Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Register Risks

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce IT Service

            Register Risks

            Log vulnerabilities and threats in your IT environment by creating risk records. You can quickly create a risk using a predefined risk scenario, or create a risk directly from the Risks tab in the IT Compliance app.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service.
            User Permissions Needed
            To register risks: Compliance Admin permission set

            A risk record represents a specific threat your team has acknowledged in your IT environment, like a phishing attempt against a particular tenant or a data retention failure for a specific customer dataset. Most risks are registered from a Risk Scenario in the library, so the new record inherits the standardized name, description, category, and source framework. When no scenario fits, register the risk directly from the Risks tab.

            1. From App Launcher, go to the IT Compliance app and select Risk Scenario Library.
            2. Click the dropdown next to Add and select Register Risk. To start from an existing scenario, select Register Risk from the dropdown next to that scenario instead.
            3. Fill in the risk details:
              • Risk Name. The name of the specific risk you're registering. Add detail that distinguishes it from other risks built on the same scenario, like the affected business unit, vendor, or asset.
              • Description. Inherits the scenario's description by default. Refine it if this risk has specifics worth capturing, such as a particular threat vector or environment.
              • Category. Inherits from the scenario.
              • Owner. The person accountable for managing the risk, usually a Risk Manager, security lead, or business unit owner.
              • Risk Scope. The business units, vendors, configuration items, or assets the risk applies to. Scope is what turns the abstract scenario into a concrete, trackable risk.
            4. Save your changes.
            Example: registering a phishing risk for a specific business unit
            Example: registering a phishing risk for a specific business unit

            Suppose your compliance team uses the Phishing Attack scenario from the library to register a phishing risk specific to your North America Sales business unit. The new risk record inherits the scenario's defaults but adds the specifics that make it actionable:

            • Risk Name: Phishing Attack — North America Sales
            • Risk Scenario: Phishing Attack (linked from the library)
            • Description: Inherited from the scenario. Attackers attempt to steal credentials or deliver malware by impersonating a trusted source through email, SMS, or messaging.
            • Category: Inherited. Cybersecurity
            • Owner: Jordan Kim, CISO for North America
            • Risk Scope: North America Sales tenant, Salesforce Sales Cloud, ~1,200 user accounts

            For the new risk record, the inherent risk score is auto-populated. Your team can now link mitigating controls, associate the risk to specific policy clauses, and conduct evaluations to calculate the residual score.

             
            Loading
            Salesforce Help | Article