Risks

Getting started with Risks

title: Getting started with Risks description: Learn what risks are in Tidal Control and how to use the Risks page to organize your risk management sidebar_position: 1

Getting started with Risks

What are risks?

Risks are identified threats and vulnerabilities that can impact your organization. The system helps you systematically assess and manage these risks by:

  • Risk identification - Mapping threats and vulnerabilities
  • Impact assessment - Estimating likelihood and consequences
  • Risk treatment - Accept, avoid, reduce or transfer
  • Control linking - Assigning measures to mitigate risks
  • Monitoring - Tracking progress of risk treatment

By registering and monitoring risks in Tidal, you gain insight into your risk profile, which measures are effective and where additional action is needed.

Tip

Risks can be linked to assets, controls and treatment plans. This creates a complete picture of which threats apply where and how effective your protection is.

Read more about this in Conducting Risk Assessments

Navigating the Risks page

Opening the Risks page

Go to the Risks section via the main menu. You'll arrive at an overview page where all risks from your organization are displayed.

Risks overview

What you see in the overview

The risks overview shows important information per risk:

  • Risk ID and title - Unique identification and descriptive name
  • Inherent risk level - Risk level before measures (orange badges: High, Medium, Low)
  • Treatment - Chosen treatment option (Reduce, Accept, Transfer, Avoid)
  • Residual risk level - Risk level after measures (green badges: Low, Medium, High)

Understanding risk status

The status of a risk is determined by various factors:

Active risks (default view):

  • Current validity date within "Valid from" and "Valid to" period
  • Visible in daily risk management
  • Included in reports and dashboards

Archived risks:

  • Risks that are no longer relevant
  • Visible via "Archived" tab
  • Historical data remains available for audit

Interpreting risk levels

Inherent risk vs Residual risk

Tidal distinguishes two important risk levels:

Inherent or Gross Risk:

  • The risk level without any protective measures
  • Shows the "raw" threat to your organization
  • Assessed on likelihood × impact

Residual risk:

  • The risk level after implementing measures
  • Shows how much risk remains after mitigation
  • Determines if additional measures are needed

Risk level colors

High - Red:

  • Immediate attention required
  • Can cause significant damage
  • Priority for risk treatment

Medium - Orange:

  • Monitoring and planning needed
  • Moderate impact on organization
  • Treatment within reasonable timeframe

Low - Green:

  • Acceptable risk level
  • Periodic monitoring sufficient
  • Low priority for additional measures
Info

Risk Acceptance Level: Acceptable risk levels differ per organization. Determine together with management which residual risk levels are acceptable for your context.

Read more about risk acceptance levels and how to maintain them in Tidal in Creating and editing risks

Searching and filtering

Search functionality

Using the search bar:

  1. Click in the search bar at the top of the overview
  2. Type risk names or custom IDs (e.g. "R.IT.01" or "malware")
  3. Press 'Enter' and your search results are displayed

Filter options

Use the filter dropdown menus to find specific risks:

Open vs Archived:

  • Open - Active risks being monitored
  • Archived - Risks that are no longer applicable

Filter by Attribute:

  • Show risks with specific characteristics
  • For example domain, risk category, or vulnerability group
  • Useful for thematic risk analysis

Filter by Asset:

  • Show risks linked to specific assets
  • Useful for asset-based risk assessments

Filter by Control:

  • Show risks mitigated by specific measures
  • Helps assess control effectiveness

Filter by Assignee:

  • Show risks assigned to specific people
  • Useful to see your own responsibilities

Filter by Sort:

  • Oldest/Newest - Chronological order
  • Custom ID (A-Z/Z-A) - Alphabetical by ID
  • Name (A-Z/Z-A) - Alphabetical by name
Tip

You can also create your own filters with attributes. For example, add a "Department" attribute to filter risks per department.

Read more about attributes in Creating and editing risks

Combining multiple filters

You can use different filters simultaneously for very specific results:

  • Example: Filter on "Information risk" + "High" inherent risk + your name as assignee to see your high-risk IT risks
  • Reset filters: Click away individual filters or refresh the page

Next steps

Now that you know how to find and interpret risks, you can:

  • Conduct risk assessments for identified threats
  • Link controls to risks for mitigation
  • Manage asset-risk relationships for complete coverage
  • Create and monitor risk treatment plans
Note

No risks visible? This may mean that no risks have been identified yet in your Tidal environment. Start by adding your first risk via the "Add Risk" button, or import a risk framework template.

Previous
Plans
Next
Conducting Risk Assessments