Hi @AliB,

SAP LeanIX’s standard risk management features are designed to address aggregated obsolescence risks related to the underlying IT components that enable an application to function. This approach ensures that organizations can easily identify and mitigate potential disruptions caused by outdated or unsupported infrastructure elements that may impact application stability and performance.

However, SAP LeanIX’s true strength lies in its highly flexible and powerful metamodel. This metamodel provides organizations with the opportunity to customize and extend their risk management framework beyond just obsolescence. For example, you can expand the metamodel to capture a wider range of IT and architectural risks, such as security vulnerabilities, data privacy concerns, integration dependencies, or compliance-related threats.

Moreover, the metamodel’s adaptability allows for the inclusion of controls to manage and mitigate these broader risks. This means you can create a comprehensive risk management strategy that encompasses not only the identification and assessment of risks but also the implementation and monitoring of effective controls. By tailoring the metamodel to meet your organization's unique needs, you can align risk management more closely with enterprise architecture practices and drive proactive risk mitigation throughout your IT landscape.

Please feel free to reach out for further details.

Many thanks Mobin,

Customising the meta model is a way forward although it looks like I’d have to implement the automation for calculated risk attributes myself.

I’m wondering if you have partners that have already implemented such automation or something similar?

Hi @AliB,

Sure, please reach out to LeanIX Support with this use case and they will link you with our Professional Services team for further assistance.