Currently Eramba supports recording of inherent and residual risk ratings. What is the best way to record a target risk rating for our risks? Custom fields for now?
Our corporate risk framework records residual and target ratings, keen to align if possible.
My understanding is that currently, we can record an inherent risk rating (based on threats and vulnerabilities) and a residual risk rating (after existing controls have been considered). We’d like to be able to record a third rating (likelihood and consequence values) that indicate the target risk rating the business finds acceptable e.g. we need to mitigate the risk further than its current residual value.
I believe custom fields might be the best approach at present.