Threat Model
Visualise the journey, ensure you’re giving the data the security that it deserves and remember, policy without meaningful control is theatre.
Data moves through your system in stages. At each stage, the same four questions apply: what are we working on, what can go wrong, what are we going to do about it, and did we do a good enough job. This tool walks that journey — structured, timestamped, exportable thinking you carry into your real DPIAs, registers, and CAF self-assessments.
Cyber security delivers the controls and assurance that information security demands. Threat modelling is the evidence that architecture was considered before it was built.
Begin
Start a threat model.
Your name and email are used solely for attribution within the threat model — who answered what, and when. Nothing else. It will make more sense the more you use it.
Playground
No account needed. Build a threat model right now in your browser — nothing sent to a server. See a pre-populated example, or start from scratch. Export as JSON before you close the tab.
More with an account
Accounts on The Clearing Room unlock persistent storage, evidence uploads, contributor attribution, cross-system pattern detection, accountability mapping, and full audit history.