What is SimpleRisk On-Premise?

SimpleRisk On-Premise enables you to run our award winning SimpleRisk software on your own servers inside of your own datacenter environment.  This allows you to leverage your own internal security controls with the platform, but you are responsible for all monitoring, backups, and upgrades.  A SimpleRisk On-Premise installation begins with downloading and installing our SimpleRisk Core software, which provides all of the basic Governance, Risk Management and Compliance (GRC) capabilities.  Our licensed SimpleRisk Extras provide additional, enterprise enabling, functionality that helps you get even more value out of the platform.

What are SimpleRisk Extras?

SimpleRisk Extras are plug-and-play modules that can be downloaded and installed into your SimpleRisk instance to provide functionality beyond what is available in the SimpleRisk Core.  Once you've downloaded and installed SimpleRisk, you will have the option to register your SimpleRisk instance.  After a successful registration, you are immediately granted access to two free SimpleRisk Extras:

  • Upgrade: The Upgrade Extra is designed to make the process of upgrading SimpleRisk much easier.  It provides you with a button that you can click at any point to get a backup of the SimpleRisk database, as well as an upgrade capability that handles the application and database upgrades for you with a single click of the mouse.
  • ComplianceForge SCF: The ComplianceForge SCF Extra is a direct integration between the ComplianceForge Secure Controls Framework and SimpleRisk.  Enabling it allows you to select from 148 different frameworks that have been mapped to 874 security and privacy related common controls.  This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!

Additionally, SimpleRisk offers the following catalog of licensed SimpleRisk Extras:

  • Advanced Search: The Advanced Search Extra expands the functionality of the top bar's search box to be able to find risks by doing textual search in risk data.
  • Custom Authentication: The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.
  • Customization: The Customization Extra enables the ability to add and remove different types of fields and dynamically create custom page templates.
  • Email Notification: The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
  • Encrypted Database: The Encrypted Database Extra generates a random AES-256 bit encryption key and then uses that to encrypt sensitive text prior to it being inserted into the SimpleRisk database.  This prevents anyone from being able to view or modify the data without using the SimpleRisk application directly.
  • Import-Export: The Import-Export Extra adds a new menu item for "Import/Export" is to the "Configure" menu. This Extra provides the added ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from Nexpose/Qualys/Nessus, and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
  • Incident Management: The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.
  • Jira Integration: The Jira Integration Extra provides users with the ability to integrate bi-directionally with a Jira instance. It enables connecting risks to Jira issues, as well as syncing their data, status and comments.
  • Organizational Hierarchy: The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.
  • Risk Assessment: The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.
  • Team-Based Separation: The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.

Does SimpleRisk Offer Support Plans?

SimpleRisk offers three different tiers based on the level of support required by your organization:

  • Silver Support: Monday through Friday 8 AM to 5 PM CST (No Holidays). E-mail and web-based support with 1 business day turnaround. Phone support scheduled as necessary.
  • Gold Support: Monday through Friday 8 AM to 8 PM CST (No Holidays). E-mail and web-based support with 1 business day turnaround. Phone number provided for on-call assistance.
  • Platinum Support: 24 hours a day, 7 days a week, 365 days a year. E-mail and web-based support with 1 business day turnaround. Phone number provided for on-call assistance.

All of our SimpleRisk Extras come standard with with our SimpleRisk Silver Support for all configuration and troubleshooting of the purchased functionality.  These support plans may be purchased to add configuration and troubleshooting support for the SimpleRisk Core or to add expanded support hours for your SimpleRisk Extras.

Does SimpleRisk Offer Professional Services?

We find that SimpleRisk is so simple and intuitive that our customers don't normally require any professional services to get started.  We encourage our customers to reach out to our Support Team should they ever encounter any issues or if they have questions about how to do something.  All of our SimpleRisk On-Premise packages also include quarterly "Ask the Expert" calls with SimpleRisk's Founder and CEO, Josh Sokol.  With over a decade of experience running the Information Security Program for a large, global, publicly traded enterprise, we've found that giving customers the opportunity to speak with him on a regular basis has been invaluable in helping to jump start their GRC programs, as well as helping them to avoid some of the pitfalls experienced along the way.

What if I Need a Second Environment for Testing?

Sometimes customers will come to us asking for additional licenses to be able to test out things like software upgrades and new features in a non-production environment.  While we do not offer discounted licensing for this purpose, our On-Premise Premium package includes a license for an additional development server.  Customers who have purchased that package are able to install a second copy of SimpleRisk for the purpose of development and testing in a non-production environment, with all of the Extras included, at no additional charge.

How is SimpleRisk On-Premise Priced?

The most cost-effective way to purchase Extras for your On-Premise SimpleRisk instance is with one of our packages.  These packages were created to provide you with the most commonly licensed SimpleRisk features while saving you thousands of dollars off the cost if you were to purchase them a la carte:


SimpleRisk On-Prem Basic

$11,980 / yr

$9,995 / yr

SimpleRisk On-Prem Plus

$17,970 / yr

$14,995 / yr

SimpleRisk On-Prem Premium

$32,945 / yr

$19,995 / yr

  • Quarterly "Ask the Expert" calls
  • SimpleRisk Silver Support
  • Team-Based Separation Extra
  • Email Notification Extra
  • Import-Export Extra

Everything in the Basic package plus:

  • Custom Authentication Extra
  • Risk Assessment Extra

Everything in the Plus package plus:

  • Encrypted Database Extra
  • API Extra
  • Customization Extra
  • Advanced Search Extra
  • Jira Integration Extra
  • License for additional "Development" server


We understand, however, that sometimes these packages don't work for everyone.  If you find yourself wanting to only purchase a couple of SimpleRisk Extras, or wish to hand select the Extras for your organization, use the link below:



What if I Want to Try the Extras Before I Purchase Them?

Unfortunately, we do not offer On-Premise trials of our SimpleRisk Extras.  If you would like to learn more about our SimpleRisk Extras before purchasing them, we suggest that you either Schedule a Demo with us using our convenient online calendaring system or sign up for a Free 30 Day Hosted Trial, where you can experience all of our SimpleRisk Extras firsthand, on your own dedicated cloud instance of SimpleRisk.