RISK3YMCP-Native Risk Intelligence

How Risk3y works

From your first risk to AI-ready registers — here's how it all fits together.

01

Create a Risk Register

Start by creating a named risk register for a project, site, or business unit. You can have multiple registers — one per team, contract, or regulatory area.

  • Give the register a name and optional description
  • Choose Simple mode for a clean register, or Advanced for full bow-tie analysis
  • Invite team members with the right permissions
  • Set up your custom risk matrix or use the built-in 5×5 default
Create a Risk Register
02

Add and Rate Risks

Add individual risks with a title, description, likelihood, and consequence. Risk3y calculates the score automatically using your active risk matrix.

  • Capture consequences, scope, and knowledge for each risk
  • Advanced mode: add the top event and link threats for full bow-tie analysis
  • Assign an owner and set a next-review date
  • See the risk score label (High / Medium / Low) instantly
Add and Rate Risks
03

Record Controls

Document the controls in place for each risk. In Simple mode, record what the control is and who owns it. In Advanced mode, add control type, effectiveness rating, and bow-tie threat linkage.

  • Name and describe each control
  • Assign a control owner for accountability
  • Advanced mode: track control type and effectiveness rating
  • Advanced mode: link controls to specific threats in your bow-tie
Record Controls
04

Review and Maintain

Record formal review events against each risk. Every review creates an audit log entry with the outcome, notes, and next review date.

  • Outcomes: no change · updated · escalated · closed
  • Full review history visible on each risk
  • Dashboard reminders for overdue reviews
Review and Maintain
05

Share with Stakeholders

Generate a read-only share link for any register. Clients, auditors, and board members can view the register without needing an account.

  • One click to generate a shareable link
  • No login required for viewers
  • Revoke access at any time
Share with Stakeholders
06

Connect Your AI Tools

Use the MCP integration to connect Claude, GPT, or any MCP-compatible AI tool directly to your risk registers. Admins can read and update risks, controls, and reviews — all through a scoped API key, fully under your control.

  • Generate a secure MCP client token
  • Point your AI tool at the Risk3y MCP server
  • AI can read risks, controls, and reviews
  • Admin tokens can also create and update — nothing outside your register
Connect Your AI Tools
07

Stay Ahead with Risk Insights

Risk Insights surface regulatory intelligence directly alongside your register — so your team acts on what matters without manually monitoring regulatory updates.

  • WorkSafe prosecution alerts matched to your critical risks
  • Board-ready risk summary reports
  • Gap analysis against your current controls
  • Event and thinking prompts to drive proactive review
Stay Ahead with Risk Insights
08

Verify Critical Risks in the Field

For organisations managing critical risks in high-hazard environments, Critical Risk Verification closes the loop between register and reality. Assign competent verifiers, capture evidence on site, and track non-conformances through to closure.

  • Assign verifiers to your most serious risks
  • Capture field evidence and photos on site
  • Record non-conformances with corrective actions
  • Track verification rounds from assignment to sign-off
Verify Critical Risks in the Field

Start your free trial today.

14 days free. No credit card required.

Get started →