Help Docs

Risk Waiver

Digital Risk Analyzer enables you to temporarily or permanently exclude selected third-party risks from affecting your domain’s security score using the Risk Waiver. This is useful when certain risks are acknowledged but do not require immediate remediation. By creating a waiver, you can provide justification, set a validity period, and ensure your security score reflects only the actionable vulnerabilities.

Use cases

  • Temporarily defer vulnerabilities that are low priority or have compensating controls.
  • Maintain a fair security score by excluding risks that are accepted or irrelevant.
  • Provide justification for compliance by documenting why a vulnerability was waived.
  • Set a due date for review to reassess waived risks after a defined period.
  • Archive waivers to bring previously excluded vulnerabilities back into the score calculation.

How to waive your risks

Follow the steps below to waive the risks in your domain: 

  1. Log in to Digital Risk Analyzer.
  2. Navigate to Risk Waiver > Create Waiver.
  3. On the Create Risk Waiver page, from the list of risks, select the one you want to waive.
  4. After selecting the risk:
    1. Provide a reasonable Justification explaining why the risk is being waived.
    2. Select a Due Date until which the waiver is valid. If the risk is to be waived permanently, leave it empty.
  5. Click Submit Waive.
    • The security score is recalculated, reflecting the waived vulnerability after the next scan. For example, if an SSL handshake vulnerability lowers the score by 5 points, the corresponding domain's security score of 73 becomes 78 after the waiver is applied.
  6. The waiver status is initially marked as Pending and becomes Active after the next scan.
  7. The different waiver statuses are:
    • Pending: When the waiver is being processed and has not yet started to impact the security score.
    • Active: When the waiver is currently active and impacts the security score.
    • Archived: When a waiver is temporarily archived.
    • Overdue: When the configured due date of a waiver has been exceeded.
      Note

      All waived risks are listed in the Detailed Reports with the justification provided under a separate section titled, Waived Risks.

Where to access Risk Waiver

The option to waive risks is available in the following features within Digital Risk Analyzer:

  • Domain Summary: In the list of available risks for your domain, near each risk, there is an option to Waive Risk. Select it to navigate to the Risk Waiver page.
  • Score Planner: Collaborators can waive a risk by clicking on the Waive Risk button near the Comment section.

How to edit, archive, or delete a waiver

In some circumstances, if the waiver is no longer needed or temporarily disregarded, you can archive it. Follow the steps below to edit, archive, or delete a waiver:

  1. Navigate to the Risk Waivers page.
  2. Click the hamburger icon under the Action field of the desired waiver and select Edit, Archive, or Delete.
  3. When Edit is selected, navigate to the Edit Waiver page, where you can make the desired changes to the waiver configuration.
  4. Click Archive to disregard the waiver temporarily. 
  5. To delete a waiver, select Delete and, on the confirmation pop-up, select Delete again to proceed with the deletion process.
  6. All waiver changes, including changes in status, reporting, and score impact, will be applied only after the next scan.
    Note

    You can change the Due Date of the waiver when the status changes to Overdue or when you want to extend the Due Date.

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!