Sprinto Dashboard

Resolve Sprinto Check For Risk Scoring & Treatment

About

Sprinto Check: Risk should be scored & treated

This Sprinto check fails whenever a risk is added to the risk register without being scored or assigned a treatment plan.

Risk scoring in Sprinto evaluates risks based on parameters such as the impact and likelihood of inherent and residual risks. These parameters help compute an overall risk score, which determines the severity of the risk on the risk heat map.

The risk treatment plan specifies the techniques employed to mitigate the risk’s impact and likelihood.

Who does risk scoring?

The risk scoring is primarily done by the risk managers. By default, the InfoSec officer role on your Sprinto account is assigned for risk scoring. You can add multiple risk managers to delegate the risk maintenance.

Add multiple risk managers

To add multiple risk managers, do the following:

  1. Navigate to the Risks page and select the Configuration tab.

  2. Scroll down and click Manage next to Risk Managers.

  3. Select your desired security hub admin as a risk manager, then click Save.

Purpose

This check ensures that every risk added to the risk register is scored and has a treatment plan. Risks missing either component remain in an “Incomplete” state and cannot be utilized for evidence collection.

How to Fix

To resolve this check, update the risk scoring and/or treatment plan for any risks showing the following statuses under the Pending Actions column:

  • Needs Treatment

  • Needs Scoring

  • Needs Scoring and Treatment

For detailed instructions, refer to the guide on Risk Scoring and Treatment.

Support

Please get in touch with our support team if you have any query related to the check or need any assistance.

Last updated