How Does Riskonami Work?

Riskonami is designed to help you perform deep, structured risk assessments using AI — without sacrificing control, privacy, or long-term continuity.

At a high level, Riskonami combines:

  • A structured, multi-phase risk methodology
  • AI-assisted analysis using best-in-class models
  • Long-term, GDPR-compliant context storage per assessment

1. Secure AI Architecture & Data Ownership

Riskonami AI architecture overview

Riskonami acts as an intelligent layer between you and multiple AI models.

  • We primarily use OpenAI, but the platform is designed to support multiple logical AI providers.
  • AI models are used for reasoning and enrichment, not for long-term storage.
  • All user input and uploads are collected and managed by Riskonami itself.

GDPR and EU Data Residency

  • Session data and long-term assessment context are stored in the European Union.
  • This ensures GDPR compliance and strict data residency guarantees.
  • Data is isolated per customer and per assessment.

2. Session Context vs Long-Term Assessment Memory

Riskonami separates short-term interaction state from long-term assessment knowledge.

Session Context

  • Maintains the current conversational and working state.
  • Used to guide AI responses during an active session.

Long-Term Context (Per Assessment)

Each assessment has its own dedicated long-term context, which may include:

  • User inputs
  • Uploaded documents and evidence
  • Structured JSON data from each phase
  • Generated risk reports

There is no practical limit to the amount of context an assessment can retain.

As assessments evolve over time, Riskonami builds a deeper understanding of your system, environment, and risk posture — without needing to start from scratch.

3. A Structured, Multi-Phase Risk Process

Riskonami 10-phase risk assessment process

Every Riskonami assessment follows a clear, step-by-step methodology from start to finish.

The 10 Assessment Phases

  1. Asset Classification
  2. Threat Modelling
  3. Control Implementation
  4. Threat Identification
  5. Likelihood Estimation
  6. Risk Calculation
  7. Compensating Controls
  8. Remediation List
  9. Residual Risk
  10. Final Risk Report

Each phase is handled by a dedicated worker focused on a single responsibility.

4. Structured Data and JSON Schemas

At the end of every phase, Riskonami:

  • Produces a JSON representation of the assessment state
  • Validates it against a phase-specific JSON schema

Why This Matters

  • Ensures consistent, high-quality data
  • Prevents invalid or malformed inputs
  • Keeps assessments machine-readable and auditable

Each phase produces a JSON-per-state, representing that phase’s outcome. Together, these states form the complete risk assessment.

Assessments can be:

  • Paused and resumed
  • Reloaded at any time
  • Extended as systems and controls evolve

5. User Uploads and Evidence

At any point in the process, users can provide:

  • Architecture diagrams
  • Policies and procedures
  • Technical documentation
  • Supporting evidence

Uploads are:

  • Stored locally in the EU
  • Linked to the relevant assessment
  • Referencable across all phases

This allows AI-assisted reasoning to be grounded in your real environment, not assumptions.

6. Final Risk Report and Traceability

The final output is a comprehensive risk report, generated directly from the structured assessment data.

  • Reports are stored alongside their JSON structures
  • Every conclusion is traceable to specific phases and inputs
  • Future changes can trigger reassessment without restarting the process

This makes Riskonami suitable for:

  • Continuous risk management
  • Audits and compliance reviews
  • Iterative security improvement

In Summary

Riskonami is not a one-off chatbot — it is a structured risk assessment system with memory and rigor.

  • AI-assisted, not AI-owned
  • GDPR-compliant by design
  • Unlimited, per-assessment context
  • Structured, auditable risk data
  • Built for ongoing use, not single reports