Risks
Manage organizational risks with the de.iterate SDK.
Overview
The risks resource provides full CRUD operations for risk management, including risk assessment, mitigation tracking, and control linking.
List Risks
typescript
// List all risks
const risks = await client.risks.list();
// Filter by severity
const highRisks = await client.risks.list({
filter: { severity: 'high' }
});
// Filter by status
const openRisks = await client.risks.list({
filter: { status: 'open' }
});
// Multiple filters
const criticalOpen = await client.risks.list({
filter: {
severity: { in: ['critical', 'high'] },
status: 'open',
},
sort: '-createdAt',
});Get Risk
typescript
const risk = await client.risks.get('risk-123');
console.log(risk.name);
console.log(risk.severity);
console.log(risk.status);
console.log(risk.linkedControls);Create Risk
typescript
const risk = await client.risks.create({
name: 'Data Breach Risk',
description: 'Risk of unauthorized access to customer data',
category: 'Security',
severity: 'high',
likelihood: 'possible',
impact: 'major',
owner: 'security@company.com',
});
console.log(`Created risk: ${risk.id}`);Required Fields
| Field | Type | Description |
|---|---|---|
name | string | Risk title |
Optional Fields
| Field | Type | Description |
|---|---|---|
description | string | Detailed description |
category | string | Risk category |
severity | string | Severity level |
likelihood | string | Probability of occurrence |
impact | string | Potential impact |
owner | string | Risk owner |
status | string | Current status |
Update Risk
typescript
const updated = await client.risks.update('risk-123', {
status: 'mitigated',
mitigationNotes: 'Implemented encryption and access controls',
residualRisk: 'low',
});Delete Risk
typescript
await client.risks.delete('risk-123');Link Controls
Associate controls with a risk:
typescript
// Link a control to a risk
await client.risks.linkControl('risk-123', 'control-456');
// Unlink a control
await client.risks.unlinkControl('risk-123', 'control-456');Risk Assessment
typescript
// Get risk with assessment details
const risk = await client.risks.get('risk-123', {
include: ['assessment', 'controls'],
});
console.log('Inherent Risk:', risk.inherentRisk);
console.log('Residual Risk:', risk.residualRisk);
console.log('Linked Controls:', risk.linkedControls?.length);Risk Types
typescript
interface Risk {
id: string;
type: 'risk';
name: string;
description?: string;
category?: string;
severity?: 'critical' | 'high' | 'medium' | 'low';
likelihood?: string;
impact?: string;
status?: 'open' | 'mitigated' | 'accepted' | 'closed';
owner?: string;
inherentRisk?: number;
residualRisk?: number;
linkedControls?: string[];
createdAt: Date;
updatedAt: Date;
}Examples
Risk Dashboard
typescript
async function riskDashboard() {
const risks = await client.risks.list();
const bySeverity = {
critical: 0,
high: 0,
medium: 0,
low: 0,
};
for (const risk of risks.data) {
const sev = risk.severity?.toLowerCase() || 'low';
if (sev in bySeverity) {
bySeverity[sev as keyof typeof bySeverity]++;
}
}
console.log('Risk Summary:');
console.log(` 🔴 Critical: ${bySeverity.critical}`);
console.log(` 🟠 High: ${bySeverity.high}`);
console.log(` 🟡 Medium: ${bySeverity.medium}`);
console.log(` 🟢 Low: ${bySeverity.low}`);
}Find Unmitigated Risks
typescript
async function findUnmitigatedRisks() {
const risks = await client.risks.list({
filter: {
status: 'open',
severity: { in: ['critical', 'high'] },
},
});
console.log('Unmitigated High-Severity Risks:');
for (const risk of risks.data) {
console.log(` • ${risk.name}`);
console.log(` Owner: ${risk.owner || 'Unassigned'}`);
}
}Create Risk with Controls
typescript
async function createRiskWithControls() {
// Create the risk
const risk = await client.risks.create({
name: 'Malware Infection Risk',
severity: 'high',
category: 'Security',
});
// Link existing controls
const controlIds = ['ctrl-001', 'ctrl-002', 'ctrl-003'];
for (const controlId of controlIds) {
await client.risks.linkControl(risk.id, controlId);
}
console.log(`Created risk with ${controlIds.length} linked controls`);
}Next Steps
- Controls - Manage security controls