Skip to content
English
Customer portal
Contact us
  • There are no suggestions because the search field is empty.

Email Notification Extra Installation and Administration Guide

By default, Simplerisk only sends notifications for password reset requests. However, this Extra feature enhances your notification options by allowing you to receive emails for various important activities. These include when new risks are submitted, existing risks are updated, new mitigations are introduced, mitigations are updated, risks are reviewed, risks are closed, comments are added to risks, comments are made on audits, audit statuses change, new documents are added, new incidents are submitted, incident statuses change, incident summaries are modified, changes are made to the playbook, incident details are updated, containment steps are completed, eradication steps are finished, recovery steps are accomplished, evidence is attached, new notes are added, and lessons learned are documented. Additionally, you can schedule these notifications to be sent via a cron job to remind you when risks are due for management review.

Installation

All SimpleRisk Extras are made available through the SimpleRisk services feature, which is automatically activated when you register your SimpleRisk instance. To initiate the registration process, navigate to Configure 🡪 Register & Upgrade. Here, you will need to input your organization’s details and save the information. This action will generate a unique instance ID for your SimpleRisk setup and establish a connection with our servers to create a services API key. Once your instance is successfully registered, SimpleRisk will automatically download and install the Upgrade Extra for you. This Upgrade Extra includes convenient buttons for upgrading the application, backing up your data, and installing additional Extras. If you encounter any issues, please verify that the “simplerisk” directory has write permissions for the web server user (usually “www-data”). Additionally, if your system operates behind a dynamic NAT pool, you may need to reach out to our support team to remove the IP restrictions for your instance. 

Activation

This next step is what tells SimpleRisk that the Email Notification Extra is installed and ready to use.  Log in to your SimpleRisk instance and select “Configure” from the Navigation Menu at the top.  Then, select “Extras” from the Configuration Menu at the left.  You will see a list here of each of the Extras that are available for purchase.  Find the row for the “Notification” Extra and click where it says “No” in the Enabled column.  Click on the “Activate” button.  Once activated, you should see the word “ACTIVATED” under the Extra name in green and the Extra configuration parameters will appear below.

Configuration

The Notification Extra has numerous configuration options that are available by selecting “Configure” from the Navigation Menu at the left. Then, select “Extras” from the Configuration Menu.  You will see a list here of each of the Extras that are available for purchase. Find the row for the “Notification” Extra and click where it says “Yes” in the Enabled column. Configurations are ordered here by “When to Notify”, “Who to Notify”, and “How to Notify”. 

Action Notification

When to Notify

  • When to Notify

    • Notify on New Risk: If enabled, you will receive email notifications whenever a new risk is submitted.

    • Notify on Risk Update: If enabled, you will receive email notifications when an existing risk undergoes an update.

    • Notify on New Mitigation: If enabled, you will receive email notifications upon the submission of a new mitigation.

    • Notify on Mitigation Update: If enabled, you will receive email notifications when an existing mitigation is updated.

    • Notify on Risk Review: If enabled, you will receive email notifications when a new management review is submitted.

    • Notify on Risk Close: If enabled, you will receive email notifications when an existing risk is officially closed.

    • Notify on Risk Comment: If enabled, you will receive email notifications when a comment is added or updated related to a risk.

    • Notify on Initiated Audits: If enabled, you will receive email notifications whenever an audit is initiated.  

    • Notify on Audit Comments: If enabled, you will receive email notifications when a comment is added or updated regarding an audit.  

    • Notify on Audit Status Change: If enabled, you will receive email notifications when the status of an existing audit changes.  

    • Notify on New Document: If enabled, you will receive email notifications whenever a new document is created.  

    • Notify on Document Update: If enabled, you will receive email notifications when an existing document is updated.  

    • Notify on New Incident: If enabled, you will receive email notifications whenever a new incident is created.  

    • Notify on Status Change: If enabled, you will receive email notifications when the status of an existing incident is updated.

    • Notify on Summary Change: If enabled, you will receive email notifications when the summary of an existing incident is updated.  

    • Notify on Playbook Change: If enabled, you will receive email notifications when the playbook associated with an existing incident is updated.  

    • Notify on Details Change: If enabled, you will receive email notifications when the details of an existing incident are updated.  

    • Notify on All Containment Steps Completed: If enabled, you will receive email notifications when all containment steps for an existing incident have been completed.  

    • Notify on All Eradication Steps Completed: If enabled, you will receive email notifications when all eradication steps for an existing incident have been completed.  

    • Notify on All Recovery Steps Completed: If enabled, you will receive email notifications when all recovery steps for an existing incident have been completed.  

    • Notify on Evidence Attached: If enabled, you will receive email notifications when evidence is attached to an existing incident.  

    • Notify on Notes Added: If enabled, you will receive email notifications when notes are added to an existing incident.  

    • Notify on Lessons Learned Added: If enabled, you will receive email notifications when lessons learned are added to an existing incident..



Who to Notify

  • Notify Submitter: When enabled, email notifications will be dispatched to the individual who submitted the risk whenever actions are taken related to that risk.

  • Notify Owner: When enabled, email notifications will be sent to the risk owner regarding any actions taken involving the risk.

  • Notify Owner's Manager: When enabled, email notifications will be sent to the risk owner's manager when actions are taken concerning the risk.

  • Notify Team: When enabled, email notifications will be distributed to all members of the risk owner's team whenever actions are taken related to the risk.

  • Notify Additional Stakeholders: When activated, email notifications will be sent to any interested stakeholders whenever actions related to the risk are taken.

How to Notify

  • Verbose Email: When checked, e-mail notifications from SimpleRisk will include potentially sensitive details about your risks.

Once enabled, you should immediately start receiving the emails when actions are taken with your risks. If you are not seeing email messages, then you should check the mail logs on the system where Simplerisk is installed in order to ensure that it’s able to send outgoing messages.

Scheduled Notifications

In addition to the standard Extra functionality for action-based notifications mentioned earlier, you can also schedule the Email Notification Extra script to run as a scheduled task for various purposes, including:

  • Automated Notifications of Unreviewed/Past Due Risks

  •  

    Automated Notifications of Planned Mitigations

  •  

    Automated Notifications of Audits

  •  

    Automated Notifications of Unmitigated Risks

  •  

    Automated Notifications of Unreviewed/Past Due Policy and Control Exceptions

  •  

    Automated Notifications of Document Reviews

The key distinction between action-based notifications and scheduled notifications is that with scheduled notifications, you need to define the frequency at which emails will be sent automatically. You can choose from Daily, Weekly, Monthly, or Annually. Additionally, you have the option to send a reminder email in advance, with customizable intervals for that notification as well.