A living register, not a spreadsheet

Cyber Risk Register Software

Move your cyber risk out of a spreadsheet. Track each risk with likelihood, consequence, controls, treatment, owner and evidence, and produce a board-ready report.

A cyber risk register is only useful if it stays current. A spreadsheet drifts out of date the moment it is saved; a living register keeps risk, treatment and evidence in one place and ties them to your compliance gaps.

The fields that matter

Each risk in the register captures a full picture:

FieldWhat it records
Risk titleA clear description of the risk.
Likelihood & consequenceThe two axes that drive the rating.
Inherent riskThe rating before controls are applied.
Existing controlsWhat is already in place to reduce the risk.
Treatment planWhat you will do to treat it further.
Owner & due dateWho is accountable, and by when.
Residual riskThe rating after controls and treatment.
Status & evidenceWhere the treatment stands, with supporting evidence.

Tied to your compliance work

The register connects directly to your Essential Eight, APPs and ISO 27001 gaps, so a gap becomes a tracked risk with an owner and a treatment plan - not a line item that gets forgotten. When a board or client asks about cyber risk, you export a clear report instead of screenshotting a spreadsheet.

Note: Cyber Compliance is a self-assessment and reporting aid, not a certification, audit or legal advice. Outputs help you prepare and track gaps; confirm your position with a qualified auditor, certification body or legal adviser before relying on it.

Frequently asked questions

What is the difference between inherent and residual risk?

Inherent risk is the rating before controls are applied; residual risk is the rating that remains after your existing controls and planned treatment. The register tracks both.

Can I export the risk register for a board?

Yes. You can export a review-ready report of your risks, treatments and status for a board, client or auditor.

Start your free trial