SimpleRisk

Enhanced risk analysis including FAIR assessments and customized documentation generation

Log and keep audit trails of all system changes for review by system administrators

Configure risk management process tailored to organization, change dropdown values, edit risk formulas, manage risk catalog, and define unlimited users with role mapping

Add and remove different types of fields and dynamically create custom page templates

Define multiple Business Units with teams, assign users across teams and Business Units, restrict user viewing to assigned teams and assets

One-click database backup and application/database upgrade capability

Logically group assets together and associate them with risks

Basic automated discovery of assets with manual addition capability, valuation assignment, and association with teams and locations

Integrate with Tenable.io, Rapid7 Nexpose/InsightVM and Qualys to import asset and vulnerability data, triage vulnerabilities into risks

Maintain a record of past audit activities and evidence with access restrictions based on need to know

Initiate, track and manage audits at the framework, control, or test level with documentation and evidence tracking

Create a consistent, repeatable, scalable process for recurring audits, assessments and certifications

Define unlimited tests across frameworks and controls with test result tracking and application to multiple frameworks

Take pre-configured risk assessments for CIS Critical Security Controls, HIPAA, NIST 800-171, or PCI DSS 3.2 with yes/no questions

Import data into SimpleRisk by mapping CSV file fields, and export CSV files containing risks, mitigations, reviews, or combination reports

Track and manage risk exceptions to policies and controls with approval workflows

Store policies, guidelines, standards and procedures in a single repository with documentation upload capabilities

Integration with 250+ regulatory frameworks mapped to more than 1,250 common controls

Identify, respond to and recover from events that negatively impact the organization based on NIST 800-61 Computer Security Incident Handling Guide

Bi-directional integration with Jira instances to connect risks to issues and sync data, status and comments

RESTful API to create scripted interactions with other applications for advanced automation and existing infrastructure leverage

Direct integration between Secure Controls Framework allowing selection from 190 frameworks mapped to 1,057 security and privacy controls including ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO

API-level integration with Unified Compliance Framework to import frameworks and control mappings directly

Send email notifications when risks are submitted, modified, or actioned upon, with scheduled reminders for management reviews

Create custom reports with graphical dashboards, risk appetite analysis, remediation prioritization, risk-to-control associations, and risk-to-asset associations

Filter data and tailor reports for C-Level, Technical, and Business stakeholders

Expand search functionality to find risks by textual search in risk data

Support for Active Directory and SAML authentication

AES-256 bit encryption key generation and encryption of sensitive text data in the database

Restrict risk viewing to only users who are members of the team that the risk is assigned to