A new field has become available on the Risk form. It is a date field with the label ‘Mitigation target’. This field allows organizations to prioritize their risks by setting a target date by which they intend to have mitigated each risk.
When this field is used, people will notice that the background color of a risk’s header changes when the mitigation target approaches. The thresholds are:
- Red – if time to target is less than 0 minutes, else
- Orange – if time to target is between 0 and <240 hours, else
- Yellow – if time to target is between 240 and <1440 hours, else
Setting a target for dealing with the more important risks that an organization faces is good practice. It will also help ISO 27001 certified organizations complete their annual audit more efficiently.