Home Compliance & Certification Risk Register Form Guide

Risk Register Form Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact proves your company records and manages identified risks in a structured way. Cyber Essentials requires this because risks — especially from unsupported hardware/software — must not be ignored. A risk register is your ledger of dangers, with each one tracked, scored, and tamed.

2. What You Will Submit

You will need:

  • Risk Register Form (from StrongKeep’s template or your own) containing:

    • Risk description (e.g., “Windows Server 2012 reached EOS”).

    • Likelihood and impact scoring.

    • Mitigation or treatment actions.

    • Risk owner (who is responsible).

    • Status (open, mitigated, retired).

3. How to Collect / Obtain / Generate This Evidence

For StrongKeep Customers :

  1. Download StrongKeep's Risk Register Form template.

  2. Fill in risks relevant to your organisation, including:

    • EOS assets (hardware/software).

    • Operational risks (e.g., loss of staff, single points of failure).

    • Security risks (e.g., phishing, ransomware).

  3. Complete the scoring and assign owners.

  4. Save as PDF/DOCX/XLSX.

If creating your own:

  1. Build a table with columns: Risk, Likelihood, Impact, Risk Score, Mitigation, Owner, Status.

  2. Rate likelihood/impact on a 1–5 scale.

  3. Define mitigations (patching, isolation, migration, etc.).

  4. Keep it updated at least quarterly.

4. Evidence Format

  • Accepted file types: DOCX, PDF, XLSX.

  • Suggested naming format:
    YourCompanyName_RiskRegister_YYYY-MM-DD.xlsx
    Example: AcmeCorp_RiskRegister_2025-07-01.xlsx

5. What “Good” Looks Like

  • Risks clearly listed with scoring and owners.

  • EOS assets explicitly included.

  • Status column shows active management (not blank).

  • Updated within the last 3–6 months.

Why it matters: auditors want to see you’re not guessing — you’ve documented risks and are tracking them like a disciplined knight tallying foes.

6. Tips

  • Use colour coding (green/yellow/red) for quick visibility.

  • Keep one master register across the company — don’t scatter risks in different silos.

  • Link this with your Risk Management Framework artefact to show policy + practice alignment.