Risk Management to the rescue

Alyne's Risk Management module, tightly coupled with the new Task Management module is the new vehicle for managing action plans and task delegation. We also took our top notch Secure Evidence technology for Assessments and made it available to all the other features at Alyne.

Risk Management

alyne task manager

Risk Management is a whole new module at the Alyne platform and supports the full lifecycle of

  • capturing risks,
  • set up mitigation actions for those risks within your organisation,
  • manage down the risk probability, impact and expected loss,
  • observe and manage expected loss scenarios and the organisation's risk appetite in line with your mitigation actions,
  • close and archive risks.


The Risk

Risk Management Tile for data privacy

As always, we use tiles in Risk Management as well. We represent each Risk as a tile and you can manage everything connected to this Risk directly on this tile. This includes setting and changing the probability, impact and expected loss. Automatically Alyne calculates out of that the Risk criticality and indicates this in our typical user interface style that is very intuitive to understand.

You can create Risks from scratch or import risks directly from Alyne reports.

We make available our standard features of comments and Secure Files on each Risk enabling customers to directly discuss, interact and securely share files when managing a risk in a collaborative manner.

You also define your mitigating actions plan directly at the tile. Just click on the "Plus", enter the description, due date and the person responsible for this action. Each mitigation action also carries the amount of probability and/or impact reduction, in the example "Providing a list of privacy consultants" is planned to achieve a probability reduction of 20 percent points.


Risk Tags

Risk Management Tile cyber incidents

We invented a super-intuitive and flexible approach to organise Risks: Risk Tags. Each Risk can be assigned to one or more Risk Tags. By clicking on a Risk Tag your Risk view including the risk analytics at the top gets filtered to exactly this Risk selection.


You can even select multiple Risk Tags to view all the Risks that are assigned to this Risk Tags and even more to only those Risks that the selected Risk Tags have in common.

Risk Management Tile risk cyber insurance applicants

Alyne users can define access control on each Risk Tag in a very granular way.

Through how Risk Tags and its access control are implemented, any organisational structure or responsibility areas can be modeled without technical customisation efforts.

Realtime analytics graphs

At the top Alyne always shows the number of tracked Risks, their Risk Rating (low to critical), the number of excessive critical or very high risks, the mighty Risk Exposure graph and the Risks by status. These always consider the selected Risk Tags.


Let's pick two of those graphs

risk rating graph

Risk Rating: For each Risk Tag you can define how many critical and very high Risks you want to tolerate. This graph tells you a breakdown of the risk ratings of the selected Risks and the number of Risks exceeding these two rating thresholds.


risk exposure graph

Risk Exposure: On each Risk Tag you also define your financial risk tolerance. This mighty graph starts always starts from now and predicts the expected financial loss considering the applicable Mitigation Plans and their due dates in the future. Overdue mitigation actions are cumulated into a dotted line representing the risk reduction potential once these overdue tasks are completed.

How Alyne customers are leveraging Risk Tags:

  • An Alyne customer set up 40 Risk Tags representing the local branches of the organisation. Risks are captured and managed by local Risk Managers at branch level.
  • The Risk Committee at the Headquarters owns a Risk Tag called "Top 10" where only its members have write access to.
  • Risk Committee members have read access on all the branch level Risk Tags and select the Top 10 Risks they want to observe globally out of this pool. The selection of the Top 10 is as easy assigning the "Top 10" Risk Tag to the selected Risk.
  • Once a Risk Committee member clicks on the Top 10 Risk Tag, she/he not only sees the current status, rating and exposure of these 10 risks, but also their Risk Journey, i.e. how probability, impact and financial risk exposure will go down over time based on the Mitigation Plan and when the break even of cumulated risk exposure and the Risk Appetite defined for the Top 10 Risks will happen.


Task Management

Risk Management task management bcm

Tasks can be used as personal task tracker within Alyne and will be used extensively throughout the app in future, e.g in combination with Funnels and Reactions.

Initially, the new Risk Management module makes use of it for its Mitigation Plan. Mitigation Actions are in fact Tasks. Tasks as such have an owner, can have multiple activities, i.e. sub tasks, a completion indicator that considers the status of activities and can be delegated to other members of the organisation.

At the top, realtime graphs indicate statistics about your tasks, especially urgent and overdue ones.


Secure Files everywhere

Our Secure Evidence feature leveraging envelope encryption, hardware security modules and custom storage locations around the world was only available for our Assessments feature. Customers like it very much, so that they demanded more of it:

We listened and now allow for all customers opted in for the Secure Evidence feature to attach files to Control Sets, Controls, Reports and Risks at the same level of security as already established for Assessments.

On Control Sets and Controls only Expert Users can add and delete files. Business Users can only view these files.

On Risks, the individual access control policies of Risk Tags have effect: If a user only has read access to a Risk, then she/he is only allowed to view these attached files - makes sense.

Manuel Reil

Related Posts

January New Features

This January, we have deployed various new features and enhancement that improve Assessment configuration capabilities; provide greater flexibility with on-the-go Object Type creation and management; the ability to create new and link existing risks from the Continuous Controls environment; and a new in-app Product Portal to obtain valuable Customer feedback and requests.
Read more

December New Features

To close out a year of great achievements, Alyne Users will be able to benefit from powerful new Multiple Maturity Models, machine-learning capability that generates summaries for attachments, define granular access rights for Campaign Tasks as well as Objects, configure Repeated Campaigns, leverage Computed Object Properties for aggregated data, and configure Object Types on the go with the Custom Object Type Editor.
Read more

November New Features

This November, our team added a number of fantastic new features to the Alyne platform. These include Multi-Level Hierarchies & Escalations for Tasks, Lifecycle Changes in Risk History, Advanced Beacon Settings, the Alyne Hook - which provides outgoing connectivity to other standardised systems in an event-driven manner - and Additional Filters and Sorting for Risks.
Read more