GRC Engineering
Risk Register
Documented inventory of identified risks including likelihood, impact, risk owner, and treatment strategy. The risk register is a living document reviewed quarterly by most organizations and is a standard audit artifact for SOC 2 and ISO 27001.