Overview
Risk snapshots capture the state of your risk registers at a specific point in time. They provide a historical record of your risk posture that enables trend analysis, compliance reporting, and before-and-after comparisons around significant events like control implementations, incidents, or organizational changes.Why Take Snapshots
Compliance Evidence
Auditors want to see how your risk posture has evolved over time. Snapshots provide dated proof of your risk management activities.
Trend Analysis
Compare snapshots to identify whether your risk posture is improving, stable, or worsening over time.
Board Reporting
Executive and board-level reporting requires historical risk data. Snapshots provide the data for quarterly risk reports.
Change Impact
Take a snapshot before and after major changes (new controls, incidents, vendor changes) to measure the impact on your risk posture.
Snapshot Contents
Each snapshot captures a comprehensive set of risk metrics:| Metric | Description |
|---|---|
| Total Risks | Count of all risks in the register at snapshot time |
| Critical Risks | Count of risks with critical risk level |
| High Risks | Count of risks with high risk level |
| Medium Risks | Count of risks with medium risk level |
| Low Risks | Count of risks with low risk level |
| Open Risks | Risks in active, non-resolved statuses |
| Mitigated Risks | Risks with mitigate treatment |
| Accepted Risks | Risks with accept treatment |
| Avg Inherent Score | Average inherent risk score across all risks |
| Avg Residual Score | Average residual risk score across all risks |
| Compliance Rate | Percentage of risks with approved status |
| Created By | User who created the snapshot |
| Notes | Free-text notes explaining the context for the snapshot |
| Trend | System-calculated trend: improving, stable, or worsening |
Creating a Snapshot
Click Create Snapshot
Click the Create Snapshot button. If you have multiple risk registers, select which register to snapshot.
Add Notes
Provide context for the snapshot in the notes field. Good notes explain why the snapshot was taken (e.g., “Q2 2026 quarterly review”, “Post-incident assessment”, “Before SOC 2 audit”).
Snapshot Trends
Each snapshot is assigned a trend indicator based on comparison with the previous snapshot:| Trend | Icon | Description |
|---|---|---|
| Improving | Green down arrow | Overall risk posture has improved (lower average scores, fewer critical/high risks) |
| Stable | Gray dash | Risk posture is largely unchanged |
| Worsening | Red up arrow | Risk posture has deteriorated (higher average scores, more critical/high risks) |
The trend is calculated automatically by comparing key metrics between consecutive snapshots. For the first snapshot in a register, no trend is available.
Viewing Snapshot Details
Click on a snapshot to see its full detail page, which includes:- Summary metrics — all aggregate statistics at the time of capture
- Risk breakdown — individual risks with their scores and statuses at snapshot time
- Comparison indicators — changes from the previous snapshot highlighted
Snapshot Detail Metrics
The detail view displays four key metric cards:- Total Risks — with breakdown by severity level
- Average Inherent Score — mean inherent risk score
- Average Residual Score — mean residual risk score
- Compliance Rate — percentage of approved risks
Comparing Snapshots
Comparing two snapshots side by side reveals how your risk posture has changed over a specific period. Key comparisons include:- Risk count changes — new risks added, risks resolved
- Score changes — movement in average inherent and residual scores
- Risk level shifts — risks that moved between severity levels
- Treatment changes — changes in risk treatment strategies
Take snapshots at regular intervals (quarterly is recommended) to build a consistent historical record that supports meaningful trend analysis.
Filtering Snapshots
The snapshots list supports:- Search — find snapshots by name or notes
- Register filter — show snapshots for a specific risk register
- Date range — filter by snapshot creation date
Exporting Snapshots
Export snapshot data for offline analysis or reporting:- Individual snapshot export — download a single snapshot with all its risk data
- Trend export — download multiple snapshots for trend analysis in spreadsheets or BI tools
When to Take Snapshots
Establish a consistent snapshot cadence and supplement it with event-driven snapshots:Regular Cadence
| Frequency | Use Case |
|---|---|
| Monthly | High-change environments or during initial compliance program buildout |
| Quarterly | Standard cadence for most organizations — aligns with board reporting cycles |
| Semi-annually | Stable environments with low risk volatility |
Event-Driven
| Event | Why Snapshot |
|---|---|
| Before a major audit | Provide auditors with a dated risk posture assessment |
| After a security incident | Document the risk impact and subsequent remediation |
| After control implementation | Measure the effect of new controls on residual risk |
| After organizational changes | Capture risk shifts from mergers, new products, or market expansion |
| Before and after vendor changes | Track how vendor-related risks evolve |
Compliance Relevance
Risk snapshots satisfy requirements across frameworks:| Framework | Control | Requirement |
|---|---|---|
| ISO 27001 | 6.1 | Actions to address risks and opportunities |
| ISO 27001 | 9.1 | Monitoring, measurement, analysis, and evaluation |
| SOC 2 | CC3.2 | Risk assessment process |
| SOC 2 | CC4.1 | Monitoring of internal controls |
| HIPAA | 164.308(a)(1)(ii)(A) | Risk analysis |
| PCI-DSS | 12.2 | Risk assessment process |
Best Practices
- Take snapshots quarterly at minimum to build a consistent historical record
- Always add meaningful notes — future reviewers and auditors need context for why the snapshot exists
- Snapshot before major changes so you have a baseline for measuring the change’s impact
- Review trends monthly even if you only snapshot quarterly — the trend indicators quickly surface deterioration
- Include snapshots in board reports to demonstrate ongoing risk management to leadership
- Retain all snapshots indefinitely — they are lightweight and provide valuable long-term trend data
- Align snapshot dates with audit periods so you have ready-made evidence for audit requests