Risk Management
Made Simple.

Track every risk, plan every mitigation, prove it works. The register that does the math for you, in plain colors, with a decision log auditors actually like.

For CISOs, IT directors and risk leads running a continuous program.

Book a demo Contact

Mobile companion apps — coming soon

Apple App Store Google Play
Three side-by-side risk heatmaps showing Inherent, Residual and Target distributions

Features

How it works

  1. 01

    Three heatmaps. Not one.

    Inherent, residual and target sit side by side at all times. You see where each risk started, where it sits today, and where you want it next.

    Click any cell to filter the register to the risks behind it. No separate report needed. No stale screenshots in someone's deck.

  2. 02

    Mitigations have a price tag.

    Every control and project carries effectiveness, status and cost. Mark one done from the overview and the parent risk's residual drops in the same tick.

    The budget-delivery percentage updates. The audit log captures who did it. You can finally answer "what's our mitigation spend, and is it landing?" without a spreadsheet.

  3. 03

    Decisions on the record.

    Board accepted that risk until Q3? Note it on the timeline, right next to the score and the data that supports the call.

    Decisions are editable; the edit history is preserved. Auditors get the full story of who decided what and when - without you preparing a single deck for them.

  4. 04

    Recommendations with the math attached.

    Not generic best-practice nudges. Specific moves you can take today: "Mark this MFA rollout done to remove six points from CYB-001."

    Every claim cites the rule it ran, the risk it found and the numbers it used. Nothing is a black box. Your team can argue with the recommendation if it's wrong - and you'll see why.

  5. 05

    Board reports without a designer.

    One-click executive summary, appetite-breach list, mitigation-program rollup, overdue-review tracker. Same data, four audiences, zero spreadsheets.

    Print to PDF and hand it over. The layout is clean enough for a board pack and dense enough for an auditor. No designer needed in the loop.

  6. 06

    ESG in the same workspace.

    ESRS-aligned topics, disclosures and metrics live right next to your risks - not in a separate tool, not in another vendor's database.

    Materiality assessments use the same heatmap math your risk team already knows. Your ESG team and your risk team finally read from the same source of truth.

Frameworks

Built for compliance

Aligned with what you already report against.

93 controls pre-seeded into your controls catalogue. Link them to risks, track effectiveness, export evidence.

Categories, asset and supplier registers, and the decisions log map to the directive's risk-management and incident-handling articles.

Structure your register by Govern, Identify, Protect, Detect, Respond, Recover - each function a category, each subcategory a risk.

Track CIS Safeguards as mitigations against the risks they reduce. Useful when you run a CIS-aligned operational program.

ESRS-aligned topics, disclosures and metrics live in the same workspace - in scope when the ESG module is enabled.

Pricing

Compare plans

Starter

DKK 2,200 / month

Billed monthly

  • Risks25
  • Users2
  • Risk heatmaps (inherent, residual, target)
  • Mitigations
  • Decisions log and audit trail
  • Custom risk categories
  • Custom appetite per category
  • Report branding
  • Single sign-on (SSO)

Modules included

DKK 5,000/yr per module

  • ReportsAdd-on
  • InsightsAdd-on
  • ESGAdd-on
  • Linked entitiesAdd-on
  • Controls catalogueAdd-on
Contact

Most popular

Growth

DKK 4,000 / month

Billed annually

  • Risks50
  • Users10
  • Risk heatmaps (inherent, residual, target)
  • Mitigations
  • Decisions log and audit trail
  • Custom risk categories
  • Custom appetite per category
  • Report brandingLogo only
  • Single sign-on (SSO)

Modules included

DKK 5,000/yr per module

  • ReportsIncluded
  • InsightsAdd-on
  • ESGAdd-on
  • Linked entitiesAdd-on
  • Controls catalogueAdd-on
Contact

Scale

DKK 7,500 / month

Billed annually

  • RisksUnlimited
  • UsersUnlimited
  • Risk heatmaps (inherent, residual, target)
  • Mitigations
  • Decisions log and audit trail
  • Custom risk categories
  • Custom appetite per category
  • Report brandingWhite-labeled
  • Single sign-on (SSO)

Modules included

  • ReportsIncluded
  • InsightsIncluded
  • ESGIncluded
  • Linked entitiesIncluded
  • Controls catalogueIncluded
Contact

About

About Risk-App

Risk-App is built by MVCS ApS, a Danish software studio focused on risk, compliance and governance teams. We started it because the systems we used in our own work were either too heavy to onboard or too light to manage real risk against, and the actual work always slipped into inboxes and spreadsheets.

The product is opinionated on purpose. It ships with sensible defaults so the evaluation week is spent using it, not configuring it. Every screen in the UI is there because someone running a real register asked for it - nothing is in the app just to look good in a demo or tick a feature box on a comparison sheet.

We are based in Copenhagen, release continuously, and answer support within a working day. The roadmap is shaped by the customers using Risk-App daily, and the team is kept small on purpose so feedback turns into shipped features in weeks rather than quarters - which is how we like to work.

Contact

Let's talk

A 20-minute demo is the fastest way to know whether Risk-App fits your program.

Book a demo

30 minutes, walking through the app.

Reach us directly

[email protected]

MVCS ApS
CVR: DK-45438392
Copenhagen, Denmark