An alternative way to add mitigations to risks is to have the AI search through your policies and procedures to look for suitable articles that would mitigate the risk.

Note: To use this feature, you must first enable Enhanced AI. This may incur charges with OpenAI as it uses their API.

You can run this AI feature by clicking the "AI Suggestions" button:

Once you click this, it will pop-up with a form. In there you can specify an optional hint (eg. perhaps to add more context to the risk title), along with the terms of use. Once you click OK it will spend some time processing and inform you of the progress as it searches through your policy database.

This operation can result in three possible outcomes, or a combination of each:

1. It may find existing policies or procedures that it thinks mitigate the risk. It will then add Mitigation records under the risk, with an explanation in the Notes field for how it mitigates the risk. It will link the mitigation directly to the policy or procedure that it found.

2. It may suggest an amendment to a policy or procedure if it finds a suitable policy but feels it is incomplete, and needs additional section(s) to mitigate that risk. In this case it will add a Mitigation, but when you click that Mitigation it will show a message with a link to implement the amendment. When the amendment is implemented, it simply puts the relevant policy or procedure into draft, makes the change and then lets you review it. It will not publish the change; this will be left up to you to perform.

3. If it cannot find any policies or procedures that are relevant, it may instead suggest an entire new policy or procedure to mitigate the risk. Again, it will do this by adding a Mitigation record, but when you click that record there will be a message to implement the suggestion. At this point it will insert the new policy, asking you where to locate it, then leave it as draft for you to edit further and publish. It will then link the policy to the new mitigation, with an explanation added to how the policy mitigates that particular risk.

Before it performs the search, it will update its topic tree. This means it will look for changes to policies, and construct topics to reflect the contents of those policies. It uses this when looking for suitable policies. This may take a few minutes, but only happens once for each change.

Please keep in mind this feature is still experimental and any suggestions it provides should be thoroughly reviewed before use. We welcome your feedback.