How to use RPN in the SoftComply Risk Manager Cloud with Jira Automation

The SoftComply Risk Manager on Jira Cloud (Risk Manager, from hereon) does not include an RPN (Risk Prioritisation Number) based risk assessment method by default. The Risk Manager on Cloud comes with a two dimensional matrix instead. Having said that, there is a fairly simple way to create your RPN score based on your Risk Severity and Probability values. To do that, you will have to add an additional Text-type field for the “Score” in your Risk Table view that is updated each time the Severity or the Probability field is updated.

Following is a short tutorial describing how you can do it in your Risk Manager Cloud with Jira Automation:

1. Find the ID-s of the Risk Severity and Risk Probability fields

To do that, open your browser and the Jira rest api at:

https://your_jira_host.atlassian.net/rest/api/2/issue/KEY-1?expand=names

Note that you will need to change the host name (“your_jira_host”) to your organization/department host name as you see it in your browser and where the “KEY-1” should correspond to an existing risk project issue key.

You should be able to see a similar screen:

Open

Next, find the custom fields named “Severity” and “Probability”. This is how the custom field together with their ID-s should look like:

Open

You can also check if the field ID values are correct by calling the same REST API endpoint with different parameters. To do that, enter your host and project values to the following url:

https://your_jira_host.atlassian.net/rest/api/2/issue/KEY-1

You should be able to see the ID values below the Severity and Probability fields similarly to this:

You have now determined that the “customfield_10400” is the correct ID of the Risk Severity field that we need to continue the RPN score implementation.

2. Create a new textfield type column for the RPN Score in your Risk Table

In order to create an RPN Score in the Risk Table, you will need to create a textfield type column to the table first. This field will be the one that displays the RPN score. The RPN Score field should either be a text or a text area field type and not a number field, because Jira Automation Smart Values works only with these types of fields and not with number fields.

3. Create Jira Automation rule to update the Score field value

First, you can access the Jira Automation in Cloud from System Settings. Note that you will need to an admin level permissions to access it.

3 steps to create the Jira Automation rule for RPN Score calculation:

1. Create two smart value variables on global level: Severity and Probability,

2. Assign values to those smart variables based on the earlier custom field ID-s from your Risk Manager,

3. Finally, update the Score field with the multiplication of the values of the two smart variables.

Below you will find a screenshots of the automation rule.

NB! The following screenshot illustrates the rule for creating just one smart value for Severity (Minor) and Probability (Frequent), whereas you will need to create all the values as you have defined them in your Risk Project. To do that, simply clone parts of the rule as many times as you need.

IMPORTANT NOTES TO REMEMBER ABOUT THE RULE

Key takeouts from the rule:

• Smart value variables must be defined on global level, then you can update them on separate branches (update = create) with Jira Automation.

• Add Audit log actions for debugging

• Use advanced compare conditions to evaluate Severity or Probability values:

• The final Score field update uses smart values math function: