e|Resilient
Tools
ISO 22301:2019 · ISO/TS 22317:2021

riscScope

RISC · Risk Intelligent Supply Chain

riscScope™ is the enterprise risk assessment workspace in the RISC family from e|Resilient. Five weighted impact dimensions, inherent-vs-residual modeling, control effectiveness as a measurable lever — and an output your board, your insurer, and your customers' due-diligence teams will all recognize.

Request accessHow to get access

The RISC family. The lowercase “risc” prefix is shared across our tools and originates with riscManager.com™, our Risk Intelligent Supply Chain platform. The family also includes riscAnalysis™ (Business Impact Analysis). riscScope™ extends the same disciplined methodology beyond supply chain to enterprise- wide threat assessment — same standard, same rigor, same workspace family.

Why It Exists

Most companies cannot defend their risk register.

Walk into the average SMB and ask for their enterprise risk register and you'll get one of three answers: a heatmap that someone built once in a workshop, a spreadsheet that hasn't been updated since the last audit, or a polite shrug. None of those survive a serious question from a board, an insurer, or a regulator.

The standard exists for a reason. ISO 22301 §8.2.3 expects identified threats, assessed likelihood and impact, documented controls, and a measurable residual exposure. ISO/TS 22317:2021 specifies how to do the assessment work behind it. The methodology is settled — what's missing for most SMBs is a workspace that makes following it practical.

riscScope™ is that workspace. Score the threats the way the standard says to score them, document the controls already in place, and produce a register that holds up under scrutiny — without a six-month Big Four engagement to get there.

What It Does

The three things that make a risk score defensible.

Most tools collapse risk into a single number on a heatmap. riscScope™ separates the inputs the standard cares about so the output can be audited, challenged, and updated as the business changes.

  • 📐

    ISO-aligned methodology

    Built on ISO 22301:2019 and ISO/TS 22317:2021 — the international standard for business continuity and the technical specification for Business Impact Analysis. Auditors and insurers recognize the framework on sight.

    • Enhanced model: five weighted impact dimensions and a control-effectiveness modifier
    • Standard model: backwards-compatible 3-dimension scoring for legacy baselines
    • Inherent vs residual Overall Threat Rating (OTR) on a 0–100 scale
    • MTPD indicator captured at the threat level, not just the function
  • 🎯

    Five impact dimensions

    Most risk scoring collapses impact into one number. riscScope™ rates each threat across five weighted dimensions so the score reflects how the business actually fails — not a flat average.

    • Financial impact (1.5× weight) — direct loss and revenue exposure
    • Operational impact (1.0×) — degradation, partial shutdown, full shutdown
    • Reputational impact (1.25×) — local, regional, national attention
    • Legal / regulatory (1.0×) — non-compliance, investigation, penalties
    • Health & safety (1.5×) — first aid, treatment, serious injury, fatality
  • 🛡

    Inherent vs residual risk

    riscScope™ separates risk-before-controls from risk-after-controls so leadership can see what the program is actually buying. Controls become a measurable lever, not an article of faith.

    • Five-level control effectiveness scale (None → Full), 0–80% risk reduction
    • Residual OTR rendered alongside inherent OTR for every threat
    • Aggregate metric: average reduction across the threat register
    • Risk-band classification: Low / Moderate / High / Critical

The Threat Catalog

22 enterprise threats, pre-loaded.

You don't start from a blank threat list. riscScope™ ships with the 22 enterprise threats e|Resilient practitioners have seen recur across two decades of Fortune 100 work — from cash-flow crunch to wildfire to communications failure. Each one is pre-described so you score, you don't brainstorm.

  • Financial
    2 threats
  • Physical Hazard
    2 threats
  • External Environment
    2 threats
  • People & Workforce
    2 threats
  • Health & Safety
    1 threat
  • Security
    2 threats
  • Natural Disaster
    5 threats
  • Infrastructure
    4 threats
  • Technology
    2 threats

How It Works

From kickoff to defensible register.

Four steps. Auto-saved at every input. Resume from any device, any time.

  1. Step 1

    Configure the engagement

    Set the client organization, engagement name, assessment date, and lead assessor. Choose the Enhanced model (default — recommended) or Standard for backward compatibility with prior baselines.

  2. Step 2

    Score the threat catalog

    Step through 22 pre-loaded enterprise threats across Financial, Physical Hazard, External Environment, People & Workforce, Health & Safety, Security, Natural Disaster, Infrastructure, and Technology categories. Capture likelihood, weighted impacts, MTPD, and control effectiveness inline.

  3. Step 3

    Document controls and mitigations

    For each threat, capture management controls already in place, the mitigation strategy deployed, and the monitoring protocol. The qualitative narrative ships alongside the quantitative score — defensible to a board or auditor.

  4. Step 4

    Generate the threat register

    Results page ranks threats by residual OTR with a chart showing inherent vs residual side-by-side. Export to CSV for analysis, print to PDF for the engagement deliverable, and compare assessments year-over-year to see whether the program is moving.

What You Get

Outputs that travel.

Everything riscScope™ produces is portable and human-readable. Hand the CSV to a data team, the PDF to a board, and the register to your insurer — same source of truth, no reformat-and-reconcile.

  • A ranked threat register with residual OTR scored 0–100 for every enterprise threat — defensible to a board, auditor, or customer due-diligence team
  • Inherent vs residual OTR comparison: see what the existing controls are actually buying, expressed as a single risk-reduction percentage
  • Five-dimension impact breakdown per threat (Financial, Operational, Reputational, Legal/Regulatory, Health & Safety) with weighted contribution
  • MTPD indicator on every rated threat — the earliest unacceptable disruption timeframe, ready to feed into a continuity plan
  • CSV export of the full register including likelihood, impacts, controls, mitigation strategy, and monitoring protocol
  • Print-ready PDF deliverable formatted for executive review or ISO 22301 §8.2.3 documentation
  • Year-over-year comparison view — overlay multiple assessments side-by-side to measure program maturity

How to Get Access

Two paths in.

riscScope™ lives inside the e|Resilient client workspace. Most clients reach it through a paid engagement; companies that just want to gauge their own preparedness can license it stand-alone.

Path 1 · Bundled

Included in every paid engagement

Every e|Resilient client engagement includes access to riscScope™ as part of the client workspace. Your consultant runs the assessment alongside your BIA, supply chain mapping, and continuity planning — no separate purchase, no separate platform.

Schedule a consultation

Path 2 · Stand-alone

For companies assessing their own preparedness

If you're not ready for a full engagement but want to produce a defensible threat register, riscScope™ is available as a stand-alone subscription. You run the assessment yourself; we're available for methodology questions and an optional practitioner review.

Request stand-alone access

Stop hand-waving the risk register.

Schedule a 30-minute consultation. We'll show you the workspace, walk through the methodology, and figure out which access path fits your situation.

Book consultationBack to Tools
Book consultation