Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Organizational risk overviewVendor IT risk overview
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Organizational risk overview

Review aggregated organizational risks across departments and processes.

Organizational Risk Overview

The Organizational Risk Overview screen gives your compliance team a single, consolidated picture of how data-protection and IT risk is distributed across your entire project portfolio. Instead of opening dozens of individual assessments one by one, you can slice and filter across every project your organisation has run, then let DPMS reconstruct the answers into a colour-coded risk heat map that shows — at a glance — which control areas are strong and where the biggest gaps remain. DPOs, compliance managers, and risk managers typically use this screen after a quarterly assessment cycle closes, when preparing board reports, or when prioritising remediation work across departments.

How to open it

Navigate to the screen using the main left-hand sidebar. Look for the section that groups risk and organisational modules, then click the Organizational Risk item. The exact label depends on the language configured for your account; in English it appears as "Organizational Risk."

You need read access to projects and assessments to see this screen. If your role does not carry the necessary rights, the sidebar item will not appear at all, and visiting the URL directly will redirect you to the DPMS dashboard.

Screenshot

What you see

When the page loads, the first thing you notice is your company's display name shown prominently at the top of the content area. This is pulled automatically from your login session — it is there to confirm that you are looking at your own organisation's data, not a shared workspace.

Directly below the company name is a four-row filter panel. Each row follows the same pattern: a short label on the left and a dropdown or tag-selector on the right. Reading from top to bottom, the four rows are Domain, Projects, Views, and Assessments. The order is intentional — each selection narrows the choices available in the row below it, guiding you like a funnel towards the exact data set you want to analyse.

Below the filter panel, the remainder of the page is occupied by the risk visualisation area. When no filters have been applied yet, this area is blank. As soon as you choose a valid combination of View and Assessment, it fills with a tiled, colour-coded grid. Each tile represents a control domain or sub-domain, and its colour reflects how mature or risky the answered questions in that category are. There are no action buttons on this screen — no Create, Edit, or Delete — because this is a read-only analytical surface.

Working with this screen

Setting up your first risk view after a quarterly assessment cycle

Imagine it is the end of Q3 and you need to present a data-protection maturity overview to the board. Open the Organizational Risk screen from the sidebar. Begin at the top of the filter panel with the Domain selector. Click it and choose the domain that is relevant to this quarter's review — for example, "Corporate IT." Once you select a domain, the Projects dropdown immediately narrows to show only the projects that belong to that domain. Choose the appropriate project, such as "Q3 2024 GDPR Compliance Assessment."

As soon as a project is selected, DPMS fetches its assessments in the background and the Views dropdown populates with the views that have been linked to that project. Choose the view that matches your reporting context — for example, "GDPR Article Mapping View" if you want tiles organised by GDPR article. Finally, open the Assessments dropdown and select the assessment that was finalised last week.

Within a moment, the risk tile grid renders below the filters. You can now read off, category by category, which areas scored well and which are still amber or red. Take a screenshot to include in your board presentation.

Tip: If the visualisation area stays blank after selecting all four filters, the most likely cause is that the selected assessment has no questions with a "Closed" status. Make sure the full assessment cycle has been closed before using this screen for reporting.

Comparing two assessment cycles for the same project

After completing a new assessment run, you want to see whether risk scores have improved since the previous cycle. Open the Organizational Risk screen and leave the Domain selector blank — this means all domains remain in scope. Select the relevant project from the Projects dropdown, then pick the standard view from Views.

Now open the Assessments dropdown and choose the earlier assessment, for example "Assessment — Q1 2024." Note the tile pattern. Then return to the Assessments dropdown and switch to "Assessment — Q3 2024." The tile grid re-renders immediately with the new data. Switching the view while keeping the same assessment selected will also immediately re-render — this is useful for quickly seeing how the same data looks through a different organisational lens.

If you want to compare the two states side by side, open the screen in a second browser tab and set the second tab to the earlier assessment.

Heads up: Changing the Projects selection resets both the Views and Assessments dropdowns to blank. Even if you then pick what appears to be the same project, you will need to re-select the View and Assessment before the visualisation will appear.

Focusing on a single business unit's risk profile

If your organisation has tagged its projects by business unit using domain tags, you can zoom directly into one unit's data. Select the relevant domain — for example, "Finance" — from the Domain tag selector. The Projects dropdown immediately narrows to Finance-related projects only. Select the appropriate project, choose a view such as "ISO 27001 Controls View," and then pick the latest completed assessment from the Assessments dropdown.

The grid renders with tiles for each control family. If you notice that certain tiles — for instance "Access Control" or "Cryptography" — are showing amber scores, make a note of these as priority items for your next planning cycle. Because this screen is read-only, you will need to create any remediation tasks in the Tasks module.

Exploring the screen for the first time

If you are new to the platform, start by simply clicking through the filters to understand how they work together. Click the Domain selector and choose any domain. The Projects dropdown populates. Choose a project, and the Views and Assessments dropdowns fill in. Notice that changing the Projects selection resets Views and Assessments — this teaches you the cascading dependency: domain → project → view + assessment.

Once you have selected all four, the tile grid appears and you can see how the view's tag structure maps to the assessment's questions. If you are unsure why certain tiles are missing, check whether the assessment has closed questions and whether the view's category tags match the tags assigned to those questions.

Field reference

  • Domain — A tag-based selector. Filters the project list to show only projects belonging to the selected business domain. If no domain tags have been configured in Compliance Settings, this selector will appear empty. Leaving it blank means all projects are visible. Changing the domain clears the current project selection.
  • Projects — A single-select dropdown. Shows all projects available to you, or only the subset matching the selected domain. Selecting a project triggers a live fetch of that project's assessments and filters the Views dropdown. Changing the project resets both Views and Assessments.
  • Views — A single-select dropdown. Shows only the views that have been explicitly linked to the selected project. A view defines the category tree (tags and sub-tags) used to organise the risk tiles. If the selected project has no linked views, this dropdown will be empty and no visualisation can be generated. Selecting a new view while keeping the same assessment re-renders the tiles immediately.
  • Assessments — A single-select dropdown. Lists the assessments created for the selected project. Selecting an assessment — together with a view — triggers the data fetch that populates the risk tiles. Only questions with a "Closed" status contribute to the tiles; open or in-progress questions are excluded.

How this connects to the rest of DPMS

The Organizational Risk Overview is a downstream, read-only screen. Everything it displays was created and managed in other parts of the platform:

  • Compliance Settings → Tags: This is where project-domain tags are defined. Without domain tags, the Domain selector on this screen will be empty and cannot filter projects.
  • Projects module: Projects are created here and linked to views. The Projects dropdown on this screen reflects exactly what has been set up there.
  • Views configuration: Each view's category tree — the tags and sub-tags that become the risk tiles — is defined in the Views module. A view must be explicitly linked to a project before it appears in the Views dropdown on this screen.
  • Assessments module: Assessments are created, questionnaires are sent out, responses are collected, and questions are closed here. Only assessments with at least one closed question will produce a visible tile. If you have just finished a cycle and the screen still looks empty, return to the Assessments module to confirm all questions have been closed.

After using this screen, the natural next steps are to document your findings, create remediation tasks in the Tasks module, or export the visualisation for reporting purposes.

Tips & common pitfalls

Heads up: The visualisation stays blank even after selecting all four filters if the assessment contains no questions with a "Closed" status. Open, pending, or draft questions are excluded from the risk calculation. Always confirm the assessment cycle has been fully closed before using this screen.
Tip: Views must be explicitly linked to a project in the Views management screen. A view does not automatically appear in a project's dropdown just because it exists in your organisation. If the Views dropdown is empty after selecting a project, go to the Views module and add the project to the view's linked projects list.
  • Tags in the view must match the tags on the questions. The risk tile mapping works by comparing tag IDs. If a question is tagged with a domain tag that is not part of the selected view's category tree, that question simply will not appear in any tile — silently, without an error message. If tiles seem incomplete, check that the view's tags align with the tags assigned in the assessment templates.
  • Switching the View without changing the Assessment re-renders the tiles immediately. This is intentional and useful — you can quickly compare how the same assessment looks through different organisational lenses. But if you accidentally click a different view, the grid will update straight away.
  • The company name at the top is read-only. It reflects your authenticated company session. If it appears outdated or incorrect, update it in the organisation settings elsewhere in DPMS; there is no way to change it from this screen.
  • No navigation from tiles to details. Clicking a tile in the risk grid does not open a detail view or navigate to another screen. This screen is purely for analysis. To investigate a specific category further, you will need to go to the Assessments module and review the underlying questions directly.


Was this article helpful?

English
Powered by Product Fruits