelihood and impact after your planned treatment, the tool also computes a residual score. The risk profile summary uses the residual where you provided it, otherwise the inherent score.
Is this a compliant ISO 27001 / 27005 risk assessment?
No. This is a starter structure, not an ISO/IEC 27001 or ISO/IEC 27005 conformity assessment. Whether your risk assessment is conformant depends on your organization's documented process, governance, treatment planning, acceptance criteria and audit evidence. Use this to get organized, then formalize it in your ISMS.
Do you store my data?
No. Everything runs in your browser. There is no form gate; CSV/JSON export and the printable view are generated locally.

By ISMS Copilot. Generic information-security risk-register structure with a transparent 5×5 scoring model. Calibrate to your organization's own risk approach, criteria and acceptance thresholds.

Ready to do compliance work faster?

Built for speed, accuracy, and audit-ready output.