Add Threats to the System

ComplyAssistant comes with 125 pre-populated Threats. Five of these Threats are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Threats specific to your organization.

To view the list of Threats and add your own, select Account Settings in the upper-right then scroll down to Threats in the left hand navigation.

On the right hand side, you’ll see the option to add a New Threat or Import one or more Threats to ComplyAssistant.

You can also hover over Account Settings and select Threat Library to navigate there.

Add a New Threat

To create a single Threat, select New Threat from the right hand side.

From New Threat, enter the Name and Description.

Provide a Threat Type to indicate who or what is threatened: Computer Systems, Network, Human, or Environmental. 

Select one or more Threat Tags for easier filtering within the Risk Register. You can also create your own by typing directly in the box and pressing enter.

Finally, choose whether to add or remove a Default Inherent Risk. Think of Inherent Risk in terms of a Threat without a Control. Once you select Add Default Inherent Risk, you’ll have the option to adjust a scale for Impact and Likelihood.

If you do not select “add a default inherent risk,” this Threat will have no recorded impact or likelihood. Later, if you associate a Control to this Threat, the Control’s Likelihood Reduction value would then have no impact on Inherent Risk. 

Select Submit at the bottom to create your custom Threat.

Import a New Threat

To create more than one Threat, select Threat Import on the right hand side of the Threat Library.

Follow the instructions on the screen to download the template, fill it in according to the headers provided, and import. You must fill in all fields except Default Impact and Likelihood.

At this time, there is no way to import registrations or associations between Threats and Controls.

You must upload a CSV file. If there is an issue with the import, you will be given information to help you remedy the situation.

Import is all or nothing. If you import something and there is an error on only one row, no part of the CSV will be imported.

All of the system-defined Threats and your organization’s custom Threats will appear in the Threat Library within Account Settings. Now that you’ve made a Threat, you can add it to your Risk Register.

• Related Articles

• Add Controls to the System

  ComplyAssistant comes with 87 pre-populated Controls. All of these Controls are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Controls specific to your organization and Threats. To view the list of ...

• Associate Threats and Controls

  In order to link Controls and Threats, navigate to the Risk Register at the top. You can assign more than one Control from a Threat detail page or assign one or more Threats on a Control detail page. You can associate Threats and Controls together, ...

• Add a Threat to the Register

  To start managing Threats in ComplyAssistant, navigate to the Risk Register at the top. On the right hand side, select Add Threats to Register. This will open a modal that displays all of the Threats in Account Settings: system-defined and custom. ...

• Add a question to a library

   It is not possible to add questions to a question library that is System defined. Follow these steps to add a question to a library: Click Add Questions to display a new question panel.  Type in the Question and use the toolbar to format the text of ...

• Add a Control to the Register

  Register a Control so that you can quickly view and track it under Registered Controls on the Risk Register. Navigate to the Risk Register at the top. On the right hand side, select Add Controls to Register. This will open a modal that displays all ...