Define and Track Risk Treatments

Once controls are mapped to a risk, the next step is to define how you plan to treat that risk. Sprinto supports multiple treatment strategies, with optional task creation to ensure follow-through.

Access the Treatment Section

Go to Risks from the left navigation.
Click on the Risk Register tab.
Open the relevant risk.
In the left-side navigation panel, click Treatment.

Choose a Treatment Strategy

You can choose one of the following approaches for each risk:

Accept: Acknowledge the residual risk and take no further action.
Transfer: Shift responsibility (e.g. outsource or insure the risk).
Further Mitigate: Apply additional actions to reduce risk further.
Avoid: Discontinue the process or activity causing the risk.

For each strategy, you can:

Select a treatment reason (e.g. “Risk is insured”, “Work is outsourced”).
Add optional treatment notes to document your decision.

Click Save and close once you have selected the appropriate treatment strategy.

Create a Risk Treatment Task (Optional)

You can assign mitigation tasks to ensure that treatment actions are implemented.

To create a treatment task:

In the Treatment section, click + Add Task.

Enter the following details:
- Task name
- Assignee (Security Hub admin)
- Due date
- Optional notes or attachments
Click Add Task to save.

📌 Tasks appear in the dashboard and are tracked until completion. Once completed, the task status is marked as Passing.

PreviousMap Controls to a Risk NextConduct a Risk Assessment

Last updated 2 months ago