How Riskonami works

Riskonami guides users through a structured assessment process, uses AI to accelerate analysis and reporting, and keeps human review at every critical decision point.

Step-by-step workflow

  1. Create an assessment — Choose the assessment type and define the system, process, vendor, or initiative being assessed.
  2. Add context and evidence — Provide system details, architecture notes, files, policies, diagrams, or other supporting material.
  3. Work through guided phases — Riskonami breaks the assessment into structured phases so the process remains consistent.
  4. Review AI-assisted outputs — The system drafts findings, identifies gaps, and suggests risks or remediation actions.
  5. Validate and refine — Experts review the outputs, correct assumptions, and make final judgement calls.
  6. Generate the final report — Riskonami produces a structured report that can support governance, remediation, and assurance.
  7. Reassess over time — Assessment context can be reused and updated as systems, controls, and risks change.

AI accelerates the work. Humans remain accountable.

Users validate outputs before finalisation. Riskonami supports expert judgement; it does not replace sign-off, risk acceptance, or report issuance.
Read about assuranceHow phases work

Structured phases

Every assessment follows a configured multi-phase workflow — from asset classification and threat modelling through control review, risk calculation, remediation planning, and final report generation.
Riskonami 10-phase risk assessment process

Evidence and traceability

Uploads and system context inform assessment outputs. Final reports connect findings back to phases, controls, and evidence so conclusions remain reviewable and auditable.

Technical details

AI model usage and architecture
Riskonami AI architecture overview
Riskonami acts as an intelligent layer between you and AI models. Models are used for reasoning and enrichment; long-term assessment state is managed by Riskonami.
Data residency and session memory
Session data and long-term assessment context are stored in the European Union. Each assessment retains its own context — inputs, uploads, structured phase outputs, and reports — so work can be resumed and extended over time.
Assessment schemas and structured outputs
Each phase produces validated structured outputs. This keeps assessments consistent, machine-readable, and suitable for audit and reassessment workflows.