Skip to main content
Frustrated CISO

These CISOs GRC is Failing Them And I Know Why

Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.

SR Logo

SimpleRisk Free and Open Source vs. Fully Featured Platform

Curious about SimpleRisk’s product offerings and available functionality? Read on to learn about our flexible deployment models – from free and open source to fully-featured GRC platform!

Professional Services

Why SimpleRisk Doesn’t Require Professional Services

This blog details how our approach varies from that of our competitor’s and how we ensure customer success without including professional services in our pricing model.

Manage Users

How To: Manage Personnel Changes in SimpleRisk

Explore your options for managing personnel changes in SimpleRisk.

Risk Management 101: Back to Basics

Risk Management 101: Back to Basics

Let’s go back to the basics and break down what enterprise risk management is and how you can use it to mitigate the risks that threaten your organization.

SimpleRisk Fist Bump

What is GRC-as-a-Service?

SimpleRisk partners with various MSSP providers to give customers a one-stop "GRC-as-a-Service" offering.  Learn more about how this works and whether the SimpleRisk GRCaaS platform may be a good fit for your organization.

Custom Development

How SimpleRisk Can Meet Your Custom GRC Requirements

What is the right way to do risk management?  We hear this question fairly frequently on calls with prospects and my answer is always the same.  There is no "right way" or "wrong way" to do risk management.  There's only your way...


OWASP Risk Rating Methodology

The OWASP Risk Rating Methodology and SimpleRisk

Over the years, we've received a number of inquiries about the OWASP Risk Rating Methdology with some contention around how we have integrated it into SimpleRisk. Some have questioned how SimpleRisk reaches its final risk score while others have pointed to differences in the Skill Level values. Let's delve into this...

Two Plus Two Equals Five

Normalizing Risk Scoring Across Different Methodologies

If the "textbook" definition of risk scoring is Risk = Likelihood x Impact, then a Severe (5) impact and an Almost Certain (5) likelihood should have a score of 25, right?  The answer isn't quite so simple...