Define and Track Risk Treatments
Once controls are mapped to a risk, the next step is to define how you plan to treat that risk. Sprinto supports multiple treatment strategies, with optional task creation to ensure follow-through.
Access the Treatment Section
Log in to the Sprinto dashboard and navigate to Risks.
Click on the Risk Register tab.
Open the relevant risk.
In the left-side navigation panel, click Treatment.
Choose a Treatment Strategy
You can choose one of the following approaches for each risk:
Accept: Acknowledge the residual risk and take no further action.
Transfer: Shift responsibility (e.g. outsource or insure the risk).
Further Mitigate: Apply additional actions to reduce risk further.
Avoid: Discontinue the process or activity causing the risk.
For each strategy, you can:
Select a treatment reason (e.g. “Risk is insured”, “Work is outsourced”).
Add optional treatment notes to document your decision.
Click Save and close once you have selected the appropriate treatment strategy.
Create a Risk Treatment Task (Optional)
You can assign mitigation tasks to ensure that treatment actions are implemented.
To create a treatment task:
In the Treatment section, click + Add Task.
Enter the following details:
Task name
Assignee (Security Hub admin)
Due date
Optional notes or attachments
Click Add Task to save.
Control Weightages
Control weightages allow you to define how much each control and task contributes to the overall treatment effectiveness for a risk. Assigning custom weights ensures that high-impact controls influence the final score more than lower-impact items, resulting in a more accurate and realistic view of the organisation’s mitigation posture.
Here's a short video explaining how control weightages work.
Enable Control Weightages
Before assigning weights, you must enable this feature.
To enable control weightages:
Sign in to Sprinto and select Risks from the left navigation panel.
Open the Configuration tab.
Locate Adjustable risk treatment weightage.
Turn on the toggle.
Requirements
Risk Monitoring must be enabled.
Available only on the Enterprise (Plan 4) subscription.
When Risk Monitoring is off, weightages and treatment effectiveness values are hidden.
Add Weightages to Controls and Tasks
Once the feature is enabled, you can assign custom weightages to the controls and tasks associated with a risk.
To assign weightages:
Go to Risks and open the Risk Register tab.
Select any risk and open the Treatment tab.
Scroll to the Risk treatment effectiveness section.
Enter edit mode to update weight percentages.
Error States for Control Weightages
Sprinto validates weightages at both Level 1 (controls + tasks bucket) and Level 2 (subtasks). You may encounter the following error states while assigning weights:
Blank weight field A weight value has not been entered. Message shown: “Enter a value for the highlighted weight fields to continue. To ignore a risk treatment measure in the effectiveness, enter 0%.”
L1 total exceeds 100% The combined weight of all controls and the tasks bucket is more than 100%. Message shown: “Adjust the weights so that the total is 100%. Current total is X% (exceeds by Y%).”
L1 total falls short of 100% The combined weight of all controls and the tasks bucket is less than 100%. Message shown: “Adjust the weights so that the total is 100%. Current total is X% (falling short by Y%).”
L2 total exceeds 100% Subtasks inside the tasks bucket exceed 100% when assigned weights. Message mirrors the L1 version but applies to tasks.
L2 total falls short of 100% Subtasks inside the tasks bucket sum to less than 100%. Message mirrors the L1 version but applies to tasks.
Weight required after starting weighting If a single control or task is assigned a weight, all other items must also have a defined weight. This enforces consistent weighting across the entire risk.
Overlapping or conflicting L1/L2 values If weights in L1 and L2 conflict after edits, Sprinto highlights the specific bucket that must be corrected.
Sprinto prevents you from proceeding until all errors are resolved.
Understanding Weightage Buckets
Sprinto uses a two-level system to calculate treatment effectiveness: Level 1 (L1) and Level 2 (L2).
Your provided diagram illustrates this flow perfectly.
Level 1 (L1): Controls + Tasks Bucket (Must Equal 100%)
All mapped controls and the Tasks bucket must sum to exactly 100%.
Example:
Control C1
30%
Control C2
30%
Tasks (bucket)
40%
Total
100%
This ensures the overall treatment effectiveness calculation is based on the relative importance of each main contributor.
Level 2 (L2): Sub-tasks Inside the Tasks Bucket (Must Equal 100%)
If the Tasks bucket contains multiple subtasks, you can optionally assign weights to each subtask.
All subtasks must total exactly 100%, independent of the L1 total.
Example:
Task T1
60%
Task T2
40%
Total
100%
Sprinto uses these L2 weights to compute the weighted completion percentage of the Tasks bucket before contributing it to the L1 calculation.
Set Equal Weightage
You can automatically distribute weights equally.
To apply equal weightage:
Select Set equal weightage.
Confirm in the dialogue box.
Sprinto resets all L1 weights equally, and all L2 weights (if any) equally.
Validation and Error Handling
Sprinto validates both L1 and L2 totals independently.
You will see an error when:
A weight field is blank
L1 total is not 100%
L2 total is not 100%
Weights exceed or fall short of 100%
The system highlights the problematic fields in red and displays the difference (for example, “exceeds by 3.34%” or “falling short by 0.66%”).
You cannot continue until all weightages are corrected.
Impact on Treatment Effectiveness
The treatment effectiveness score becomes a weighted average instead of a simple average, ensuring accurate representation of control importance.
Last updated