This section contains AlphaTech's risk register and risk assessment findings. Every risk here was assessed using the 5x5 matrix defined in ISMS-DOC-04-1 v2.0, scored by Likelihood x Impact, and assigned a treatment decision aligned to AlphaTech's LOW risk appetite.
| Level | Score Range | What It Means |
|---|---|---|
| HIGH | 15 to 25 | Immediate treatment required. Not acceptable under LOW risk appetite without active Modify or Avoid. |
| MEDIUM | 9 to 12 | Treatment required within a defined timescale. Ongoing monitoring mandatory. |
| LOW | 4 to 8 | May be accepted with CISO sign-off. Encryption and MFA gaps trigger automatic escalation to HIGH. |
| VERY LOW | 1 to 3 | Acceptable. Annual review sufficient. |
AlphaTech's declared risk appetite is LOW. This means any HIGH risk without an active treatment plan is outside appetite. As of May 2025, 14 HIGH risks have no active treatment.
Risk Register (database below)
Each row is one assessed risk. This database displays a representative selection of risks to demonstrate the assessment methodology, scoring logic, and treatment approach. The complete risk register (36 entries) is available as an uploaded source document in the Evidence Repository.
Risk Assessment Report (Evidence Repository)
The full risk assessment report is stored in the Evidence Repository as "Risk Assessment Report - V1.0". It documents the assessment methodology, the four material gaps identified in the original register, and the five priority remediation actions.
| Category | Count |
|---|---|
| Total risks assessed | 36 |
| HIGH (Score 15+) | 15 |
| MEDIUM (Score 9-12) | 14 |
| LOW / VERY LOW | 7 |
| Treatment Not Started | 14 |
| Treatment In Progress | 12 |
| Treatment Completed | 10 |