If you are ready to do your first risk assessment in your organisation, the ORA should be your go-to choice. It would be best to use the ORA to define critical risks for the organisation and quickly populate the ICT systems portfolio and existing treatment list.
The ORA is also the best choice if you need to do an overarching cybersecurity audit in your organisation.
Choose the ORA using the Diri helper on the Dashboard. Fill out the requested information and spend time on:
The fields for adding IT systems, risks, assets, and controls, illustrated below, are currently only available through the ORA form. Both of which are essential for the relevance of the risk assessment results. Make sure to make good use of them.