<aside> ⚖️
Review and close your risks, and confirm your vendors are assessed. This is one of the final steps before your audit. Work through the Risks tab, then the Vendors tab, as below.
</aside>
Open the Risks tab. For each risk in the list:
Repeat for every risk. An auditor wants to see that each risk has been considered, has a treatment plan, and has an owner-approved status - not left open and untouched.
Open the Vendors tab and check that every vendor shows as suitably assessed - each has been reviewed with the right risk level and supporting documentation against it. Follow up on any vendor that is missing an assessment.
<aside> ✅
You are done when: every risk has a treatment plan and a reviewed status (Closed or formally accepted), and every vendor is assessed.
</aside>