# Define and Track Risk Treatments

Once controls are mapped to a risk, the next step is to define how you plan to treat that risk. Sprinto supports multiple treatment strategies, with optional task creation to ensure follow-through.

### Access the Treatment Section

1. Log in to the Sprinto dashboard and navigate to **Risks**.
2. Click on the **Risk Register** tab.
3. Open the relevant risk.
4. In the left-side navigation panel, click **Treatment**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F5AzQ8XAX1rbtwrQDw6Mw%2FScreenshot%202025-06-03%20at%2011.14.57.png?alt=media&#x26;token=57651ec9-1be5-43c9-8443-c2591474d0fa" alt="" width="563"><figcaption></figcaption></figure>

***

### Choose a Treatment Strategy

You can choose one of the following approaches for each risk:

* **Accept**: Acknowledge the residual risk and take no further action.
* **Transfer**: Shift responsibility (e.g. outsource or insure the risk).
* **Further Mitigate**: Apply additional actions to reduce risk further.
* **Avoid**: Discontinue the process or activity causing the risk.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FSaF5f7O0KaeV0JIEVWHd%2FScreenshot%202025-06-03%20at%2011.13.50.png?alt=media&#x26;token=e5dd405c-8aae-42d1-b9b8-04ba5c84b02e" alt="" width="563"><figcaption></figcaption></figure>

For each strategy, you can:

* Select a **treatment reason** (e.g. “Risk is insured”, “Work is outsourced”).
* Add optional **treatment notes** to document your decision.

Click Save and close once you have selected the appropriate treatment strategy.

***

### Create a Risk Treatment Task (Optional)

You can assign mitigation tasks to ensure that treatment actions are implemented.

#### To create a treatment task:

1. In the **Treatment** section, click **+ Add Task**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FuJSYo1JgprWxrjZlw6BM%2FScreenshot%202025-06-03%20at%2011.17.59.png?alt=media&#x26;token=a73ed3a1-b9cc-45fc-b3c7-a32029abfb98" alt="" width="563"><figcaption></figcaption></figure>

2. Enter the following details:
   * **Task name**
   * **Assignee** (Security Hub admin)
   * **Due date**
   * **Optional notes** or attachments
3. Click **Add Task** to save.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F840eWjaMilwqQjV7TZPz%2FScreenshot%202025-06-03%20at%2011.20.34.png?alt=media&#x26;token=7d103e58-98d9-42b1-b6b4-0914dd393b6c" alt="" width="375"><figcaption></figcaption></figure>

{% hint style="info" %}
Tasks appear in the dashboard and are tracked until completion. Once completed, the task status is marked as Passing.
{% endhint %}

***

### **Control Weightages**

Control weightages allow you to define how much each control and task contributes to the overall treatment effectiveness for a risk. Assigning custom weights ensures that high-impact controls influence the final score more than lower-impact items, resulting in a more accurate and realistic view of the organisation’s mitigation posture.

Here's a short video explaining how control weightages work.

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FmCgVPHpTFv68Uac7AJwN%2FControl%20Weightage%20for%20Risk%20Management%20(1).mp4?alt=media&token=d0752ce3-2646-4d8f-bab7-ccb81f8bcbbd>" %}

#### **Enable Control Weightages**

Before assigning weights, you must enable this feature.

#### **To enable control weightages:**

1. Sign in to Sprinto and select **Risks** from the left navigation panel.
2. Open the **Configuration** tab.
3. Locate **Adjustable risk treatment weightage**.
4. Turn on the toggle.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FvMIkzj4BRRxKGRlToEOv%2Fscreen%20template%20(1).png?alt=media&#x26;token=9ca46ea4-1a3b-475c-a959-8e479f44408b" alt="" width="563"><figcaption></figcaption></figure>

#### **Requirements**

* **Risk Monitoring** must be enabled.
* Available only on the **Enterprise (Plan 4)** subscription.

When Risk Monitoring is off, weightages and treatment effectiveness values are hidden.

***

#### **Add Weightages to Controls and Tasks**

Once the feature is enabled, you can assign custom weightages to the controls and tasks associated with a risk.

#### **To assign weightages:**

1. Go to **Risks** and open the **Risk Register** tab.
2. Select any risk and open the **Treatment** tab.
3. Scroll to the **Risk treatment effectiveness** section.
4. Enter edit mode to update weight percentages.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FyKO9HtO3SkRiwUbYlL7c%2FL2%20-%20edit%20treatment%20(One%20state)%20(1).png?alt=media&#x26;token=a8217345-d714-4664-8022-3c90da74eb34" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="warning" %}

### **Error States for Control Weightages**

Sprinto validates weightages at both Level 1 (controls + tasks bucket) and Level 2 (subtasks). You may encounter the following error states while assigning weights:

* **Blank weight field**\
  A weight value has not been entered.\
  \&#xNAN;*Message shown:* “Enter a value for the highlighted weight fields to continue. To ignore a risk treatment measure in the effectiveness, enter 0%.”
* **L1 total exceeds 100%**\
  The combined weight of all controls and the tasks bucket is more than 100%.\
  \&#xNAN;*Message shown:* “Adjust the weights so that the total is 100%. Current total is X% (exceeds by Y%).”
* **L1 total falls short of 100%**\
  The combined weight of all controls and the tasks bucket is less than 100%.\
  \&#xNAN;*Message shown:* “Adjust the weights so that the total is 100%. Current total is X% (falling short by Y%).”
* **L2 total exceeds 100%**\
  Subtasks inside the tasks bucket exceed 100% when assigned weights.\
  \&#xNAN;*Message mirrors the L1 version but applies to tasks.*
* **L2 total falls short of 100%**\
  Subtasks inside the tasks bucket sum to less than 100%.\
  \&#xNAN;*Message mirrors the L1 version but applies to tasks.*
* **Weight required after starting weighting**\
  If a single control or task is assigned a weight, all other items must also have a defined weight.\
  \&#xNAN;*This enforces consistent weighting across the entire risk.*
* **Overlapping or conflicting L1/L2 values**\
  If weights in L1 and L2 conflict after edits, Sprinto highlights the specific bucket that must be corrected.

Sprinto prevents you from proceeding until all errors are resolved.
{% endhint %}

***

### **Understanding Weightage Buckets**

Sprinto uses a two-level system to calculate treatment effectiveness: **Level 1 (L1)** and **Level 2 (L2)**.

Your provided diagram illustrates this flow perfectly.

***

#### **Level 1 (L1): Controls + Tasks Bucket (Must Equal 100%)**

All mapped controls and the **Tasks** bucket must sum to **exactly 100%**.

Example:

<table><thead><tr><th width="142.88671875">Item</th><th width="100">Weight</th></tr></thead><tbody><tr><td>Control C1</td><td>30%</td></tr><tr><td>Control C2</td><td>30%</td></tr><tr><td>Tasks (bucket)</td><td>40%</td></tr><tr><td><strong>Total</strong></td><td><strong>100%</strong></td></tr></tbody></table>

This ensures the overall treatment effectiveness calculation is based on the relative importance of each main contributor.

***

#### **Level 2 (L2): Sub-tasks Inside the Tasks Bucket (Must Equal 100%)**

If the Tasks bucket contains multiple subtasks, you can optionally assign weights to each subtask.

All subtasks must total **exactly 100%**, independent of the L1 total.

Example:

<table><thead><tr><th width="124.421875">Sub-task</th><th width="100">Weight</th></tr></thead><tbody><tr><td>Task T1</td><td>60%</td></tr><tr><td>Task T2</td><td>40%</td></tr><tr><td><strong>Total</strong></td><td><strong>100%</strong></td></tr></tbody></table>

Sprinto uses these L2 weights to compute the weighted completion percentage of the Tasks bucket before contributing it to the L1 calculation.

***

#### **Set Equal Weightage**

You can automatically distribute weights equally.

#### **To apply equal weightage:**

1. Select **Set equal weightage**.
2. Confirm in the dialogue box.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FxOJgGjL4avaOcrg5FF1v%2FV5_dialogue.png?alt=media&#x26;token=d3cadbb5-8ac8-4271-bd21-331289b83240" alt="" width="456"><figcaption></figcaption></figure>

Sprinto resets all L1 weights equally, and all L2 weights (if any) equally.

***

#### **Validation and Error Handling**

Sprinto validates both L1 and L2 totals independently.

You will see an error when:

* A weight field is blank
* L1 total is not 100%
* L2 total is not 100%
* Weights exceed or fall short of 100%

The system highlights the problematic fields in red and displays the difference (for example, *“exceeds by 3.34%”* or *“falling short by 0.66%”*).

You cannot continue until all weightages are corrected.

***

#### **Impact on Treatment Effectiveness**

The treatment effectiveness score becomes a **weighted average** instead of a simple average, ensuring accurate representation of control importance.