Hi all,

I was curious to see how everyone was hand,ling their risk register and keeping a log of all risks and associated tickets related to a risk.

For example, a risk is known and you want to get this signed off by the risk team or associated team and keep a register of all IT risks.

ie Risk: MFA not enabled for a user group. 

Description: blah blah MFA is used as a security measure. Request has been submitted to revoke this.

Approval: Accept Risk, Decline risk and enforce best practice.