Cybersecurity Risk Register

Intake new cyber risks, normalize risk data, route material risks for review, and maintain the risk register.

Book a demo
  1. # Agent role
  2. You are the Cybersecurity Risk Register agent. You manage one request from intake to closure, using policy knowledge, approved tools, and human escalation when required.
  4. # Inputs
  5. - request_id: the tracked request row
  6. - requester: the authenticated employee who submitted the request
  7. - summary: the user's description of what they need
  8. - business_justification: why the request is needed
  9. - target_system_or_record: the relevant application, record, customer, vendor, invoice, device, or account
  11. # Instructions
  12. 1. Confirm the requester is authenticated and that the request belongs to this operation.
  13. 2. Gather missing details in Slack or Teams before taking action. Use connected systems to retrieve context first, then ask the requester only for details that cannot be found.
  14. 3. Check the policy knowledge source before approving, rejecting, or escalating. Do not invent policy rules.
  15. 4. Auto-resolve by following the operation-specific steps in `# Auto-resolution`. Do not stop at a recommendation if the required tool call is permitted and the response is unambiguous.
  16. 5. Escalate when approval is required, risk is unclear, data conflicts, or the requested action is outside the agent's permissions.
  17. 6. Update the request row and write an audit entry for every decision, tool action, escalation, and closure.
  18. 7. Reply to the requester with a concise status update and next step.
  20. # Tool use
  21. - Use {{ budibase.Cybersecurity Risk Register Requests.get_row }} and {{ budibase.Cybersecurity Risk Register Requests.update_row }} to maintain request state.
  22. - Use {{ budibase.Cybersecurity Risk Register Audit Log.create_row }} to log decisions and actions.
  23. - Use notification tools only for requester updates, approver handoff, or operational escalation.
  25. # Auto-resolution
  26. - Use {{ postgresql.Risk Register.search_rows }} to check whether the submitted risk already exists.
  27. - If the risk is new, complete, and low or medium impact under policy, use {{ postgresql.Risk Register.create_row }} to add it to the register.
  28. - If the risk needs mitigation work, use {{ jira.create_issue }} to create the remediation task and link it to the risk row.
  29. - Use {{ postgresql.Risk Register.update_row }} to set owner, inherent risk, residual risk, mitigation due date, and status.
  30. - Escalate high residual risks, missing owners, regulatory exposure, or overdue mitigations before marking the risk accepted.
  32. # Output
  33. Return JSON with request_id, status, decision, rationale, next_owner, and actions_taken.

Overview

Intake new cyber risks, normalize risk data, route material risks for review, and maintain the risk register. The operation is designed as a single agent-led workflow: every request is tracked, every decision is logged, and humans step in only when policy or risk requires it.

Request

A requester submits a cybersecurity risk register through Slack, Teams, or the Risk Register Intake Form, creating a tracked request row.

Agent Triage

The agent confirms the request type, retrieves context from risk register database and remediation backlog, checks the relevant policy source, and asks for any missing details in chat.

Agent Resolution

Where policy permits, the agent completes low-impact risks with complete owner, asset, likelihood, and impact details and records the outcome without waiting for manual handling.

Escalation

The agent escalates high residual risk, missing ownership, regulatory exposure, or overdue mitigation to the responsible owner with a decision summary and supporting context.

Human Resolution

An approver reviews the escalation in chat or the Cyber Risk Review Queue, then approves, rejects, or returns it for more information.

We’ve created this example workflow to help you get started building your own Cybersecurity Risk Register.

Agents

The Cybersecurity Risk Register agent manages intake, policy checks, tool actions, escalation, requester updates, and closure for this operation.

# Agent role
You are the Cybersecurity Risk Register agent. You manage one request from intake to closure, using policy knowledge, approved tools, and human escalation when required.


# Inputs
- request_id: the tracked request row
- requester: the authenticated employee who submitted the request
- summary: the user's description of what they need
- business_justification: why the request is needed
- target_system_or_record: the relevant application, record, customer, vendor, invoice, device, or account


# Instructions
1. Confirm the requester is authenticated and that the request belongs to this operation.
2. Gather missing details in Slack or Teams before taking action. Use connected systems to retrieve context first, then ask the requester only for details that cannot be found.
3. Check the policy knowledge source before approving, rejecting, or escalating. Do not invent policy rules.
4. Auto-resolve by following the operation-specific steps in `# Auto-resolution`. Do not stop at a recommendation if the required tool call is permitted and the response is unambiguous.
5. Escalate when approval is required, risk is unclear, data conflicts, or the requested action is outside the agent's permissions.
6. Update the request row and write an audit entry for every decision, tool action, escalation, and closure.
7. Reply to the requester with a concise status update and next step.


# Tool use
- Use {{ budibase.Cybersecurity Risk Register Requests.get_row }} and {{ budibase.Cybersecurity Risk Register Requests.update_row }} to maintain request state.
- Use {{ budibase.Cybersecurity Risk Register Audit Log.create_row }} to log decisions and actions.
- Use notification tools only for requester updates, approver handoff, or operational escalation.


# Auto-resolution
- Use {{ postgresql.Risk Register.search_rows }} to check whether the submitted risk already exists.
- If the risk is new, complete, and low or medium impact under policy, use {{ postgresql.Risk Register.create_row }} to add it to the register.
- If the risk needs mitigation work, use {{ jira.create_issue }} to create the remediation task and link it to the risk row.
- Use {{ postgresql.Risk Register.update_row }} to set owner, inherent risk, residual risk, mitigation due date, and status.
- Escalate high residual risks, missing owners, regulatory exposure, or overdue mitigations before marking the risk accepted.


# Output
Return JSON with request_id, status, decision, rationale, next_owner, and actions_taken.

Data

Tables

Cybersecurity Risk Register Requests: Stores the request, requester, target record, status, current owner, decision, and closure details.

  • request_id : Text - Unique request identifier.
  • requester : User - Authenticated employee who submitted the request.
  • summary : Long Form Text - Short description of the request.
  • target_record : Text - Relevant account, system, vendor, customer, asset, invoice, or application.
  • status : Single Select - New, Triaging, Waiting, Escalated, Completed, Rejected, or Closed.
  • priority : Single Select - Low, Medium, or High.
  • decision : Single Select - Approved, Rejected, Escalated, or Cancelled.
  • rationale : Long Form Text - Agent or approver explanation.
  • created_at : Date - Request creation timestamp.
  • closed_at : Date - Completion timestamp, if closed.
request_id,requester,summary,target_record,status,priority,decision,rationale,created_at,closed_at
RISK-1048,emma.clarke@example.com,"Please process this cybersecurity risk register.","Example target",Escalated,High,Escalated,"Requires owner approval.",2026-05-18T09:15:00.000Z,

Cybersecurity Risk Register Audit Log: Records agent decisions, tool calls, escalations, notifications, and human actions.

  • event_id : Text - Unique audit event identifier.
  • request_id : Text - Related request identifier.
  • actor : Text - Agent, requester, approver, or integration name.
  • event_type : Single Select - Message, Tool Call, Decision, Escalation, Approval, Rejection, or Closure.
  • details : JSON - Structured event details.
  • created_at : Date - Event timestamp.
event_id,request_id,actor,event_type,details,created_at
EVT-2048,RISK-1048,Cybersecurity Risk Register Agent,Escalation,"{""reason"":""Policy requires owner review""}",2026-05-18T09:18:00.000Z

Connections

SlackTeamsPostgreSQLJiraConfluence

Slack: Receives new cyber risk submissions, asks risk owners for missing impact or mitigation details, and posts review updates.

Teams: Supports Teams-based risk intake and reviewer notifications for security, compliance, and risk owners.

PostgreSQL: Stores risk register records, scoring inputs, mitigation plans, owner assignments, and audit events.

Jira: Creates follow-up work for remediation tasks, control gaps, and escalated risks that need tracked action.

Confluence: Provides risk scoring methodology, control framework references, review cadence, and escalation criteria.

Adding Knowledge

The agent uses Confluence or SharePoint as a knowledge source when policy guidance, approval thresholds, ownership rules, or standard operating procedures are needed. The agent retrieves the relevant policy before deciding whether to auto-resolve, reject, or escalate a request.

Screens

Cybersecurity Risk Register

Id Request Priority Status
RISK-1048 Cybersecurity Risk Register for Emma Clarke High Needs Review
RISK-1047 Policy check completed for Northstar account Medium In Progress
RISK-1046 Standard request from Daniel Reed Low Completed
RISK-1045 Exception raised by Revenue Ops manager High Escalated
RISK-1044 Missing details requested from Priya Shah Medium Waiting
RISK-1043 Auto-resolved after policy lookup Low Completed
RISK-1042 Approval reminder sent to owner Medium Waiting
RISK-1041 Duplicate request closed by agent Low Closed
RISK-1040 High-priority request from field team High In Progress
RISK-1039 Audit log updated for completed request Low Completed

Risk Register Intake Form: A structured request screen for employees who need to provide required fields, attachments, or target record details that are awkward to collect in chat.

Cyber Risk Review Queue: A queue for approvers and operations owners to review escalated requests, see the agent’s rationale, and record a final decision.

Request Detail: A record view that shows request metadata, conversation history, audit events, tool outcomes, and final resolution.

Automations

Create Request Record: On Create Row - Sets the initial status, priority, timestamps, and default owner when a new request is submitted.

Invoke Cybersecurity Risk Register Agent: On Create Row - Sends the request context to the agent for triage and policy evaluation.

Escalation Reminder: On Update Row - Notifies the current approver when an escalated request has not moved within the expected review window.

Close Request Audit: On Update Row - Writes a final audit event and sends the requester a closure update when the request is completed, rejected, or cancelled.