Does episki support quantitative and qualitative risk scoring?

Both. Use FAIR-style ALE math or a simple likelihood × impact heatmap, and switch scoring methods per register without losing history.

How does risk connect to controls and evidence?

Every risk links to the controls that mitigate it, the evidence that proves it, and the owner accountable for treatment. Because remediation ties back to evidence, your audit-time math works automatically instead of being reconstructed in a spreadsheet.

Is Risk Management included or a separate module?

It's a separate module added on top of the Compliance Platform, and it adds 1M tokens/month to your workspace pool. See the pricing page for current rates.

Risk Management module

Risk that's actually wired to your program

Build registers that point to real controls. Score quantitatively or qualitatively. Track treatment plans and acceptance approvals — without the spreadsheet drift.

Start free trial See pricing

What you get

Registers tied to controls

Each risk links to the controls that mitigate it, the evidence that proves it, and the owner accountable for treatment.

Quantitative or qualitative

Use FAIR-style ALE math or simple likelihood × impact heatmaps. Switch scoring methods per register without losing history.

Treatment workflows

Track mitigation tasks against owners and due dates. Tie remediation to evidence so audit-time math works automatically.

Risk acceptance with approval

Capture acceptance decisions, the rationale, the approver, and the review date — under the same approval engine as policies.

Risk-tier reporting

Slice by domain, business unit, or framework. Export board-ready summaries without massaging spreadsheets.

Continuous review

Automatic review reminders by tier. Stale risks surface in the inbox before they show up in your audit.

Agents at work

Risk drafted, scored, and reviewed by agents

The Risk module unlocks agent skills tuned to risk lifecycle work.

Draft initial risk descriptions and treatments from a control gap
Score risks consistently using your chosen methodology
Suggest acceptance language tailored to your industry and risk appetite
Open review tasks before risks go stale

Learn how agents work

Frameworks supported

SOC 2ISO 27001ISO 27005NIST 800-30NIST 800-53FAIR

Pricing for this module

Risk Management

Includes +1M tokens/month

Adds 1M tokens/month to the workspace pool.

$4,800

/year · $480/mo

See all pricing Start free trial

Risk Management — frequently asked questions

More on Risk Management

Effective Risk Assessments: Why They Matter More Than You Think

A risk assessment that can't drive a business decision isn't doing its job. Here's why effective risk assessments are a strategic asset — not just a compliance requirement..

Risk Registers Demystified: Building One That Actually Gets Used

How to build a risk register that drives real decisions — covering risk identification, scoring, treatment plans, review cadence, and board reporting.

Vendor Risk Management: A Complete Guide for Lean Teams

A practical guide to vendor risk management for lean security teams — covering inventory, risk tiering, assessments, contract clauses, and ongoing monitoring.

Make risk a first-class citizen

Add Risk Management to your workspace and let an agent draft your first register in minutes.

Start free trial Book a demo