Create a Risk Assessment Methodology

Release version: Australia

Updated March 12, 2026

1 minute to read

Configure a risk assessment methodology (RAM) in the Privacy Management application so that you can assess the risks in your organization.

Before you begin

Role required: sn_privacy.manager or sn_privacy.admin

About this task

Create a standardized method to support risk-based decision-making across departments, projects, and systems. By using a RAM, your organization can have different methodologies for assessing risks.

After you move a RAM to the Retired state, you can also move it back to the Draft state if you want to make some changes later. You can only move a RAM to the Draft state if it doesn’t have any assessments in the Monitor state or the Closed state. When you move a RAM back to the Draft, the on-going assessments and the associated scopes are deleted.

Procedure

Navigate to All > Privacy Management > Risk Assessments > Risk assessment methodologies.
On the Risk Assessment Methodology page, select New.
On the form, fill the details.
For a description of the field values on the risk assessment methodology form, see Risk Assessment Methodology form.
Right-click and save the form.

To configure the various assessments, select one of the following options.

Choice	Related link
Configure inherent assessment	See Configure an inherent assessment.
Configure control effectiveness	See Configure a control effectiveness assessment
Configure residual assessment	See Configure a residual assessment
Configure target assessment	See Configure a target assessment

Select Publish.

Note:
After a new assessment is created on the same risk and the assessment is in the Monitor state, the other assessments automatically move to the Completed state. When an assessment instance is in the Monitor state, you can’t move the RAM back to the Draft state. A RAM can only be moved back to the Draft state if there are no assessment instances.

Result

A new Risk Assessment Methodology is created and is available for use.