Risk register
Total identifed risks: 16
of identified risks are addressed.
Mitigated
11
Transferred
1
Accepted
4
Monitoring Status
| Item | Description | Frequency | Status | Automated |
|---|---|---|---|---|
 Compliant Devices Last updated: 27 Jun 2026 | Devices are continuously monitored for compliance with security policies. | Daily | 100% | |
 MFA Coverage Last updated: 27 Jun 2026 | Percentage of registered members with Multi-Factor Authentication enabled. | Daily | 100% | |
 ISMS Policies Last updated: March 2026 | All policies are reviewed at least once a year. | Annual | OK | |
 Risk Assessment & Treatment Last updated: March 2026 | All identified risks are either mitigated, or provisionally accepted. | Annual | OK | |
 Vendor Management Last updated: February 2026 | Vendors security posture is assessed prior to onboarding and periodically reviewed. | Quarterly | OK | |
 IAM Reviews Last updated: February 2026 | Principle of least privilege is enforced. IAM is actively reviewed, and excessive access is revoked. | Quarterly | OK | |
 Physical Security Last updated: May 2026 | Physical access to office premises is strictly controlled and monitored to prevent unauthorized entry. (NB: Physical security process is suspended as of June 1st. We temporarily operate in full-remote mode.) | Monthly | OK | |
 Incident Management Last updated: May 2026 | No incident reported in the past month. | Monthly | OK | |
 Automated Backup Last updated: May 2026 | Data critical to business is safely preseerved according to 3-2-1 backup strategy. | Daily | OK |