How to Build Your Own SimpleRisk

Auto-generate risk assessments and maturity questionnaires for 250+ frameworks and track results

Involve management in the risk management process by outlining next steps for risks with review process tracking

Plan mitigations for risks by setting mitigation dates, defining level of effort, assigning ownership, and tracking residual risk changes

Group risks together into higher level projects for batch management and reporting purposes

Ability to define contacts, create questions with logic, assemble questionnaires, and compare results over time

Log and keep audit trails of all system changes for review by system administrators

Configure risk management process tailored to organization, change dropdown values, edit risk formulas, manage risk catalog, and define unlimited users with role mapping

Add and remove different types of fields and dynamically create custom page templates

Define multiple Business Units with teams, assign users across teams and Business Units, restrict user viewing to assigned teams and assets

One-click database backup and application/database upgrade capability

Maintain a record of past audit activities and evidence with access restrictions based on need to know

Initiate, track and manage audits at the framework, control, or test level with documentation and evidence tracking

Create a consistent, repeatable, scalable process for recurring audits, assessments and certifications

Define unlimited tests across frameworks and controls with test result tracking and application to multiple frameworks

Take pre-configured risk assessments for CIS Critical Security Controls, HIPAA, NIST 800-171, or PCI DSS 3.2 with yes/no questions

Bi-directional integration with Jira instances to connect risks to issues and sync data, status and comments

RESTful API to create scripted interactions with other applications for advanced automation and existing infrastructure leverage

Direct integration between Secure Controls Framework allowing selection from 190 frameworks mapped to 1,057 security and privacy controls including ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO

API-level integration with Unified Compliance Framework to import frameworks and control mappings directly

Logically group assets together and associate them with risks

Basic automated discovery of assets with manual addition capability, valuation assignment, and association with teams and locations

Integrate with Tenable.io, Rapid7 Nexpose/InsightVM and Qualys to import asset and vulnerability data, triage vulnerabilities into risks

Track and manage risk exceptions to policies and controls with approval workflows

Store policies, guidelines, standards and procedures in a single repository with documentation upload capabilities

Integration with 250+ regulatory frameworks mapped to more than 1,250 common controls

Support for Active Directory and SAML authentication

AES-256 bit encryption key generation and encryption of sensitive text data in the database

Restrict risk viewing to only users who are members of the team that the risk is assigned to

Create custom reports with graphical dashboards, risk appetite analysis, remediation prioritization, risk-to-control associations, and risk-to-asset associations

Filter data and tailor reports for C-Level, Technical, and Business stakeholders