Risks, Controls & Recommendations Review

This guide explains how to use the Risks, Controls & Recommendations Review modules to review identified risks, evaluate associated controls, and manage security recommendations for your organization.

1. What is the Risks, Controls & Recommendations Review?

The Security & Risk section gives your organization a dedicated space to review and act on your security program. It includes four pages accessible from the left navigation menu:

• Risks — Active risk scenarios identified for your environment.
• Controls — Security controls in place or recommended to address those risks.
• Roadmap — Action items and remediation tasks tied to your security program.
• Recommendations — Suggested actions to improve your risk posture, which you can accept or reject.

These pages are the primary place where your security program becomes actionable — bridging the gap between identified risks and the decisions your team makes about them.

Important: The Security & Risk section is only available to clients on the new snapshot experience. Access is based on the maturity level of your security program. Your Holtium representative will inform you of your maturity level and whether your program is ready to use this approach.

2. Who Can Use This Module?

Availability

This section is not available to all clients by default. It is enabled for clients who:

• Are on the new snapshot experience, and
• Have reached the required maturity level in their security program.

Your Holtium representative will communicate your organization's maturity level and confirm when your program is ready to use the Security & Risk section.

Client Administrators:

• Can view all risks, controls, and recommendations.
• Can accept or reject recommendations on behalf of the organization.