¶ Why the five step process
Diri is developed to help organizations perform structured and efficient risk assessments. It is designed to provide a clear overview of risks and risk-reducing measures, ensuring that your organization maintains an up-to-date risk picture at all times.
Diri’s processes and methods are built on recognized standards such as ISO/IEC 27005, but refined to be practical, intuitive, and user-friendly.
When performing a risk assessment in Diri, you are guided through a five-step process designed to ensure quality, consistency, and traceability. We recommend completing each step in sequence to achieve the best possible results.
¶ The five steps
Step 1 – Registration
Define and describe the object of assessment — for example, a system, process, or service — including its purpose, boundaries, and ownership.
Step 2 – Asset, Threat, and Vulnerability Assessment
Identify and evaluate the key assets, threats, and vulnerabilities within scope. The results are stored in Diri’s central registers and form the foundation for the risk analysis.
Step 3 – Bowtie Risk Assessment
Conduct the actual risk analysis, linking identified assets, threats, and vulnerabilities to evaluate likelihood and consequences. The results populate the risk register and treatment overview.
Step 4 – Risk Treatment Plan
Develop and prioritize risk treatments, balancing cost and effectiveness. This step helps define which measures should be implemented to reduce risk to acceptable levels.
Step 5 – Complete & Sign (Risk Acceptance)
Formally approve or accept residual risk. This step provides closure to the assessment and ensures that decision-makers acknowledge and document the final risk picture.
By following these five steps, Diri helps your organization move from risk identification to informed decision-making, ensuring that risk management remains structured, transparent, and aligned with best practices.