Help Center

Improved

Fixed

Beta

secfix

Planned

In Progress

Rejected

Open

Complete

Closed

Under Review

High Priority

Low Priority

Automated tasks

Home

Vendor management

Risk register

Inventory

Secfix agent

Frameworks page

Connections

Manual evidence

Notifications (in-app, email)

Trust Center

Computers

Policies

Auditors Experience

Group settings

My security tasks

Others

Automation

My Onboarding (/me)

Admin Dashboard (/home)

Security reports

Members page

Monitoring

Security awareness training

Access management

Employees

Onboarding settings

Navigation bar/Settings

Other

People

HRIS

Task Tracker

Mobile Device Management (MDM)

Cloud Provider

Identity Provider & SSO

Background check

Git Repos

Default

Building Now

Completed

Secfix Roadmap

Hey {name|there}! 👋

When a user selects the "mitigate" option for a risk, the system should enforce that the post-mitigation risk rating is lower than the initial rating. Right now, it's possible to apply a mitigation and keep the same risk score, which doesn't make logical sense and can lead to confusion during audits or internal reviews.Ideally, there should be a validation or warning to guide the user to adjust the rating appropriately—or at least justify why it remains unchanged (e.g., if it's already at the lowest possible level). This would help ensure that the mitigation steps are meaningfully reflected in the risk scoring and support better risk management practices.This improvement would prevent user errors, make the risk register more reliable, and align with auditor expectations.

Require Lower Risk Rating After Mitigation Is Applied

Olivia Kiniger

Secfix

Require Lower Risk Rating After Mitigation Is Applied

Subscribe to post

Subscribe to post