As a user managing risks in the Secfix platform, I want the selection of CIA (Confidentiality, Integrity, Availability) classifications to be a mandatory step when creating or editing a risk in the Risk Register. This ensures that each risk is properly evaluated in terms of its potential impact on information security principles, which is a core requirement of most compliance frameworks such as ISO 27001. At present, risks can be saved without CIA categories assigned, which may result in incomplete risk assessments and weak prioritization during audits or internal reviews. Enforcing this field would help standardize risk documentation and support more effective treatment decisions. It would also be helpful to highlight any existing risks that are missing CIA classifications, allowing users to easily review and update them accordingly.