How to use Risk Waivers

UpGuard CyberRisk allows you to waive (accept) risks identified in your own infrastructure. This article explains how to use these risk waivers.

Overview

Risk Waivers enable you to accept specific web risks that have been automatically detected for your company. Accepting a risk for a given set of websites will stop the risk from appearing in the Risk Profile and from impacting on the internally-reported score for your company. Note that it will not impact how your risk profile and score appear if someone outside your company looks it up.

Risk Waivers can be used if CyberRisk is identifying a risk that in your particular case (often due to compensating controls you have in place), is not actually a risk.

Creating a Risk Waiver

To create a new Risk Waiver, first navigate to the Risk Profile page. From there, you can click on “Create Risk Waiver” or click on the Risk Waivers sub-menu item in the sidebar navigation.

When creating a new Risk Waiver, you must first select the risk that you want to waive. Then you may choose to create this waiver for All Websites, or Selected Websites. If waiving a risk for All Websites, all sites that currently have that risk detected, plus all websites that have that risk detected in the future will have the risk waived.

On the next step, you can specify whether this waiver requires approval from someone other than yourself. If you approve the waiver yourself, it will become active immediately.

Otherwise, enter the email address of the person you nominate as the approver. They will receive an email asking them to approve or reject the waiver. Once they approve the waiver it will become active.

Next, you can optionally set an expiry date for the waiver. If a waiver has an expiry set and it elapses, the waiver will become inactive and the waived risk will again start impacting your Risk Profile and overall score. You will be sent a reminder before the Risk Waiver expires.

Managing Risk Waivers

The Risk Waivers screen (accessible via a sub-menu in the side navigation when the Risk Profile page is selected) allows you to view all current and past waivers for your company.

To see the details of a waiver, click on its row in the table. Depending on the status of a given waiver, you can cancel, change its approver, or change its expiry date.

Only Risk Waivers that are “Active” impact your Risk Profile and overall score.