Release and Maintenance Guidance
This guide helps project admins and delivery leads maintain a healthy risk management practice with Simple Risk Register.
After app updates
When a new version of Simple Risk Register is released, Atlassian automatically updates the app on your site. Here’s how to verify everything works correctly.
Quick verification checklist
After any update:
- Open Risk Register in an active project
- Verify heatmap loads and shows your risks
- Verify table view loads and data is correct
- Test issue panel on a Jira issue with linked risks
- Test a quick workflow:
- Create a test risk
- Update the risk (edit or drag-and-drop)
- Link an issue
- Delete the test risk
Check the app version
The app version is displayed in the footer of the Risk Register. Use this when:
- Reporting issues to support
- Verifying you’re on the latest version
- Documenting your environment
If something seems wrong after an update
- Refresh the page - Clear browser cache if needed
- Try a different project - Isolate whether it’s project-specific
- Check release notes - New features may change behavior
- Contact support - Report issues with version number and details
Recommended maintenance schedule
Weekly (15 minutes)
- Open Risk Register heatmap
- Review Open risks in high/critical quadrants
- Drag-and-drop to update scores as situations change
- Note any risks needing discussion
Bi-weekly (30 minutes)
- Switch to Table view
- Sort by “Updated” to find stale risks
- Update owners for reassigned risks
- Close risks that are no longer relevant
- Verify linked issues are still accurate
Monthly (30 minutes)
- Export CSV snapshot for backup and governance
- Review all Open risks and verify:
- Owner is still correct
- Mitigation plan is still relevant
- Linked issues are still appropriate
- Update status for risks where mitigation is complete
- Archive or delete truly obsolete risks
Quarterly (1 hour)
- Stakeholder review: Share heatmap view with leadership
- Risk register audit: Review entire register for accuracy
- Process review: Evaluate if your risk management process is working
- Export archive: Save a dated CSV for historical records
Risk hygiene best practices
Keep owners current
- Reassign owners when team members change
- Unassigned risks are harder to track
- Owners should be accountable for mitigation
Close stale risks
Risks that are no longer relevant should be:
- Closed if the threat is gone
- Mitigated if controls are in place
- Deleted only if they were created in error
Maintain linked issues
- Remove links to completed/closed issues if no longer relevant
- Add links to new mitigation work
- Use the issue panel to verify context
Keep descriptions updated
- Add new information as situations evolve
- Document why scores changed
- Include decisions and outcomes
Team operating model
Recommended workflow
| Activity | View | Frequency | Participants |
|---|---|---|---|
| Risk identification | Any | Ongoing | All team members |
| Risk assessment | Heatmap | Weekly | PM, Tech Lead |
| Risk review | Table | Bi-weekly | Full team |
| Stakeholder update | Heatmap | Monthly | PM, Stakeholders |
| Governance report | Export | Monthly/Quarterly | PM, Leadership |
Status definitions
Keep these consistent across your team:
| Status | Definition | When to use |
|---|---|---|
| Open | Active threat requiring attention | Risk identified but not yet addressed |
| Mitigated | Controls implemented, still monitoring | Mitigation complete but risk still exists |
| Closed | No longer relevant | Threat eliminated, project complete, or risk didn’t materialize |
Using the heatmap in meetings
The heatmap is ideal for:
- Sprint planning: Identify risks that could impact sprint goals
- Retrospectives: Discuss what risks materialized and how they were handled
- Stakeholder updates: Visual format is easy to understand
- Risk review meetings: Drag-and-drop makes real-time updates easy
Using the table for detailed review
The table is ideal for:
- Bulk updates: Change multiple risks at once
- Finding stale risks: Sort by “Updated” to find neglected risks
- Owner review: Filter by owner to review assignments
- Export preparation: Filter and export for reports
Scaling risk management
Small teams (1-10 people)
- Weekly heatmap review
- Everyone can create and update risks
- Simple status workflow (Open → Mitigated → Closed)
Medium teams (10-50 people)
- Designate a “risk owner” for the register
- Weekly risk owner review, monthly team review
- Consider adding tags or conventions in titles for categorization
Large teams (50+ people)
- Multiple risk owners by area
- Weekly risk owner sync, monthly stakeholder review
- Use exports for governance and compliance
- Consider risk categorization conventions
Preparing for audits
If your risk register may be audited:
Documentation to maintain
- Monthly CSV exports with dates in filenames
- Risk review meeting notes (can reference heatmap screenshots)
- Mitigation evidence (link to Jira issues)
- History audit trail (built into each risk)
Audit-ready practices
- Never delete risks (use Closed status instead)
- Always assign owners
- Link mitigation work to Jira issues
- Document decisions in risk descriptions
- Export regularly for external records
Continuous improvement
Metrics to track
Consider tracking:
- Total risks over time
- Average risk score
- Time from Open to Mitigated
- Percentage of risks with linked issues
- Risk closure rate
Process feedback
Periodically ask:
- Are we identifying risks early enough?
- Are mitigations effective?
- Is the risk register used actively?
- Do stakeholders have visibility?
Use answers to improve your risk management practice.