Skip to content
English
Contact Sales
  • There are no suggestions because the search field is empty.

Nooga Risk | FAQ

 

Note: This is a beta version. Nooga updates the Risk tool and FAQ continuously. If you can't find your answer here, please contact sales or support.

Contents:

General

What is Nooga Risk?
Nooga Risk is a plug-in extension that enables seamless integration of risk management and compliance directly in Azure DevOps and existing development workflows.

What is the product status?
Nooga Risk is in early beta with full functionality for risk management based on ISO 31000 Risk Management guidelines. It's under continuous development, and all user feedback influences our prioritization.

What does ongoing development mean?
We continuously improve existing functionality and develop new features. Changes are expected, and we highly value early user feedback.

Is the plugin compatible with on-premise Azure DevOps?
No. Nooga Risk only supports the Cloud version. On-premise support is not currently on our roadmap.

What are the system requirements?
The plugin runs directly within Azure DevOps without additional infrastructure. Users need a modern web browser and appropriate Azure DevOps permissions.

Where is my data stored?
All data stays in your organization's Azure DevOps. We don't store any Azure DevOps data on our servers.

How does the plugin handle sensitive data (e.g., GDPR)?
All data remains in Azure DevOps. Our AI features use Azure AI and can be disabled at any time in the settings page.

What AI model does Nooga Risk use and where is it located?
Nooga Risk uses Azure AI models located in Europe. Specific model type is shown in the Nooga organisation settings page.

Can I use my own AI model or one in another geographic location?
Not currently, but this feature is on our roadmap.

Can I disable the AI feature?
Yes, at any time in the settings page.

Who has access to risk information in Nooga Risk?
Nooga Risk doesn't have additional access controls. Information is accessible according to your Azure DevOps project permissions.

Can I restrict access to specific risks?
Yes. Risk information is saved at the project level in Azure DevOps, allowing you to restrict access by placing sensitive risks in a separate project with limited access.

Does Nooga Risk have a recovery and backup plan?
Since Nooga Risk doesn't store data, all information is managed by Azure DevOps' backup systems.

What risk framework does Nooga Risk support?
Nooga Risk is built to support ISO 31000 Risk Management standard.

Can I get certified in ISO 31000 by using Nooga Risk?
No. ISO 31000 provides best practice guidelines but is not a certifiable standard. However, it offers an excellent framework for building a robust risk management program.

Will Nooga Risk support our company's custom risk framework or COSO ERM?
Yes. Nooga Risk supports all steps in a generic risk management process, including COSO ERM, and is configurable to specific company setups.

Installation & Setup

How do I install the plugin?
Install from the Azure DevOps Marketplace. Navigate to your organization, click the shopping bag icon, select "Browse Marketplace," and search for Nooga Risk.

Is there a trial version?
Yes. We offer a 28-day free trial with full functionality, available directly in the Marketplace or by contacting us.

What's needed to start the trial?
Just enter your name, email, and choose your Azure DevOps organization. No credit card required.

What happens to my data after the trial ends or if I cancel my subscription?
Your data won't be lost—you'll simply lose access to the Nooga Risk user interface. Contact sales to continue using the product.

Can I use the plugin with existing Azure DevOps workflows?
Yes. The plugin integrates seamlessly with your existing workflows and processes.

At what level is Nooga Risk installed?
Installation is done at the organizational level but configuration is necessary for each project where you want to use the tool. 

Can I use different Risk Management settings in each organization or project?
Yes. Settings are configured per Azure DevOps organization. All projects within an organization share the same default settings, but you can customize some settings at the project level.

What project-level customizations are available?
You can change tolerance threshold levels for risk escalation and assign people for escalation flow.

What happens if I don't set a threshold level?
The default risk score for escalation is set to maximum, meaning all risks can be accepted without required escalation, regardless of score.

We have different legal entities within the same Azure DevOps organisation and they work with different Risk frameworks, can I customize Nooga Risk settings for each legal entity within the same Azure DevOps organisation (Taxonomy, Risk Matrix etc)?
Nooga Risk only supports full settings configuration at the organizational level in Azure DevOps meaning the organizational settings will be set for all projects in that specific Azure DevOps organization. 

We already use a risk work item. What should we do?
You can either;

  • Update your existing risk work item by adding new fields provided by Nooga Risk (part of the project configuration) or
  • keep your current work items unchanged (if they have other unique names compared to the Nooga risk work item names) and add the new Nooga Risk work items (Risk Description, Risk Assessment, Risk Treatment)

What's your recommendation for organizations with existing risk workflows?
We recommend a two-step transition:

  1. Install Nooga Risk "as is" with the Nooga Risk work items (Risk Description, Risk Assessment, Risk Treatment) if they are named differently to the work items you use to avoid conflicts with existing risk work items
  2. Once the organization is comfortable with Nooga Risk work items, either convert existing work items or keep them but stop using them

Contact us for support in tailoring the setup to your internal processes.

Can I keep my old risk work items unchanged?
Yes, but you won't be able to use Nooga Risk features such as risk overviews, escalation flows, risk details, or risk treatment activities. Having two different types of risk work items may also create organizational confusion.

What's the difference between Nooga Risk and ROAM?
ROAM is a lightweight approach roughly equivalent to the "Risk Evaluation" step in ISO 31000. Nooga Risk provides a more comprehensive process by also supporting the stages of risk identification and analysis.

Can we try Nooga Risk without affecting existing risk work?
Yes. Install it in a sandbox environment hosted in a separate Azure DevOps organization OR configure Nooga Risk only for a specific project using a process template different to the ones in other projects. In that way it will be possible to isolate and try it out for just that project.

Features & Functionality

What are the key features?

  • Configurable setup to match your organization's risk management frameworks, including taxonomy, risk matrix, and tolerance/threshold levels with assignees for escalation
  • AI-powered risk identification to assist in identifying relevant risks for any work item
  • AI-powered assistance for risk description to identify causes of the risk related to the context and to improve risk description for further assessment and treatment options
  • Assessment and ownership of risks and treatment actions
  • Escalation paths for risks above threshold with built in e-mail notification and governance documentation
  • Create and track risk treatment actions including ownership and due dates, and possibility to link treatment activities to regular work items
  • Risk matrix to monitor risks by score, category, date, context and status
  • Risk registers to reuse risks or add organization-specific risks (e.g., DORA, NIS2, CRA, ISO 27001)

What work items come with Nooga Risk?

  • Risk Description
  • Risk Assessment
  • Risk Treatment

What happens to work items if I uninstall Nooga Risk?
Additional fields will remain on your work items, but you'll lose the functionality and user interface provided by Nooga Risk.

Does the plugin work with all work item types?
Yes. It supports all standard Azure DevOps work item types and can be configured for custom types.

Can I import an existing Risk Register?
Yes. If you have a risk register in Excel format, it can be uploaded into Nooga Risk.

Can I customize the plugin to match our workflow?
Yes. The plugin includes several configuration options to adapt to your specific processes and requirements.

Is documentation available?
Yes. Comprehensive documentation, including setup guides and user manuals, is available at the HubSpot knowledge base. You can always reach out to Sales or Support for additional questions and guidance.

How often is the plugin updated?
Nooga Risk practices continuous delivery. New and upcoming functionality is announced regularly.