Drata Risk Management is a platform designed to manage risk assessments and treatment workflows within a unified system. The product provides a pre-loaded library of over 150 risks based on industry standards including NIST SP 800-30, ISO 27005, and OCR SRA. The platform automates risk mapping and control testing, sending alerts for new or evolving threats. Users can build risk registers from the pre-configured library or create custom risks, risk categories, filters, and owners to align with specific business requirements. The system automatically maps risks to controls and performs continuous monitoring. Drata Risk Management includes a risk dashboard that centralizes risk information and provides visibility into assessment progress. The platform automatically calculates risk scores based on impact and likelihood, generating treatment plans accordingly. Users can customize risk scoring methodologies and thresholds to meet organizational needs. The risk drawer functionality allows users to edit and manage risk data including descriptions, categories, owners, documents, and impact assessments. The platform generates comprehensive risk reports for executive communication and stakeholder transparency. Treatment plan development is supported through the platform, with the ability to create risk-related tasks. The system maintains continuous monitoring of risks with automated testing to keep security data current.