ISO 27001 risk register software
Risk assessment is at the heart of ISO 27001. Vulny gives you a living risk register that scores risks by likelihood and impact — and feeds it from your real vulnerability scans.
Score and track risks
Capture risks, rate them by likelihood × impact, assign owners and treatment, and track them over time — the structured risk assessment ISO 27001 Clauses 6 and 8 expect.
Fed by real findings
Critical scan findings can flow straight into the register, so your risks reflect your actual attack surface rather than a once-a-year brainstorm.
Audit-ready, no spreadsheets
Export a branded risk report for auditors and management in a click, and keep your register, Statement of Applicability and incidents connected in one place — at a flat, transparent price.
Frequently asked questions
Does ISO 27001 require a risk register?
ISO 27001 requires a documented information security risk assessment and treatment process. A risk register is the standard way to record and track that, which Vulny provides built in.
How are risks scored?
Vulny scores risks by likelihood × impact, with owners and treatment status, so you can prioritise and demonstrate a repeatable method to auditors.
Can risks link to vulnerability findings?
Yes. Critical findings from your scans can flow into the risk register, keeping it aligned with your real security posture.
See it on your own site
Run one scan for security, SEO and AI-search (GEO) — and get a branded, ISO 27001 ready PDF report.
Scan my site →