Entity context
Filter the SSoT by holding company or subsidiary
Risk-control matrix
All entities (Shadow Group SSoT) — controls derived from the same risk register (single source of truth). Click any cell to drill into the risk and the specific control.
Filter by risk owner
Inherent vs residual score
Aggregate −104 pts (48%) across 15 risks
Control-function effectiveness
Total points of inherent risk reduction attributed to each control function
Preventive: 17 controls · −60.8 pts · weight 50%Detective: 11 controls · −29.9 pts · weight 30%Corrective: 9 controls · −13.3 pts · weight 20%
15 risks · 37 control mappings · 37 unique controls
Preventive · 17
Detective · 11
Corrective · 9
| Risk | Inherent | Residual | Threshold | Effectiveness | Capacity planning PP avg 28% | Centralized license register PLg avg 42% | Dedicated claims team PP avg 36% | Dedicated compliance officer PP avg 39% | Diversification roadmap PP avg 14% | ESG steering committee PP avg 25% | External advisor engaged PP avg 25% | Forward contracts PP avg 22% | MFA enforced PLg avg 25% | Natural hedging via USD revenue PP avg 22% | Network segmentation PLg avg 20% | Redundant cold storage hubs PP avg 31% | Residency partnerships PP avg 10% | Retention bonuses PP avg 10% | Serialization PLg avg 21% | Staff retraining PP avg 23% | Tabletop exercises PP avg 20% | Automated renewal alerts DLg avg 25% | Data loss prevention (DLP) DLg avg 30% | EDR DLg avg 12% | Infection control audits DP avg 14% | IoT temperature loggers DP avg 19% | Privileged access reviews quarterly DP avg 30% | Quarterly penetration testing DLg avg 15% | Regulatory tracking DP avg 23% | Social listening tools DLg avg 30% | Supplier audits DP avg 13% | Third-party lab validation DP avg 13% | Contract renegotiation underway CP avg 6% | Crisis comms playbook CP avg 20% | EHR upgrade in flight CLg avg 10% | Equipment refresh CP avg 9% | Immutable backups CLg avg 8% | Outsourced overflow CP avg 11% | Receivables financing facility CP avg 14% | Telemedicine model CLg avg 4% | Weekend shifts CP avg 11% |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SR-001 Patient data breach via legacy EHR Shadow Hospitals · Anya Pratama | 20 | 10 | OK | 50% | |||||||||||||||||||||||||||||||||||||
SR-002 Counterfeit pharmaceuticals in supply chain Shadow Pharma · Dimas Wirawan | 15 | 8 | OK | 47% | |||||||||||||||||||||||||||||||||||||
SR-003 BPOM regulatory non-compliance Shadow Pharma · Sari Lestari | 16 | 6 | OK | 63% | |||||||||||||||||||||||||||||||||||||
SR-004 FX exposure on imported equipment Shadow Group · Reza Mahendra | 16 | 9 | OK | 44% | |||||||||||||||||||||||||||||||||||||
SR-005 Lab result turnaround SLA breach Shadow Labs · Putri Halim | 12 | 6 | OK | 50% | |||||||||||||||||||||||||||||||||||||
SR-006 Reputational damage from social media incident Shadow Clinics · Maya Anggraini | 12 | 6 | OK | 50% | |||||||||||||||||||||||||||||||||||||
SR-007 Ransomware attack on hospital network Shadow Hospitals · Anya Pratama | 20 | 8 | OK | 60% | |||||||||||||||||||||||||||||||||||||
SR-008 Strategic dependency on single PBM partner Shadow Pharma · Dimas Wirawan | 15 | 12 | OK | 20% | |||||||||||||||||||||||||||||||||||||
SR-009 Clinic licensing lapse in Tier-2 cities Shadow Clinics · Bayu Setiawan | 12 | 4 | OK | 67% | |||||||||||||||||||||||||||||||||||||
SR-010 Talent shortage for specialist physicians Shadow Hospitals · Indah Kurnia | 16 | 12 | OK | 25% | |||||||||||||||||||||||||||||||||||||
SR-011 Insider data leakage from lab informatics Shadow Labs · Rama Siregar | 10 | 4 | OK | 60% | |||||||||||||||||||||||||||||||||||||
SR-012 Working capital tightness from delayed BPJS claims Shadow Group · Reza Mahendra | 12 | 6 | OK | 50% | |||||||||||||||||||||||||||||||||||||
SR-013 ESG disclosure readiness gap Shadow Group · Sari Lestari | 12 | 6 | OK | 50% | |||||||||||||||||||||||||||||||||||||
SR-014 Cold-chain failure for vaccine distribution Shadow Pharma · Putri Halim | 12 | 6 | OK | 50% | |||||||||||||||||||||||||||||||||||||
SR-015 Clinic-acquired infection cluster Shadow Clinics · Maya Anggraini | 15 | 8 | OK | 47% |
Legend:Cells show −pts reduction · % of inherent. Click to drill into the risk.Function —
P · Preventive
D · Detective
C · Corrective
Nature —P · Policy
P · Physical
Lg · Logical