Working with Risks

Credo AI provides two complementary risk resources: Risk Types for categorization and Risk Scenarios for specific risk situations.

Risk Types

Risk types categorize the kinds of risks that can be tracked. They include built-in (OOTB) types and custom types created by your organization.

Listing Risk Types

Python
TypeScript

from credoai import CredoAI

client = CredoAI()

# List all risk types
response = client.risk_types.list()
for rt in response.items:
    print(f"{rt.name} (ID: {rt.id})")

# List only custom risk types
custom = client.risk_types.list(custom=True)

# List hidden risk types
hidden = client.risk_types.list(hidden=True)

import { createCredoAIClient } from '@credo-ai/sdk';

const client = createCredoAIClient('your-tenant');

// List all risk types
const { data: response } = await client.riskTypes.list();
for (const rt of response.items) {
  console.log(`${rt.name} (ID: ${rt.id})`);
}

// List only custom risk types
const { data: custom } = await client.riskTypes.list({ custom: true });

// List hidden risk types
const { data: hidden } = await client.riskTypes.list({ hidden: true });

Creating a Custom Risk Type

Python
TypeScript

from credoai import RiskTypeCreate

risk_type = client.risk_types.create(
    data=RiskTypeCreate(
        name="Supply Chain Risk",
    )
)
print(f"Created: {risk_type.id}")

const { data: riskType } = await client.riskTypes.create({
  name: 'Supply Chain Risk',
});
console.log(`Created: ${riskType.id}`);

Updating a Risk Type

For custom risk types, name and description can be updated. For OOTB risk types, only the hidden flag can be updated.

Python
TypeScript

from credoai import RiskTypeUpdate

# Update a custom risk type
updated = client.risk_types.update(
    risk_type_id="rt_abc123",
    data=RiskTypeUpdate(name="Updated Risk Type"),
)

# Hide an OOTB risk type
client.risk_types.update(
    risk_type_id="rt_builtin456",
    data=RiskTypeUpdate(hidden=True),
)

// Update a custom risk type
const { data: updated } = await client.riskTypes.update('rt_abc123', {
  name: 'Updated Risk Type',
});

// Hide an OOTB risk type
await client.riskTypes.update('rt_builtin456', {
  hidden: true,
});

Deleting a Custom Risk Type

Only custom risk types can be deleted. Built-in risk types can be hidden instead.

Python
TypeScript

client.risk_types.delete(risk_type_id="rt_abc123")

await client.riskTypes.delete('rt_abc123');

Risk Scenarios

Risk scenarios describe specific risk situations. They are read-only resources that can be browsed and attached to use cases.

Listing Risk Scenarios

Python
TypeScript

# List all risk scenarios
response = client.risk_scenarios.list()
for scenario in response.items:
    print(f"{scenario.name} (ID: {scenario.id})")

# Filter by name
response = client.risk_scenarios.list(name="data privacy")

# Filter by ownership type
response = client.risk_scenarios.list(ownership_type="system")

# Filter by risk type
response = client.risk_scenarios.list(risk_type_id="rt_abc123")

# Filter archived scenarios
response = client.risk_scenarios.list(archived=True)

// List all risk scenarios
const { data: response } = await client.riskScenarios.list();
for (const scenario of response.items) {
  console.log(`${scenario.name} (ID: ${scenario.id})`);
}

// Filter by name
const { data: byName } = await client.riskScenarios.list({ name: 'data privacy' });

// Filter by ownership type
const { data: byOwnership } = await client.riskScenarios.list({ ownershipType: 'system' });

// Filter by risk type
const { data: byRiskType } = await client.riskScenarios.list({ riskTypeId: 'rt_abc123' });

// Filter archived scenarios
const { data: archived } = await client.riskScenarios.list({ archived: true });

Getting a Risk Scenario

Python
TypeScript

scenario = client.risk_scenarios.get(risk_scenario_id="rs_abc123")
print(f"Name: {scenario.name}")

const { data: scenario } = await client.riskScenarios.get('rs_abc123');
console.log(`Name: ${scenario.name}`);

Attaching to Use Cases

Risk scenarios can be attached to use cases via the fluent API:

Python
TypeScript

from credoai import UseCaseRiskScenarioCreate

use_case = client.use_cases("uc_abc123")

# List attached risk scenarios
scenarios = use_case.risk_scenarios.list()
for s in scenarios.items:
    print(f"  - {s.name}")

# Attach a risk scenario
fetched = client.risk_scenarios.get("rs_abc123")
use_case.risk_scenarios.add(fetched)

# Remove a risk scenario
use_case.risk_scenarios.remove("rs_abc123")

// List attached risk scenarios
const { data: scenarios } = await client.useCases.riskScenarios.list('uc_abc123');
for (const s of scenarios.items) {
  console.log(`  - ${s.name}`);
}

// Attach a risk scenario
const { data: fetched } = await client.riskScenarios.get('rs_abc123');
await client.useCases.riskScenarios.add('uc_abc123', { id: fetched.id });

// Remove a risk scenario
await client.useCases.riskScenarios.remove('uc_abc123', 'rs_abc123');

Next Steps

Learn about Policy Packs for governance controls
Explore Workflow for stage management
See the Risk Types API Reference and Risk Scenarios API Reference

Risk Types​

Listing Risk Types​

Creating a Custom Risk Type​

Updating a Risk Type​

Deleting a Custom Risk Type​

Risk Scenarios​

Listing Risk Scenarios​

Getting a Risk Scenario​

Attaching to Use Cases​

Next Steps​