Skip to main content

Importing risks

Roles and permissions

The following roles can import risks:

  • Administrators who are members of the Risk Register

  • Compliance managers who are members of the Risk Register

  • Users who are members of the Risk Register

If your organization has already developed its own set of risks, you can import them into Hyperproof.

Tip

Adding additional information does not overwrite existing data. During the import, Hyperproof searches for any exact data identifiers. If it doesn’t find any, it treats the data as new. If it finds a match, it updates the existing data.

Step One: Downloading the example CSV

The easiest way to start importing your risks is by downloading Hyperproof’s example CSV. The example CSV provides the exact template for successfully importing risks into Hyperproof.

  1. From the left menu, select Risk.

  2. Select your Risk Register.

  3. Select the Risks tab.

    risks-tab-generic.png
  4. Click Import.

    The Import risks window opens.

  5. Click Download the example CSV.

Step Two: Editing the CSV

Replace the contents of the example CSV file with your own risks. Be sure to follow the format of the example file, as well as the instructions on the page, to ensure that your risks can be successfully imported.

Note

The import function is not intended for unlinking a control from a risk. To remove linked controls from risks, you must unlink the controls one at a time via the Risks tab. See Unlinking a control from a risk

Note

The CSV must contain ALL headings listed below even if they are optional. Keep in mind that headings are case-sensitive!

Heading

ID

Should contain a risk ID that's unique to your organization. This field is required.

Name

This is the name of the risk. This is an optional field.

Description

This is the full definition of the risk. It can be a multi-line string. This field is required.

Owner

Must be formatted as FirstName LastName (email address), i.e. Jennifer Cook (jcook@lunabtechnologies.org). This is an optional field.

Tip: If no risk owner is provided, the risk is assigned to the individual who imports the CSV.

Additional tip: The owner's email address must match the email address they use to sign in to Hyperproof.

Additional tip: Contacts can also be risk owners.

Response

A field for tracking risk responses. This is an optional field.

Tip: Hyperproof recognizes the following responses: Accept, Avoid, Mitigate, and Transfer.

Category

Used to group related risks., e.g. Security, Cybersecurity, etc. This is an optional field.

Inherent likelihood

A field for tracking the inherent likelihood of a risk. This is an optional field.

Tip: Hyperproof recognizes the following values: Very Low, Low, Moderate, and High.

Likelihood rationale

A field describing the reasoning for the set inherent likelihood. This is an optional field.

Inherent impact

A field for tracking the inherent impact of a risk. This is an optional field.

Tip: Hyperproof recognizes the following values: Very Low, Low, Moderate, and High.

Impact rationale

A field describing the reasoning for the set inherent impact. This is an optional field.

Risk tolerance

A field for tracking the tolerance of a risk. This is an optional field.

Tip: Hyperproof recognizes the following values: Very Low, Low, Moderate, and High.

Maps to controls

A field for linking an existing control to a risk. This is an optional field.

Tip: If mapping multiple controls to a risk, enter the control IDs in a comma-separated format, i.e. CC3.1.1, CC3.2.5, CC3.3.4.

Control mitigation

This field defines mitigation factors for risks linked to controls, and is determined by the Maps to controls column. This is an optional field.

Tip: A single decimal or multiple decimal values are accepted. The number values can also be percentages, but the sum must not be greater than 1 or 100%, e.g. 0.4 or 40%.

Notes

A field for any notes related to the risk. This is an optional field.

Scopes

Used to link a scope assignment to a control. Scope assignments can be linked to existing controls or to new controls. This is an optional field.

Tip: Make sure the heading is Scopes and the scope name matches the name in Hyperproof.

Additional tip: Currently, it's only possible to edit existing scope assignments via CSV import. Additionally, Hyperproof supports one scope per control in the CSV import. Improvements to the scope assignment import process are ongoing.

Custom fields

Below is a snippet of a sample import file.

example-csv-risks.png

Step Three: Importing the CSV

After you’ve made the necessary changes to the CSV, it can be imported into Hyperproof.

  1. Drag and drop the CSV file into the Upload CSV File field, or click Select file to upload to upload it manually.

  2. Click Import.

    Hyperproof checks the CSV to ensure that there are no errors. You’ll be alerted if Hyperproof encounters any errors.

  3. If Hyperproof didn’t detect any errors, click Next. If Hyperproof detected errors, do one or both of the following:

    1. First, use the Error viewer to identify the errors. Second, correct the errors directly in the CSV. This ensures that the CSV is up-to-date should you need to re-import in the future.

      Tip

      Use the forward and backward arrows to cycle through the errors. The Error viewer gives specific information on what needs to be corrected.

    2. Remove rows that contain errors by clicking Remove all rows with errors. Note that this doesn't remove any data in the actual CSV.

  4. Click Next.

    The CSV is imported.