ISO 31000 / ISO 27005 compliant risk register with 5×5 heat map. Add risks, assess likelihood and impact, plan treatment (avoid / transfer / mitigate / accept) and track residual risk. Auto-saves to your browser. Export to JSON / CSV / Print.
ISO 31000 is the international standard for enterprise risk management — applicable to risks of any kind. ISO 27005 is the information-security-specific risk management standard, aligned with ISO 27001. Both follow the same fundamental flow: identify → analyse → evaluate → treat → monitor.
Risk score = Likelihood × Impact (each on a 1–5 scale, giving a 1–25 score). Treatment options: Avoid (eliminate the activity), Transfer (insure, outsource), Mitigate (reduce L or I), Accept (within tolerance).
Entirely in your browser’s localStorage. Nothing is sent to any server. Clear browser data or use private mode to remove.
Yes — the structure aligns with ISO 27005 (the InfoSec risk methodology referenced by ISO 27001). You can use this register as your formal ISO 27001 risk register evidence.
Yes — export from your previous tool as JSON in the format produced by this tool (or with the fields: id, title, description, category, likelihood, impact, treatment, treatmentNotes, residualL, residualI, owner). Use Import JSON.
This tool uses a 5×5 matrix which is the most common in ISO practice. For very mature organisations, 7×7 or 10×10 may be appropriate.