Skip to content
Hyperproof API
/
/
Get Risks Filtered

Risks API (1.0)

Provides access to the risks that are part of a Hyperproof organization.

Download OpenAPI description
risks.openapi.json
risks.openapi.yaml
Languages
Servers
Mock server
https://developer.hyperproof.app/_mock/hyperproof-api/risks/risks.openapi
Hyperproof US
https://api.hyperproof.app/v1/risks
Hyperproof Gov
https://api.hyperproofgov.app/v1/risks
Hyperproof EU
https://api.hyperproof.eu/v1/risks

Get Risks

Request

GET /

Description

Retrieves details of all risks within an organization, including their descriptions, categories, likelihoods, and impacts. Note that only active risks are returned.

Security
oauth2
Query
riskRegisterIdstring

Unique ID of the risk register

statusstring

Comma separated list of statuses to filter risks. Supported values: active, archived

expandstring

Comma separated list of fields to expand. Supported values: linkedControls.

curl -i -X GET \
  'https://developer.hyperproof.app/_mock/hyperproof-api/risks/risks.openapi/?riskRegisterId=string&status=string&expand=string' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Success.

Bodyapplication/jsonArray [
idstring(uuid)

The unique identifier for the risk

Example: "d88d505d-5199-11ee-a644-522476618ae8"
orgIdstring(uuid)

The unique identifier for the organization

Example: "ce83e3cd-5199-11ee-a644-522476618ae8"
riskIdentifierstring

Human readable unique identifier for the risk within the organization

Example: "FGSC-RA1"
riskRegisterIdstring(uuid)

The unique identifier for the risk register which the risk belongs to

Example: "9f25da4f-1532-11ee-a87d-8e36b9d27de7"
namestring

Name of the risk

Example: "Free Gas Safety Checks not provided in a complete and timely manner"
descriptionstring

Description of the risk

Example: "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs."
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
healthstring

Current health status of the risk

Enum"healthy""atRisk""critical"
Example: "atRisk"
responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
responseRationalestring

Reasoning for the selected risk response

Example: "accepted"
riskStagestring(RiskStage)

The current stage of the risk

Enum"proposed""evaluating""approved""operating"
notesstring

Additional notes about the risk

Example: "Reviewed by our internal team"
ownerIdstring(uuid)

The unique identifier for the user who is the owner of the risk

Example: "ce83e3cd-5199-11ee-a644-522476618aek"
groupIdstring(uuid)

The unique identifier of the group assigned to the risk

Example: "d2363cab-5199-11ee-a644-522476618ae8"
riskReporterIdstring(uuid)

The unique identifier for the hyperproof user or external contact who reported the risk

Example: "ce83e3cd-5484-11ee-12b6-522476618ae9"
riskReporterTypestring

The type of person who reported the risk

Enum"user""externalContact"
Example: "externalContact"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

Example: 1
likelihoodValueinteger

The user-assigned value for the inherent likelihood scale for the risk, determined from likelihoodLevel and customRiskScales

Example: 2
likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

Example: "security"
impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

Example: 2
impactRationalestring

The reasoning for the inherent impact level of the risk

Example: "cyber"
impactValueinteger

The user-assigned value of inherent impact scale for the risk, determined from impactLevel and customRiskScales

Example: 5
inherentRiskinteger

The inherent risk value for the risk, calculated as likelihoodValue x impactValue

Example: 10
toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

Example: 1
actualRiskinteger

The user-overridden residual risk value for the risk

Example: 4
overrideActualRiskboolean

Flag indicating whether the actual residual risk has been overridden from the calculated value

Example: "false"
overrideActualRiskReasonstring

The reasoning for overriding the residual risk

Example: "low"
overrideActualRiskBystring

The unique identifier of the user who overrode the residual risk

Example: "ac57e976-69ab-11ed-b991-1284f382c88o"
overrideActualRiskOnstring(date-time)

The date when the residual risk was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualLikelihoodboolean

Flag indicating whether the residual likelihood has been overridden from the calculated value

Example: "false"
residualLikelihoodLevelinteger

The user-overridden residual likelihood level of the risk. Index notation (0-based)

Example: 3
overrideResidualLikelihoodBystring

The unique identifier of the user who overrode the residual likelihood

Example: "ac57e976-69ab-12ab-b991-1284f382c88a"
overrideResidualLikelihoodOnstring(date-time)

The date when the residual likelihood was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualImpactboolean

Flag indicating whether the residual impact has been overridden from the calculated value

Example: "true"
residualImpactLevelinteger

The user-overridden residual impact level of the risk. Index notation (0-based)

Example: 2
overrideResidualImpactBystring

The unique identifier of the user who overrode the residual impact

Example: "ac57e976-69ab-11ed-b991-1284f382c88d"
overrideResidualImpactOnstring(date-time)

The date when the residual impact was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
actualLikelihoodnumber(double)

The residual likelihood value for the risk after applying the mitigation from linked controls and accounting for the controls' health to likelihoodValue. If overridden, calculated using residualLikelihoodLevel and customRiskScales

Example: 8
actualImpactnumber(double)

The residual impact value for the risk after applying the mitigation from linked controls and accounting for the controls' health to impactValue. If overridden, calculated using residualImpactLevel and customRiskScales

Example: 5
desiredResidualRisknumber(double)

The calculated risk value after applying the mitigation from linked controls to the inherent risk value

Example: 16
calculatedActualResidualRisknumber(double)

The desiredResidualRisk accounting for the health of the mitigating controls

Example: 15
actualResidualRisknumber(double)

The calculatedActualResidualRisk value unless overridden by the actualRisk value

Example: 12
customRiskScalesobject(CustomRiskScales)

Custom risk scales defined for the risk register the risk belongs to

Example: {"likelihood":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"impact":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"inherentRisk":[{"name":"Very Low","value":1,"color":"#EDF9F2","inherentRiskThreshold":1},{"name":"Low","value":2,"color":"#91D4BC","inherentRiskThreshold":10},{"name":"Moderate","value":5,"color":"#FFB75D","inherentRiskThreshold":40},{"name":"High","value":8,"color":"#FF8C00","inherentRiskThreshold":64},{"name":"Very High","value":10,"color":"#C2533B","inherentRiskThreshold":100}]}
customFieldsArray of objects(CustomFieldObjectValue)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","fieldName":"Sponsor","fieldType":"text","textValue":"John Smith"}]
statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
createdBystring

The unique identifier of the user who created the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
createdOnstring(date-time)

The date the risk was created (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
updatedBystring

The unique identifier of the user who last updated the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
updatedOnstring(date-time)

The date the risk was updated (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
permissionsArray of strings

List of permissions the API user has on the risk

Example: []
]
Response
application/json
[
  {
    "id": "d88d505d-5199-11ee-a644-522476618ae8",
    "orgId": "ce83e3cd-5199-11ee-a644-522476618ae8",
    "riskIdentifier": "FGSC-RA1",
    "riskRegisterId": "9f25da4f-1532-11ee-a87d-8e36b9d27de7",
    "name": "Free Gas Safety Checks not provided in a complete and timely manner",
    "description": "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs.",
    "category": "Controls Program - Customer Operations",
    "response": "accept",
    "responseRationale": "accepted",
    "likelihoodLevel": 1,
    "likelihoodRationale": "security",
    "impactLevel": 1,
    "impactRationale": "cyber",
    "notes": "Reviewed by our internal team",
    "ownerId": "ce83e3cd-5199-11ee-a644-522476618aek",
    "toleranceLevel": 1,
    "overrideActualRisk": false,
    "overrideActualRiskReason": "low",
    "overrideActualRiskBy": "ac57e976-69ab-11ed-b991-1284f382c88o",
    "overrideActualRiskOn": "2023-08-10T20:27:32.8901160+00:00",
    "actualRisk": 4,
    "overrideResidualLikelihood": false,
    "residualLikelihoodLevel": 3,
    "overrideResidualLikelihoodBy": "ac57e976-69ab-12ab-b991-1284f382c88a",
    "overrideResidualLikelihoodOn": "2023-08-10T20:27:32.8901160+00:00",
    "overrideResidualImpact": true,
    "residualImpactLevel": 2,
    "overrideResidualImpactBy": "ac57e976-69ab-11ed-b991-1284f382c88d",
    "overrideResidualImpactOn": "2023-08-10T20:27:32.8901160+00:00",
    "customFields": [],
    "status": "active",
    "createdBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
    "createdOn": "2023-09-12T18:26:10.0053650+00:00",
    "updatedBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
    "updatedOn": "2023-09-12T18:26:10.0053650+00:00",
    "permissions": []
  }
]

Add Risk

Request

POST /

Description

Creates a new risk within an organization, capturing details such as title, description, category, and severity for risk management.

Security
oauth2
Bodyapplication/json
riskRegisterIdstringrequired

The unique identifier for the risk register which the risk will belong to. If the intake risk register is provided, the risk will be created as a proposed risk.

Example: "23b806fb-bad2-4f7a-b8d1-ac1177909992"
riskIdentifierstringrequired

A human readable unique identifier for the risk

Example: "RA-5"
namestring

Name of the risk

Example: "Gas Risk"
descriptionstringrequired

Description of the risk

Example: "Risks of gas and electricity"
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

Example: 1
likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

Example: "security"
impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

Example: 2
impactRationalestring

The reasoning for the inherent impact level of the risk

Example: "cyber"
toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

ownerIdstringrequired

The unique identifier for the user who will be the owner of the risk

Example: "23b806db-bad2-4f7a-b8d1-ac117790999b"
groupIdstring

The unique identifier of the group assigned to the risk

Example: "12ab806f-bad2-4f7a-b8d1-ac117790999a"
customFieldsArray of objects(CustomFieldObjectValuePatch)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","textValue":"Antonio Moreno"}]
curl -i -X POST \
  https://developer.hyperproof.app/_mock/hyperproof-api/risks/risks.openapi/ \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "riskRegisterId": "23b806fb-bad2-4f7a-b8d1-ac1177909992",
    "riskIdentifier": "RA-5",
    "name": "Gas Risk",
    "description": "Risks of gas and electricity",
    "category": "Controls Program - Customer Operations",
    "response": "accept",
    "likelihoodLevel": 1,
    "likelihoodRationale": "security",
    "impactLevel": 1,
    "impactRationale": "cyber",
    "toleranceLevel": 1,
    "ownerId": "23b806db-bad2-4f7a-b8d1-ac117790999b",
    "customFields": [
      {
        "fieldId": "ceb912ab-519b-11ee-a644-522476618ae8",
        "textValue": "Antonio Moreno"
      }
    ]
  }'

Responses

Success.

Bodyapplication/json
idstring(uuid)

The unique identifier for the risk

Example: "d88d505d-5199-11ee-a644-522476618ae8"
orgIdstring(uuid)

The unique identifier for the organization

Example: "ce83e3cd-5199-11ee-a644-522476618ae8"
riskIdentifierstring

Human readable unique identifier for the risk within the organization

Example: "FGSC-RA1"
riskRegisterIdstring(uuid)

The unique identifier for the risk register which the risk belongs to

Example: "9f25da4f-1532-11ee-a87d-8e36b9d27de7"
namestring

Name of the risk

Example: "Free Gas Safety Checks not provided in a complete and timely manner"
descriptionstring

Description of the risk

Example: "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs."
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
healthstring

Current health status of the risk

Enum"healthy""atRisk""critical"
Example: "atRisk"
responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
responseRationalestring

Reasoning for the selected risk response

Example: "accepted"
riskStagestring(RiskStage)

The current stage of the risk

Enum"proposed""evaluating""approved""operating"
notesstring

Additional notes about the risk

Example: "Reviewed by our internal team"
ownerIdstring(uuid)

The unique identifier for the user who is the owner of the risk

Example: "ce83e3cd-5199-11ee-a644-522476618aek"
groupIdstring(uuid)

The unique identifier of the group assigned to the risk

Example: "d2363cab-5199-11ee-a644-522476618ae8"
riskReporterIdstring(uuid)

The unique identifier for the hyperproof user or external contact who reported the risk

Example: "ce83e3cd-5484-11ee-12b6-522476618ae9"
riskReporterTypestring

The type of person who reported the risk

Enum"user""externalContact"
Example: "externalContact"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

Example: 1
likelihoodValueinteger

The user-assigned value for the inherent likelihood scale for the risk, determined from likelihoodLevel and customRiskScales

Example: 2
likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

Example: "security"
impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

Example: 2
impactRationalestring

The reasoning for the inherent impact level of the risk

Example: "cyber"
impactValueinteger

The user-assigned value of inherent impact scale for the risk, determined from impactLevel and customRiskScales

Example: 5
inherentRiskinteger

The inherent risk value for the risk, calculated as likelihoodValue x impactValue

Example: 10
toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

Example: 1
actualRiskinteger

The user-overridden residual risk value for the risk

Example: 4
overrideActualRiskboolean

Flag indicating whether the actual residual risk has been overridden from the calculated value

Example: "false"
overrideActualRiskReasonstring

The reasoning for overriding the residual risk

Example: "low"
overrideActualRiskBystring

The unique identifier of the user who overrode the residual risk

Example: "ac57e976-69ab-11ed-b991-1284f382c88o"
overrideActualRiskOnstring(date-time)

The date when the residual risk was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualLikelihoodboolean

Flag indicating whether the residual likelihood has been overridden from the calculated value

Example: "false"
residualLikelihoodLevelinteger

The user-overridden residual likelihood level of the risk. Index notation (0-based)

Example: 3
overrideResidualLikelihoodBystring

The unique identifier of the user who overrode the residual likelihood

Example: "ac57e976-69ab-12ab-b991-1284f382c88a"
overrideResidualLikelihoodOnstring(date-time)

The date when the residual likelihood was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualImpactboolean

Flag indicating whether the residual impact has been overridden from the calculated value

Example: "true"
residualImpactLevelinteger

The user-overridden residual impact level of the risk. Index notation (0-based)

Example: 2
overrideResidualImpactBystring

The unique identifier of the user who overrode the residual impact

Example: "ac57e976-69ab-11ed-b991-1284f382c88d"
overrideResidualImpactOnstring(date-time)

The date when the residual impact was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
actualLikelihoodnumber(double)

The residual likelihood value for the risk after applying the mitigation from linked controls and accounting for the controls' health to likelihoodValue. If overridden, calculated using residualLikelihoodLevel and customRiskScales

Example: 8
actualImpactnumber(double)

The residual impact value for the risk after applying the mitigation from linked controls and accounting for the controls' health to impactValue. If overridden, calculated using residualImpactLevel and customRiskScales

Example: 5
desiredResidualRisknumber(double)

The calculated risk value after applying the mitigation from linked controls to the inherent risk value

Example: 16
calculatedActualResidualRisknumber(double)

The desiredResidualRisk accounting for the health of the mitigating controls

Example: 15
actualResidualRisknumber(double)

The calculatedActualResidualRisk value unless overridden by the actualRisk value

Example: 12
customRiskScalesobject(CustomRiskScales)

Custom risk scales defined for the risk register the risk belongs to

Example: {"likelihood":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"impact":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"inherentRisk":[{"name":"Very Low","value":1,"color":"#EDF9F2","inherentRiskThreshold":1},{"name":"Low","value":2,"color":"#91D4BC","inherentRiskThreshold":10},{"name":"Moderate","value":5,"color":"#FFB75D","inherentRiskThreshold":40},{"name":"High","value":8,"color":"#FF8C00","inherentRiskThreshold":64},{"name":"Very High","value":10,"color":"#C2533B","inherentRiskThreshold":100}]}
customFieldsArray of objects(CustomFieldObjectValue)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","fieldName":"Sponsor","fieldType":"text","textValue":"John Smith"}]
statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
createdBystring

The unique identifier of the user who created the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
createdOnstring(date-time)

The date the risk was created (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
updatedBystring

The unique identifier of the user who last updated the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
updatedOnstring(date-time)

The date the risk was updated (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
permissionsArray of strings

List of permissions the API user has on the risk

Example: []
Response
application/json
{
  "id": "d88d505d-5199-11ee-a644-522476618ae8",
  "orgId": "ce83e3cd-5199-11ee-a644-522476618ae8",
  "riskIdentifier": "FGSC-RA1",
  "riskRegisterId": "9f25da4f-1532-11ee-a87d-8e36b9d27de7",
  "name": "Free Gas Safety Checks not provided in a complete and timely manner",
  "description": "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs.",
  "category": "Controls Program - Customer Operations",
  "response": "accept",
  "responseRationale": "accepted",
  "likelihoodLevel": 1,
  "likelihoodRationale": "security",
  "impactLevel": 1,
  "impactRationale": "cyber",
  "notes": "Reviewed by our internal team",
  "ownerId": "ce83e3cd-5199-11ee-a644-522476618aek",
  "toleranceLevel": 1,
  "overrideActualRisk": false,
  "overrideActualRiskReason": "low",
  "overrideActualRiskBy": "ac57e976-69ab-11ed-b991-1284f382c88o",
  "overrideActualRiskOn": "2023-08-10T20:27:32.8901160+00:00",
  "actualRisk": 4,
  "overrideResidualLikelihood": false,
  "residualLikelihoodLevel": 3,
  "overrideResidualLikelihoodBy": "ac57e976-69ab-12ab-b991-1284f382c88a",
  "overrideResidualLikelihoodOn": "2023-08-10T20:27:32.8901160+00:00",
  "overrideResidualImpact": true,
  "residualImpactLevel": 2,
  "overrideResidualImpactBy": "ac57e976-69ab-11ed-b991-1284f382c88d",
  "overrideResidualImpactOn": "2023-08-10T20:27:32.8901160+00:00",
  "customFields": [
    {}
  ],
  "status": "active",
  "createdBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
  "createdOn": "2023-09-12T18:26:10.0053650+00:00",
  "updatedBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
  "updatedOn": "2023-09-12T18:26:10.0053650+00:00",
  "permissions": []
}

Get Risks Filtered

Request

PUT /risks/filter

Description

Retrieves a list of risks that match the specified filter criteria, such as category, status, likelihood, or owner.

Security
oauth2
Query
expandstring

Comma separated list of fields to expand. Supported values: linkedControls.

Bodyapplication/json
riskIdsArray of strings

List of unique identifiers for risks to return

Example: ["23b806db-bad2-4f7a-b8d1-ac1177909992","23b402db-bad2-4f7a-b8d1-ac1177909992"]
modifiedAfterstring(date-time)

Return only risks modified after this date (ISO-8601 format)

Example: "2020-12-17T20:00:00Z"
statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
riskStagestring(RiskStage)

The current stage of the risk

Enum"proposed""evaluating""approved""operating"
curl -i -X PUT \
  'https://developer.hyperproof.app/_mock/hyperproof-api/risks/risks.openapi/filter?expand=string' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "riskIds": [
      "23b806db-bad2-4f7a-b8d1-ac1177909992",
      "23b402db-bad2-4f7a-b8d1-ac1177909992"
    ],
    "modifiedAfter": "2020-12-17T20:00:00.0000000+00:00",
    "status": "active"
  }'

Responses

Success.

Bodyapplication/jsonArray [
idstring(uuid)

The unique identifier for the risk

Example: "d88d505d-5199-11ee-a644-522476618ae8"
orgIdstring(uuid)

The unique identifier for the organization

Example: "ce83e3cd-5199-11ee-a644-522476618ae8"
riskIdentifierstring

Human readable unique identifier for the risk within the organization

Example: "FGSC-RA1"
riskRegisterIdstring(uuid)

The unique identifier for the risk register which the risk belongs to

Example: "9f25da4f-1532-11ee-a87d-8e36b9d27de7"
namestring

Name of the risk

Example: "Free Gas Safety Checks not provided in a complete and timely manner"
descriptionstring

Description of the risk

Example: "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs."
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
healthstring

Current health status of the risk

Enum"healthy""atRisk""critical"
Example: "atRisk"
responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
responseRationalestring

Reasoning for the selected risk response

Example: "accepted"
riskStagestring(RiskStage)

The current stage of the risk

Enum"proposed""evaluating""approved""operating"
notesstring

Additional notes about the risk

Example: "Reviewed by our internal team"
ownerIdstring(uuid)

The unique identifier for the user who is the owner of the risk

Example: "ce83e3cd-5199-11ee-a644-522476618aek"
groupIdstring(uuid)

The unique identifier of the group assigned to the risk

Example: "d2363cab-5199-11ee-a644-522476618ae8"
riskReporterIdstring(uuid)

The unique identifier for the hyperproof user or external contact who reported the risk

Example: "ce83e3cd-5484-11ee-12b6-522476618ae9"
riskReporterTypestring

The type of person who reported the risk

Enum"user""externalContact"
Example: "externalContact"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

Example: 1
likelihoodValueinteger

The user-assigned value for the inherent likelihood scale for the risk, determined from likelihoodLevel and customRiskScales

Example: 2
likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

Example: "security"
impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

Example: 2
impactRationalestring

The reasoning for the inherent impact level of the risk

Example: "cyber"
impactValueinteger

The user-assigned value of inherent impact scale for the risk, determined from impactLevel and customRiskScales

Example: 5
inherentRiskinteger

The inherent risk value for the risk, calculated as likelihoodValue x impactValue

Example: 10
toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

Example: 1
actualRiskinteger

The user-overridden residual risk value for the risk

Example: 4
overrideActualRiskboolean

Flag indicating whether the actual residual risk has been overridden from the calculated value

Example: "false"
overrideActualRiskReasonstring

The reasoning for overriding the residual risk

Example: "low"
overrideActualRiskBystring

The unique identifier of the user who overrode the residual risk

Example: "ac57e976-69ab-11ed-b991-1284f382c88o"
overrideActualRiskOnstring(date-time)

The date when the residual risk was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualLikelihoodboolean

Flag indicating whether the residual likelihood has been overridden from the calculated value

Example: "false"
residualLikelihoodLevelinteger

The user-overridden residual likelihood level of the risk. Index notation (0-based)

Example: 3
overrideResidualLikelihoodBystring

The unique identifier of the user who overrode the residual likelihood

Example: "ac57e976-69ab-12ab-b991-1284f382c88a"
overrideResidualLikelihoodOnstring(date-time)

The date when the residual likelihood was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualImpactboolean

Flag indicating whether the residual impact has been overridden from the calculated value

Example: "true"
residualImpactLevelinteger

The user-overridden residual impact level of the risk. Index notation (0-based)

Example: 2
overrideResidualImpactBystring

The unique identifier of the user who overrode the residual impact

Example: "ac57e976-69ab-11ed-b991-1284f382c88d"
overrideResidualImpactOnstring(date-time)

The date when the residual impact was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
actualLikelihoodnumber(double)

The residual likelihood value for the risk after applying the mitigation from linked controls and accounting for the controls' health to likelihoodValue. If overridden, calculated using residualLikelihoodLevel and customRiskScales

Example: 8
actualImpactnumber(double)

The residual impact value for the risk after applying the mitigation from linked controls and accounting for the controls' health to impactValue. If overridden, calculated using residualImpactLevel and customRiskScales

Example: 5
desiredResidualRisknumber(double)

The calculated risk value after applying the mitigation from linked controls to the inherent risk value

Example: 16
calculatedActualResidualRisknumber(double)

The desiredResidualRisk accounting for the health of the mitigating controls

Example: 15
actualResidualRisknumber(double)

The calculatedActualResidualRisk value unless overridden by the actualRisk value

Example: 12
customRiskScalesobject(CustomRiskScales)

Custom risk scales defined for the risk register the risk belongs to

Example: {"likelihood":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"impact":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"inherentRisk":[{"name":"Very Low","value":1,"color":"#EDF9F2","inherentRiskThreshold":1},{"name":"Low","value":2,"color":"#91D4BC","inherentRiskThreshold":10},{"name":"Moderate","value":5,"color":"#FFB75D","inherentRiskThreshold":40},{"name":"High","value":8,"color":"#FF8C00","inherentRiskThreshold":64},{"name":"Very High","value":10,"color":"#C2533B","inherentRiskThreshold":100}]}
customFieldsArray of objects(CustomFieldObjectValue)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","fieldName":"Sponsor","fieldType":"text","textValue":"John Smith"}]
statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
createdBystring

The unique identifier of the user who created the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
createdOnstring(date-time)

The date the risk was created (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
updatedBystring

The unique identifier of the user who last updated the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
updatedOnstring(date-time)

The date the risk was updated (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
permissionsArray of strings

List of permissions the API user has on the risk

Example: []
]
Response
application/json
[
  {
    "id": "d88d505d-5199-11ee-a644-522476618ae8",
    "orgId": "ce83e3cd-5199-11ee-a644-522476618ae8",
    "riskIdentifier": "FGSC-RA1",
    "riskRegisterId": "9f25da4f-1532-11ee-a87d-8e36b9d27de7",
    "name": "Free Gas Safety Checks not provided in a complete and timely manner",
    "description": "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs.",
    "category": "Controls Program - Customer Operations",
    "response": "accept",
    "responseRationale": "accepted",
    "likelihoodLevel": 1,
    "likelihoodRationale": "security",
    "impactLevel": 1,
    "impactRationale": "cyber",
    "notes": "Reviewed by our internal team",
    "ownerId": "ce83e3cd-5199-11ee-a644-522476618aek",
    "toleranceLevel": 1,
    "overrideActualRisk": false,
    "overrideActualRiskReason": "low",
    "overrideActualRiskBy": "ac57e976-69ab-11ed-b991-1284f382c88o",
    "overrideActualRiskOn": "2023-08-10T20:27:32.8901160+00:00",
    "actualRisk": 4,
    "overrideResidualLikelihood": false,
    "residualLikelihoodLevel": 3,
    "overrideResidualLikelihoodBy": "ac57e976-69ab-12ab-b991-1284f382c88a",
    "overrideResidualLikelihoodOn": "2023-08-10T20:27:32.8901160+00:00",
    "overrideResidualImpact": true,
    "residualImpactLevel": 2,
    "overrideResidualImpactBy": "ac57e976-69ab-11ed-b991-1284f382c88d",
    "overrideResidualImpactOn": "2023-08-10T20:27:32.8901160+00:00",
    "customFields": [],
    "status": "active",
    "createdBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
    "createdOn": "2023-09-12T18:26:10.0053650+00:00",
    "updatedBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
    "updatedOn": "2023-09-12T18:26:10.0053650+00:00",
    "permissions": []
  }
]

Get Risk

Request

GET /{riskId}

Description

Retrieves details of a specific risk in an organization by its ID, including its description, category, likelihood, and impact.

Security
oauth2
Path
riskIdstringrequired

Unique ID of the risk.

Query
expandstring

Comma separated list of fields to expand. Supported values: linkedControls.

curl -i -X GET \
  'https://developer.hyperproof.app/_mock/hyperproof-api/risks/risks.openapi/{riskId}?expand=string' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Success.

Bodyapplication/json
idstring(uuid)

The unique identifier for the risk

Example: "d88d505d-5199-11ee-a644-522476618ae8"
orgIdstring(uuid)

The unique identifier for the organization

Example: "ce83e3cd-5199-11ee-a644-522476618ae8"
riskIdentifierstring

Human readable unique identifier for the risk within the organization

Example: "FGSC-RA1"
riskRegisterIdstring(uuid)

The unique identifier for the risk register which the risk belongs to

Example: "9f25da4f-1532-11ee-a87d-8e36b9d27de7"
namestring

Name of the risk

Example: "Free Gas Safety Checks not provided in a complete and timely manner"
descriptionstring

Description of the risk

Example: "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs."
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
healthstring

Current health status of the risk

Enum"healthy""atRisk""critical"
Example: "atRisk"
responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
responseRationalestring

Reasoning for the selected risk response

Example: "accepted"
riskStagestring(RiskStage)

The current stage of the risk

Enum"proposed""evaluating""approved""operating"
notesstring

Additional notes about the risk

Example: "Reviewed by our internal team"
ownerIdstring(uuid)

The unique identifier for the user who is the owner of the risk

Example: "ce83e3cd-5199-11ee-a644-522476618aek"
groupIdstring(uuid)

The unique identifier of the group assigned to the risk

Example: "d2363cab-5199-11ee-a644-522476618ae8"
riskReporterIdstring(uuid)

The unique identifier for the hyperproof user or external contact who reported the risk

Example: "ce83e3cd-5484-11ee-12b6-522476618ae9"
riskReporterTypestring

The type of person who reported the risk

Enum"user""externalContact"
Example: "externalContact"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

Example: 1
likelihoodValueinteger

The user-assigned value for the inherent likelihood scale for the risk, determined from likelihoodLevel and customRiskScales

Example: 2
likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

Example: "security"
impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

Example: 2
impactRationalestring

The reasoning for the inherent impact level of the risk

Example: "cyber"
impactValueinteger

The user-assigned value of inherent impact scale for the risk, determined from impactLevel and customRiskScales

Example: 5
inherentRiskinteger

The inherent risk value for the risk, calculated as likelihoodValue x impactValue

Example: 10
toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

Example: 1
actualRiskinteger

The user-overridden residual risk value for the risk

Example: 4
overrideActualRiskboolean

Flag indicating whether the actual residual risk has been overridden from the calculated value

Example: "false"
overrideActualRiskReasonstring

The reasoning for overriding the residual risk

Example: "low"
overrideActualRiskBystring

The unique identifier of the user who overrode the residual risk

Example: "ac57e976-69ab-11ed-b991-1284f382c88o"
overrideActualRiskOnstring(date-time)

The date when the residual risk was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualLikelihoodboolean

Flag indicating whether the residual likelihood has been overridden from the calculated value

Example: "false"
residualLikelihoodLevelinteger

The user-overridden residual likelihood level of the risk. Index notation (0-based)

Example: 3
overrideResidualLikelihoodBystring

The unique identifier of the user who overrode the residual likelihood

Example: "ac57e976-69ab-12ab-b991-1284f382c88a"
overrideResidualLikelihoodOnstring(date-time)

The date when the residual likelihood was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualImpactboolean

Flag indicating whether the residual impact has been overridden from the calculated value

Example: "true"
residualImpactLevelinteger

The user-overridden residual impact level of the risk. Index notation (0-based)

Example: 2
overrideResidualImpactBystring

The unique identifier of the user who overrode the residual impact

Example: "ac57e976-69ab-11ed-b991-1284f382c88d"
overrideResidualImpactOnstring(date-time)

The date when the residual impact was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
actualLikelihoodnumber(double)

The residual likelihood value for the risk after applying the mitigation from linked controls and accounting for the controls' health to likelihoodValue. If overridden, calculated using residualLikelihoodLevel and customRiskScales

Example: 8
actualImpactnumber(double)

The residual impact value for the risk after applying the mitigation from linked controls and accounting for the controls' health to impactValue. If overridden, calculated using residualImpactLevel and customRiskScales

Example: 5
desiredResidualRisknumber(double)

The calculated risk value after applying the mitigation from linked controls to the inherent risk value

Example: 16
calculatedActualResidualRisknumber(double)

The desiredResidualRisk accounting for the health of the mitigating controls

Example: 15
actualResidualRisknumber(double)

The calculatedActualResidualRisk value unless overridden by the actualRisk value

Example: 12
customRiskScalesobject(CustomRiskScales)

Custom risk scales defined for the risk register the risk belongs to

Example: {"likelihood":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"impact":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"inherentRisk":[{"name":"Very Low","value":1,"color":"#EDF9F2","inherentRiskThreshold":1},{"name":"Low","value":2,"color":"#91D4BC","inherentRiskThreshold":10},{"name":"Moderate","value":5,"color":"#FFB75D","inherentRiskThreshold":40},{"name":"High","value":8,"color":"#FF8C00","inherentRiskThreshold":64},{"name":"Very High","value":10,"color":"#C2533B","inherentRiskThreshold":100}]}
customFieldsArray of objects(CustomFieldObjectValue)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","fieldName":"Sponsor","fieldType":"text","textValue":"John Smith"}]
statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
createdBystring

The unique identifier of the user who created the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
createdOnstring(date-time)

The date the risk was created (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
updatedBystring

The unique identifier of the user who last updated the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
updatedOnstring(date-time)

The date the risk was updated (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
permissionsArray of strings

List of permissions the API user has on the risk

Example: []
Response
application/json
{
  "id": "d88d505d-5199-11ee-a644-522476618ae8",
  "orgId": "ce83e3cd-5199-11ee-a644-522476618ae8",
  "riskIdentifier": "FGSC-RA1",
  "riskRegisterId": "9f25da4f-1532-11ee-a87d-8e36b9d27de7",
  "name": "Free Gas Safety Checks not provided in a complete and timely manner",
  "description": "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs.",
  "category": "Controls Program - Customer Operations",
  "response": "accept",
  "responseRationale": "accepted",
  "likelihoodLevel": 1,
  "likelihoodRationale": "security",
  "impactLevel": 1,
  "impactRationale": "cyber",
  "notes": "Reviewed by our internal team",
  "ownerId": "ce83e3cd-5199-11ee-a644-522476618aek",
  "toleranceLevel": 1,
  "overrideActualRisk": false,
  "overrideActualRiskReason": "low",
  "overrideActualRiskBy": "ac57e976-69ab-11ed-b991-1284f382c88o",
  "overrideActualRiskOn": "2023-08-10T20:27:32.8901160+00:00",
  "actualRisk": 4,
  "overrideResidualLikelihood": false,
  "residualLikelihoodLevel": 3,
  "overrideResidualLikelihoodBy": "ac57e976-69ab-12ab-b991-1284f382c88a",
  "overrideResidualLikelihoodOn": "2023-08-10T20:27:32.8901160+00:00",
  "overrideResidualImpact": true,
  "residualImpactLevel": 2,
  "overrideResidualImpactBy": "ac57e976-69ab-11ed-b991-1284f382c88d",
  "overrideResidualImpactOn": "2023-08-10T20:27:32.8901160+00:00",
  "customFields": [
    {}
  ],
  "status": "active",
  "createdBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
  "createdOn": "2023-09-12T18:26:10.0053650+00:00",
  "updatedBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
  "updatedOn": "2023-09-12T18:26:10.0053650+00:00",
  "permissions": []
}

Update Risk

Request

PATCH /{riskId}

Description

Updates an existing risk with new values, allowing modifications to its attributes such as description, status, likelihood, or impact.

Security
oauth2
Path
riskIdstringrequired

Unique ID of the risk to update.

Bodyapplication/json
riskIdentifierstring

A human readable unique identifier for the risk

Example: "RA-5"
namestring

Name of the risk

Example: "Gas Risk"
descriptionstring

Description of the risk

Example: "Risks of gas and electricity"
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
ownerIdstring

The unique identifier for the user who will be the owner of the risk

Example: "23b806db-bad2-4f7a-b8d1-ac117790999b"
groupIdstring

The unique identifier of the group assigned to the risk. If set, clearGroupId must not be set

clearGroupIdboolean

Clears the group Unique identifier if true. If set, groupId must not be set

responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

impactRationalestring

The reasoning for the inherent impact level of the risk

toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

clearCategoryboolean

Clears the category if 'true'. If set, category must not be set

clearLikelihoodLevelboolean

Clears the likelihood level if 'true'. If set, likelihoodLevel must not be set

clearImpactLevelboolean

Clears the impact level if 'true'. If set, impactLevel must not be set

clearToleranceLevelboolean

Clears the tolerance level if 'true'. If set, toleranceLevel must not be set

statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
customFieldsArray of objects(CustomFieldObjectValuePatch)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","textValue":"Antonio Moreno"}]
curl -i -X PATCH \
  'https://developer.hyperproof.app/_mock/hyperproof-api/risks/risks.openapi/{riskId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "riskRegisterId": "23b806fb-bad2-4f7a-b8d1-ac1177909992",
    "riskIdentifier": "RA-5",
    "name": "Gas Risk",
    "description": "Risks of gas and electricity",
    "category": "Controls Program - Customer Operations",
    "response": "accept",
    "ownerId": "23b806db-bad2-4f7a-b8d1-ac117790999b",
    "status": "archived",
    "customFields": [
      {
        "fieldId": "ceb912ab-519b-11ee-a644-522476618ae8",
        "textValue": "Antonio Moreno"
      }
    ]
  }'

Responses

Success.

Bodyapplication/json
idstring(uuid)

The unique identifier for the risk

Example: "d88d505d-5199-11ee-a644-522476618ae8"
orgIdstring(uuid)

The unique identifier for the organization

Example: "ce83e3cd-5199-11ee-a644-522476618ae8"
riskIdentifierstring

Human readable unique identifier for the risk within the organization

Example: "FGSC-RA1"
riskRegisterIdstring(uuid)

The unique identifier for the risk register which the risk belongs to

Example: "9f25da4f-1532-11ee-a87d-8e36b9d27de7"
namestring

Name of the risk

Example: "Free Gas Safety Checks not provided in a complete and timely manner"
descriptionstring

Description of the risk

Example: "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs."
categorystring

Category of the risk

Example: "Controls Program - Customer Operations"
healthstring

Current health status of the risk

Enum"healthy""atRisk""critical"
Example: "atRisk"
responsestring(RiskResponse)

The response to the risk

Enum"mitigate""accept""transfer""avoid""notSet"
responseRationalestring

Reasoning for the selected risk response

Example: "accepted"
riskStagestring(RiskStage)

The current stage of the risk

Enum"proposed""evaluating""approved""operating"
notesstring

Additional notes about the risk

Example: "Reviewed by our internal team"
ownerIdstring(uuid)

The unique identifier for the user who is the owner of the risk

Example: "ce83e3cd-5199-11ee-a644-522476618aek"
groupIdstring(uuid)

The unique identifier of the group assigned to the risk

Example: "d2363cab-5199-11ee-a644-522476618ae8"
riskReporterIdstring(uuid)

The unique identifier for the hyperproof user or external contact who reported the risk

Example: "ce83e3cd-5484-11ee-12b6-522476618ae9"
riskReporterTypestring

The type of person who reported the risk

Enum"user""externalContact"
Example: "externalContact"
likelihoodLevelinteger

The inherent likelihood level of the risk. Index notation (0-based)

Example: 1
likelihoodValueinteger

The user-assigned value for the inherent likelihood scale for the risk, determined from likelihoodLevel and customRiskScales

Example: 2
likelihoodRationalestring

The reasoning for the inherent likelihood level of the risk

Example: "security"
impactLevelinteger

The inherent impact level of the risk. Index notation (0-based)

Example: 2
impactRationalestring

The reasoning for the inherent impact level of the risk

Example: "cyber"
impactValueinteger

The user-assigned value of inherent impact scale for the risk, determined from impactLevel and customRiskScales

Example: 5
inherentRiskinteger

The inherent risk value for the risk, calculated as likelihoodValue x impactValue

Example: 10
toleranceLevelinteger

The tolerance level for the risk. Index notation (0-based)

Example: 1
actualRiskinteger

The user-overridden residual risk value for the risk

Example: 4
overrideActualRiskboolean

Flag indicating whether the actual residual risk has been overridden from the calculated value

Example: "false"
overrideActualRiskReasonstring

The reasoning for overriding the residual risk

Example: "low"
overrideActualRiskBystring

The unique identifier of the user who overrode the residual risk

Example: "ac57e976-69ab-11ed-b991-1284f382c88o"
overrideActualRiskOnstring(date-time)

The date when the residual risk was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualLikelihoodboolean

Flag indicating whether the residual likelihood has been overridden from the calculated value

Example: "false"
residualLikelihoodLevelinteger

The user-overridden residual likelihood level of the risk. Index notation (0-based)

Example: 3
overrideResidualLikelihoodBystring

The unique identifier of the user who overrode the residual likelihood

Example: "ac57e976-69ab-12ab-b991-1284f382c88a"
overrideResidualLikelihoodOnstring(date-time)

The date when the residual likelihood was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
overrideResidualImpactboolean

Flag indicating whether the residual impact has been overridden from the calculated value

Example: "true"
residualImpactLevelinteger

The user-overridden residual impact level of the risk. Index notation (0-based)

Example: 2
overrideResidualImpactBystring

The unique identifier of the user who overrode the residual impact

Example: "ac57e976-69ab-11ed-b991-1284f382c88d"
overrideResidualImpactOnstring(date-time)

The date when the residual impact was overridden (ISO-8601 format)

Example: "2023-08-10 20:27:32.890116+00"
actualLikelihoodnumber(double)

The residual likelihood value for the risk after applying the mitigation from linked controls and accounting for the controls' health to likelihoodValue. If overridden, calculated using residualLikelihoodLevel and customRiskScales

Example: 8
actualImpactnumber(double)

The residual impact value for the risk after applying the mitigation from linked controls and accounting for the controls' health to impactValue. If overridden, calculated using residualImpactLevel and customRiskScales

Example: 5
desiredResidualRisknumber(double)

The calculated risk value after applying the mitigation from linked controls to the inherent risk value

Example: 16
calculatedActualResidualRisknumber(double)

The desiredResidualRisk accounting for the health of the mitigating controls

Example: 15
actualResidualRisknumber(double)

The calculatedActualResidualRisk value unless overridden by the actualRisk value

Example: 12
customRiskScalesobject(CustomRiskScales)

Custom risk scales defined for the risk register the risk belongs to

Example: {"likelihood":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"impact":[{"name":"Very Low","value":1,"color":"#EDF9F2"},{"name":"Low","value":2,"color":"#91D4BC"},{"name":"Moderate","value":5,"color":"#FFB75D"},{"name":"High","value":8,"color":"#FF8C00"},{"name":"Very High","value":10,"color":"#C2533B"}],"inherentRisk":[{"name":"Very Low","value":1,"color":"#EDF9F2","inherentRiskThreshold":1},{"name":"Low","value":2,"color":"#91D4BC","inherentRiskThreshold":10},{"name":"Moderate","value":5,"color":"#FFB75D","inherentRiskThreshold":40},{"name":"High","value":8,"color":"#FF8C00","inherentRiskThreshold":64},{"name":"Very High","value":10,"color":"#C2533B","inherentRiskThreshold":100}]}
customFieldsArray of objects(CustomFieldObjectValue)
Example: [{"fieldId":"ceb912ab-519b-11ee-a644-522476618ae8","fieldName":"Sponsor","fieldType":"text","textValue":"John Smith"}]
statusstring(ObjectStatus)

The status of the object

Enum"active""archived"
createdBystring

The unique identifier of the user who created the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
createdOnstring(date-time)

The date the risk was created (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
updatedBystring

The unique identifier of the user who last updated the risk

Example: "82d7c228-8bcd-11e9-a94b-ab3de8494987"
updatedOnstring(date-time)

The date the risk was updated (ISO-8601 format)

Example: "2023-09-12T18:26:10.005365Z"
permissionsArray of strings

List of permissions the API user has on the risk

Example: []
Response
application/json
{
  "id": "d88d505d-5199-11ee-a644-522476618ae8",
  "orgId": "ce83e3cd-5199-11ee-a644-522476618ae8",
  "riskIdentifier": "FGSC-RA1",
  "riskRegisterId": "9f25da4f-1532-11ee-a87d-8e36b9d27de7",
  "name": "Free Gas Safety Checks not provided in a complete and timely manner",
  "description": "Requests from eligible customers for a Free Gas Safety Check are not actioned in an appropriate timescale leading to poor customer service, the potential for safety issues and non compliance with our SLCs.",
  "category": "Controls Program - Customer Operations",
  "response": "accept",
  "responseRationale": "accepted",
  "likelihoodLevel": 1,
  "likelihoodRationale": "security",
  "impactLevel": 1,
  "impactRationale": "cyber",
  "notes": "Reviewed by our internal team",
  "ownerId": "ce83e3cd-5199-11ee-a644-522476618aek",
  "toleranceLevel": 1,
  "overrideActualRisk": false,
  "overrideActualRiskReason": "low",
  "overrideActualRiskBy": "ac57e976-69ab-11ed-b991-1284f382c88o",
  "overrideActualRiskOn": "2023-08-10T20:27:32.8901160+00:00",
  "actualRisk": 4,
  "overrideResidualLikelihood": false,
  "residualLikelihoodLevel": 3,
  "overrideResidualLikelihoodBy": "ac57e976-69ab-12ab-b991-1284f382c88a",
  "overrideResidualLikelihoodOn": "2023-08-10T20:27:32.8901160+00:00",
  "overrideResidualImpact": true,
  "residualImpactLevel": 2,
  "overrideResidualImpactBy": "ac57e976-69ab-11ed-b991-1284f382c88d",
  "overrideResidualImpactOn": "2023-08-10T20:27:32.8901160+00:00",
  "customFields": [
    {}
  ],
  "status": "active",
  "createdBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
  "createdOn": "2023-09-12T18:26:10.0053650+00:00",
  "updatedBy": "82d7c228-8bcd-11e9-a94b-ab3de8494987",
  "updatedOn": "2023-09-12T18:26:10.0053650+00:00",
  "permissions": []
}
® 2026 Hyperproof All Rights Reserved.