Importing risks

Roles and permissions

The following roles can import risks:

Administrators who are members of the Risk Register
Compliance managers who are members of the Risk Register
Users who are members of the Risk Register

If your organization has already developed its own set of risks, you can import them into Hyperproof.

Step One: Downloading the example CSV

The easiest way to start importing your risks is by downloading Hyperproof’s example CSV. The example CSV provides the exact template for successfully importing risks into Hyperproof.

From the left menu, select Risk.
Select your Risk Register.
Select the Risks tab.
Click Import.
The Import risks window opens.
Click Download the example CSV.

Step Two: Editing the CSV

Replace the contents of the example CSV file with your own risks. Be sure to follow the format of the example file, as well as the instructions on the page, to ensure that your risks can be successfully imported.

Note

The CSV must contain ALL headings listed below even if they are optional. Keep in mind that headings are case-sensitive!

Heading
ID	Should contain a risk ID that's unique to your organization. This field is required.
Name	This is the name of the risk. This is an optional field.
Description	This is the full definition of the risk. It can be a multi-line string. This field is required. The multi-line text limit for the description field is 65,535 characters. However, if you have a field with over 10,000 characters, it's highly recommended that you save the data in a document and link it as proof.
Owner	Must be formatted as FirstName LastName (email address), i.e. Jennifer Cook (jcook@lunabtechnologies.org). This is an optional field. Tip: If no risk owner is provided, the risk is assigned to the individual who imports the CSV. Additional tip: The owner's email address must match the email address they use to sign in to Hyperproof.
Response	A field for tracking risk responses. This is an optional field. Tip: Hyperproof recognizes the following responses: Accept, Avoid, Mitigate, and Transfer.
Category	Used to group related risks., e.g. Security, Cybersecurity, etc. This is an optional field.
Inherent Likelihood	A field for tracking the inherent likelihood of a risk. This is an optional field. Tip: Hyperproof recognizes the following values: Very Low, Low, Moderate, and High.
Inherent Impact	A field for tracking the inherent impact of a risk. This is an optional field. Tip: Hyperproof recognizes the following values: Very Low, Low, Moderate, and High.
Risk tolerance	A field for tracking the tolerance of a risk. This is an optional field. Tip: Hyperproof recognizes the following values: Very Low, Low, Moderate, and High.
Maps to controls	A field for linking an existing control to a risk. This field is required. Tip: If mapping multiple controls to a risk, enter the control IDs in a comma-separated format, i.e. CC3.1.1, CC3.2.5, CC3.3.4.
Control mitigation	This field defines mitigation factors for risks linked to controls, and is determined by the Maps to controls column. This field is optional. Tip: A single decimal or multiple decimal values are accepted. The number values can also be percentages, but the sum must not be greater than 1 or 100%, e.g. 0.4 or 40%.
Notes	A field for any notes related to the risk. This field is optional.
Custom fields	A space for any custom fields your organization uses to track activity related to a specific object, e.g. a control. Note that custom fields is an additional feature available for purchase. Tip: The custom field(s) must already exist in your organization. Additional tip: Ensure custom field names are spelled exactly as they are in Hyperproof. For example, if a custom field is called Security (with a capital 'S'), the CSV heading needs also to have a capital 'S'. If a custom field is called Risks, and the CSV heading is Risk, the import fails.

Below is a snippet of a sample import file.

Step Three: Importing the CSV

After you’ve made the necessary changes to the CSV, it can be imported into Hyperproof.

Drag and drop the CSV file into the Upload CSV File field, or click Select file to upload to upload it manually.
Click Import.
Hyperproof checks the CSV to ensure that there are no errors. You’ll be alerted if Hyperproof encounters any errors.
If Hyperproof didn’t detect any errors, click Next. If Hyperproof detected errors, do one or both of the following:
1. First, use the Error viewer to identify the errors. Second, correct the errors directly in the CSV. This ensures that the CSV is up-to-date should you need to re-import in the future.
  Tip
  Use the forward and backward arrows to cycle through the errors. The Error viewer gives specific information on what needs to be corrected.
2. Remove rows that contain errors by clicking Remove all rows with errors. Note that this doesn't remove any data in the actual CSV.
Click Next.
The CSV is imported.

In this section: