Skip to main content

Simplerisk On-Premise

A Governance, Risk Management and Compliance (GRC) solution run on your own servers that enables you to identify, rank, monitor and track risks through their mitigation life cycle and continually measure the overall progress of your cybersecurity program.

What is SimpleRisk On-Premise?

The SimpleRisk On-Premise platform is designed to deliver a simple, effective and affordable GRC solution that ensures customers will benefit from the repeatable, scalable and sustainable processes that are the foundation of any successful GRC program. SimpleRisk On-Premise enables you to run our award-winning software on your own servers inside of your own datacenter environment. This allows you to leverage your own internal security controls with the platform, but you are responsible for the ongoing administration of the platform including monitoring, backups and upgrades. A SimpleRisk On-Premise installation begins with downloading and installing our free and open source product, SimpleRisk Core, which provides all of the basic GRC capabilities.

 

What are SimpleRisk Extras?

SimpleRisk Extras are plug-and-play modules that can be downloaded and installed into your SimpleRisk instance to provide functionality beyond what is available in the SimpleRisk Core. Once you've downloaded and installed SimpleRisk, you will have the option to register your SimpleRisk instance. After a successful registration, you are immediately granted access to two free SimpleRisk Extras:

Free

Upgrade

The Upgrade Extra is designed to make the process of upgrading SimpleRisk much easier. It provides you with a button that you can click at any point to get a backup of the SimpleRisk database, as well as an upgrade capability that handles the application and database upgrades for you with a single click of the mouse.

Secure Controls Framework (SCF)

The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!

Additionally, SimpleRisk offers the following
catalog of licensed SimpleRisk Extras:

Premium

Advanced Search

The Advanced Search Extra expands the functionality of the top bar's search box to be able to find risks by doing textual search in risk data.

API

The API Extra allows customers to use a RESTful API to create scripted interactions with other applications to gain advanced automation and leverage existing infrastructure.

CUSTOM AUTHENTICATION

The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.

CUSTOMIZATION

The Customization Extra enables the ability to add and remove different types of fields and dynamically create custom page templates.

EMAIL NOTIFICATION

The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.

ENCRYPTED DATABASE

The Encrypted Database Extra generates a random AES-256 bit encryption key and then uses that to encrypt sensitive text prior to it being inserted into the SimpleRisk database. This prevents anyone from being able to view or modify the data without using the SimpleRisk application directly.

IMPORT-EXPORT

The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.

INCIDENT MANAGEMENT

The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.

JIRA INTEGRATION

The Jira Integration Extra provides users with the ability to integrate bi-directionally with a Jira instance. It enables connecting risks to Jira issues, as well as syncing their data, status and comments.

ORGANIZATIONAL HIERARCHY

The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.

RISK ASSESSMENT

The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.

TEAM-BASED SEPARATION

The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.

UNIFIED COMPLIANCE FRAMEWORK (UCF)

The Unified Compliance Framework (UCF) Extra is an API-level integration between the Unified Compliance Framework and SimpleRisk. Enabling it allows you to import selected frameworks and control mappings directly from UCF.

VULNERABILITY MANAGEMENT

The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with Tenable.io or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.

 

Does SimpleRisk Offer Support Plans?

SimpleRisk offers three different tiers based on the level of support required by your organization:

Silver Support

Monday through Friday 8 AM to 5 PM CST (No Holidays). E-mail and web-based support with 1 business day turnaround. Phone support scheduled as necessary.

Gold Support

Monday through Friday 8 AM to 8 PM CST (No Holidays). E-mail and web-based support with 1 business day turnaround. Phone number provided for on-call assistance.

Platinum Support

24 hours a day, 7 days a week, 365 days a year. E-mail and web-based support with 1 business day turnaround. Phone number provided for on-call assistance.

All of our SimpleRisk Extras come standard with our SimpleRisk Silver Support for all configuration and troubleshooting of the purchased functionality.

These support plans may be purchased to add configuration and troubleshooting support for the SimpleRisk Core or to add expanded support hours for your SimpleRisk Extras.

Does SimpleRisk Offer Professional Services?

We find that SimpleRisk is so simple and intuitive that our customers don't normally require any professional services to get started. We encourage our customers to reach out to our Support Team should they ever encounter any issues or if they have questions about how to do something. All of our SimpleRisk On-Premise packages also include quarterly "Ask the Expert" calls with SimpleRisk's Founder and CEO, Josh Sokol.

With over a decade of experience running the Information Security Program for a large, global, publicly traded enterprise, we've found that giving customers the opportunity to speak with him on a regular basis has been invaluable in helping to jump start their GRC programs, as well as helping them to avoid some of the pitfalls experienced along the way.

What if I Need a Second Environment for Testing?

Sometimes customers will come to us asking for additional licenses to be able to test out things like software upgrades and new features in a non-production environment. While we do not offer discounted licensing for this purpose, our On-Premise Premium package includes a license for an additional development server. Customers who have purchased that package are able to install a second copy of SimpleRisk for the purpose of development and testing in a non-production environment, with all of the Extras included, at no additional charge.

 

How is SimpleRisk On-Premise Priced?

The most cost-effective way to purchase Extras for your On-Premise SimpleRisk instance is with one of our packages. These packages were created to provide you with the most commonly licensed SimpleRisk features while saving you thousands of dollars off the cost if you were to purchase them a la carte:

Swipe
Schedule a Demo BASIC PACKAGE PLUS PACKAGE PREMIUM PACKAGE
  $9,995 / yr $14,995 / yr $19,995 / yr

All packages include Quarterly "Ask The Expert" calls, Silver Support, Governance, Risk Management and Compliance capabilities and are licensed for an unlimited number of users and risks.

     

Secure Controls Framework (SCF) Extra

     

Upgrade Extra

     

Team-Based Separation Extra

     

Email Notification Extra

     

Import-Export Extra

     

Custom Authentication Extra

     

Risk Assessment Extra

     

Encrypted Database Extra

     

API Extra

     

Customization Extra

     

Advanced Search Extra

     

Jira Integration Extra

     

Vulnerability Management Extra

     

"Development Server" License

     

Incident Management Extra

    $9,995 / yr

Organizational Hierarchy Extra

    $2,995 / yr / BU
  Quote Quote Quote

We understand, however, that sometimes these packages don't work for everyone. If you find yourself wanting to only purchase a couple of SimpleRisk Extras, or wish to hand select the Extras for your organization, use the link below:

What if I Want to Try the Extras Before I Purchase Them?

Unfortunately, we do not offer On-Premise trials of our SimpleRisk Extras. If you would like to learn more about our SimpleRisk Extras before purchasing them, we suggest that you either Schedule a Demo with us using our convenient online calendaring system or sign up for a Free 30 Day Hosted Trial, where you can experience all of our SimpleRisk Extras firsthand, on your own dedicated cloud instance of SimpleRisk.

KEEP UP WITH THE LATEST
PRODUCT ANNOUNCEMENTS
AND BLOG POSTS

FOLLOW US

CONTACT US