To reach the ‘Evaluation scales’ menu, use the contextual menu (three-dot menu) in the top right-hand corner of the application.
Once you click on the three-dot menu, a submenu opens. Choose the submenu ‘Evaluation scales’:
The screen has three tabs as follows:
-
Information risks
-
Operational risks
-
Compliance
This chapter is divided into three parts accordingly.
The Evaluation scales window opens which has the following parts (from top to bottom):
-
Impacts and consequences scale
-
Likelihood scale
-
Vulnerabilities scale
-
Acceptance thresholds of information risks
|
Note
|
All scales are editable and customizable. |
|
Warning
|
However, it is no longer permitted to modify scales as soon as an evaluation has been encoded. |
The first section of the Evaluation scales window is the ‘Impacts and consequences scale’ table. It is a fully customizable table, by clicking on its different parts, you can edit it.
-
Click to modify the number of scales.
-
Click
Show hidden impactsto show or hide the criteria not used in the analysis. -
Click edit the headings of each scale.
-
Click the symbol to hide an unused column.
-
Click the
New column nameto add new impact criteria.
Please note that you can edit the headings and the content of the cells by simply clicking on them, allowing you to provide different values or explanations.
The Likelihood scale is the second part of the window. It is a fully customizable table, by clicking on its different parts, you can edit it. In the below example, there are only five scale values of the scale between 0-4.
You can modify it easily. Just click on any of the values and give a different value: the Impacts and consequences scale table will change accordingly.
Just like with the scale values, you can also modify the description/explanation of the values by clicking on them and giving a different description/explanation.
The third section of the Evaluation scales window is the ‘Vulnerability scale’ table. It is a fully customizable table, by clicking on its different parts, you can edit it.
-
Click to modify the number of scales.
-
Click to edit the heading on each scale (Management identical to the impact scale).
The fourth section of the Evaluation scales window is the ‘Acceptance thresholds’ table. There are two separate tables for acceptability thresholds, as operational risks and information risks are not calculated in the same way. Information risks are calculated using three criteria:
-
Modification of threshold levels of information risks. The table displayed above (as well as the risk analysis tables) is updated automatically.
-
Information risks are calculated using three criteria:
Impact x Threat x Vulnerability.
To reach the ‘Evaluation scales’ menu, use the contextual menu (three-dot menu) in the top right-hand corner of the application and choose the submenu 'Evaluation scales'. The Operational risks screen can be reached by clicking on the second tab of the screen 'Operatioanl risks'.
The Operational risks screen consists of three parts as follows:
-
Impact scale
-
Likelihood scale
-
Acceptance threshods of operational risks
The first table is the Operational Risk Impact Scale. By default, it has 5 levels, but you may edit it by clicking on the number and provide a different value. In the below example, the Operational Risk Impact Scale has 5 levels (from zero to 4) and 5 impacts (Reputation, Operational, Legal, Financial, and Personal).
-
Click to modify the number of scales.
-
Click
Show hidden impactsto show or hide the criteria not used in the analysis. -
Click edit the headings of each scale.
-
Click the symbol to hide an unused column.
-
Click the
New column nameto add new impact criteria.
The operational risks impact scales are customisable by modifying the names of any of the existing scale names and adding custom ones. The level number can be also adjusted to the value that best fits the organisation’s needs. Each of the impact levels can have a specific predefined value. The values adjustment has to be started from the bottom to extend the values definition (for example having them set in geometric progression: 0, 1, 2, 4, 8, 16…). You can edit the headings and the content of the cells by simply clicking on them, allowing you to provide different values or explanations.
You may make any impact hidden by clicking on the 'eye' icon next to the name of the impact
and then click on the toggle 'Show hidden impacts' to become grey:
The second table is the Operational Risk Likelihood scale:
By default, it has 4 levels, but you may edit it by clicking on the number and provide a different value.
Also, you can edit the content of the cells by simply clicking on them, allowing you to provide a different explanation.
The third table is the Acceptance thresholds for operational risks.
-
Modification of threshold levels of operational risks. The table displayed above (as well as the risk analysis tables) is updated automatically.
-
Operational risks are calculated using two criteria:
Impact x Probability.
The third tab on the top of the screen is 'Compliance'.
The compliance levels configuration is created to allow customisation of the “Statement of Applicability” levels and define the colours of the records highlighting when the level is selected in the table. The number of levels is customisable and the colour selection is done from the colours palette. By default, there are six levels of the Compliance scale but it can be modified simply by clicking on the level number:
All cells in the table can be modified by clicking on the given cell. You can modify the first column by changing the compliance scale level (described above). You can also edit any cells of the second column (Level of compliance):
If you want to change colour of a certain level of compliance, click on the relevant cell in the colour column. Then choose a different colour from the palette:
Since the colour for the level 'Initial' and 'Managed' were very similar (orange shade), let’s change the colour for the level of 'Managed' to blue:
