Put plainly, the Problem Risk Assessment (PRA) is a simplified risk assessment with lower documentation requirements when compared to IT system assessments. The PRA is an option for risk assessing problems that are not bound to specific systems or the organizational risk assessment. This problem analysis approach is tailored for cases such as the Log4j vulnerability. One quickly needs to get an overview of the situation, map out implications, and implement countermeasures.
Results from the PRA will be juxtapositioned with risks from other risk assessments in Diri. You can sort on risk assessment type in both the Risk assessment overview and the Risk registry.
The PRA was primarily added to ease the access the Diri's risk analysis features. Not all risk assessments fit the IT systems approach or are a part of the strategic overall risk assessment. Sometimes, one just needs to quickly assess a specific problem and figure out how to deal with it. The PRA offers quick access to a simplified risk assessment with fewer documentation requirements.
We can not predict all situations where the PRA will be an appropriate choice. But the PRA should, for example, be used in cases where a novel problem occurs that spans widely in the organization, and we need to quickly assess the problem and delegate countermeasures.
The registration step only asks to register the name, description, delimitations, and participants for the assessment. The assessment allows you to choose implicated existing systems, if any, and promptly access the Diri risk analysis.