How Assessments Work
Overview of the operational risk assessment workflow, session lifecycle, and report issuance.
An assessment is the end-to-end workflow for completing a ten-phase operational
risk assessment and producing a final report.
For a screenshot-led guide through every phase, see
Risk Assessment Walkthrough.
User flow
- Sign in (Google today; Microsoft planned).
- The product checks access (admin, grant, or credits — see billing).
- The product loads your active session if one exists.
- If there is no active session, start from Assessments → Risk Assessment.
- Work through each phase: capture data, review AI suggestions, confirm artifacts.
- Generate, edit, and issue the final report in Phase 10.
- The session is archived; you can still issue additional report variants from the report studio, or clone for a fresh AI budget.
Credits for credit-based users are reserved when a session becomes active and
consumed when the report is issued, not when the assessment begins.See How sessions work for resume, clone, and import.
What you do in each phase
Each phase builds on prior artifacts. The walkthrough doc shows the UI for
every step; this table is a quick reference.See How phases work for runtime rules (preview-first,
preload, commit).
| Phase | Focus |
|---|---|
| 1 | System profile — owners, purpose, technologies |
| 2 | Architectural model — zones, apps, flows, CTL |
| 3 | Control scope and implementation status |
| 4 | Threat actors and threats |
| 5 | Likelihood and impact (VL / TEL) |
| 6 | Inherent risk |
| 7 | Compensating controls |
| 8 | Remediation plan |
| 9 | Residual risk |
| 10 | Final report |
Assessment screen
The assessment UI combines:- the current phase and roadmap
- conversation with structured quick picks and worksheets
- a status panel — phase JSON, DOT diagrams, tables, validation alerts
- Reset phase when you need to restart a phase cleanly
- AI enrichment where the phase policy allows external context
- Worksheets for row-level edits in later phases
Final report and completion
- Configure report audience and purpose (Phase 10).
- Preview HTML and edit Markdown.
- Run AI fill for marked narrative sections.
- Issue the report — this renders PDF and archives the session.
- Download PDF, HTML, or DOCX from your profile.
- Clone the archived assessment to start a new session from the same baseline.