From a $0 budget to a global GRC platform
SimpleRisk began when our founder, Josh Sokol, was told to build a risk management program with a budget of zero. So he built the tool himself, and gave it away free and open source.
How we got here
The road to SimpleRisk
2010
Getting started with risk management
Josh Sokol began building the Information Security Program at National Instruments from the ground up, tasked with managing SOX compliance and developing a formal risk management program. After researching the available frameworks, he settled on NIST SP 800-30 as its foundation.
The struggle
The tools could not keep up
He started with spreadsheets, but they would not scale. A custom platform built on Lotus Notes solved the scale problem, but a growing program meant constant change requests that overwhelmed the IT team and a database that could not evolve fast enough. It was time for a real GRC product.
The turning point
“Your budget is $0. Go figure it out.”
Josh spent months vetting GRC products and found a frontrunner. He took it to his VP with a $500k quote and said this was the tool he needed. She laughed and told him his budget was zero.
2013
The creation of SimpleRisk
Necessity being the mother of invention, Josh set out to write a risk management tool that could scale better than spreadsheets, be more dynamic than a custom database, and not blow a limited budget.
In March 2013, three years into his risk management journey, he released the very first version of SimpleRisk, free and open source, at BSides Austin, alongside a talk titled “Convincing Your Management, Your Peers, and Yourself that Risk Management Doesn’t Suck.”
Embraced by others
A community was waiting
It turned out Josh was not alone. A whole community was struggling with the same tooling gap, and they came asking for features, support, and hosting. SimpleRisk, the world’s first free and open source risk management tool, was born.
Today
A fully featured GRC platform
SimpleRisk is now a complete governance, risk, and compliance platform, with integrations for vulnerability management tools, ticketing systems, compliance databases, and more, plus streamlined internal and vendor risk assessments, at a fraction of the cost of other GRC tools.
Whether you are just dipping a toe into risk management, looking for something better than spreadsheets, or want more return on an existing GRC tool, SimpleRisk can help. We look forward to working with you.
By the numbers
Trusted around the world
See what SimpleRisk can do for you
Start a free 30-day trial or book a demo, and put a decade of GRC experience to work.
Start a free trial