Build a physical and corporate security risk register: list each asset or area, the malicious threat scenario, rate threat likelihood and consequence on a 1–5 scale, score the risk on a 5×5 matrix (Low / Medium / High / Extreme), capture existing controls and a recommended treatment with residual risk. Aligned to ISO 31000, ISO 28000 and the ASIS general security risk assessment. Exports to Word and CSV.
Risk score = threat likelihood × consequence impact. Bands below set the priority of treatment.
⚠️ This register supports a security (malicious-threat) risk assessment — theft, intrusion, vandalism, workplace violence, terrorism, sabotage, fraud and information loss — which is distinct from a safety risk assessment of accidental harm. It is structured around ISO 31000 (risk management), ISO 28000 (security management for the supply chain) and the ASIS general security risk assessment process. It is a working template, not professional security advice: validate threats with local intelligence, crime data and a competent security professional, and review the register at least annually and after any incident or major change.