Skip to main content

SIMPLERISK GRCaaS

Designed around a MSSP/vCISO model, our solution enables the delivery of GRC-as-a-Service on top of the SimpleRisk GRC and Incident Management Platform.

fist-bump

What is SimpleRisk?

The SimpleRisk GRC platform is designed to deliver a simple, effective and affordable GRC solution that ensures customers will benefit from the repeatable, scalable and sustainable processes that are the foundation of any successful GRC program. With SimpleRisk, you’re able to identify, rank, monitor, and track risks through their mitigation life cycle and continually measure the progress of your cybersecurity program.

Want to try out SimpleRisk for yourself?

Start a free (no credit card required!), 30 day hosted trial for unlimited access to your own dedicated instance of SimpleRisk and all of our available functionality.

HOW DOES SIMPLERISK GRCaaS WORK?

In 2020, we determined there was an emerging market segment geared toward adopting an affordable, simple to use, comprehensive GRC-as-a-Service platform. SimpleRisk GRCaaS is designed around a MSSP/vCISO model, and it enables the delivery of GRC-as-a-Service on top of the SimpleRisk GRC and Incident Management Platform. From there, MSSPs can white label the product to extend their brand and help create a unique competitive advantage.

 

For our GRCaaS platform offering, SimpleRisk provisions a dedicated Kubernetes cluster for each MSSP, which utilizes Docker to provide security and scalability for each new customer that the MSSP onboards. While the MSSP must commit to a 36-month term on the platform with a minimum of 3 customer instances, there is no limit to the number of instances that can be included, and instances can be swapped in and out with different customers as necessary.

MSSP & Customer Benefits

BY UTILIZING SIMPLERISK GRCaaS, MSSPS ARE ABLE TO:

 

  • Leverage SMEs more effectively with an efficient, scalable GRC delivery platform;
  • Accelerate overall growth through economies of scale;
  • White label GRC-as-a-Service to extend their brand and obtain competitive advantage;
  • Fast-track customer deliverables by automating GRC processes;
  • Establish long-term relationships by guiding customers through their GRC journey.

BY UTILIZING SIMPLERISK GRCaaS, CUSTOMERS ARE ABLE TO:

 

  • Enable internal resources to focus on the end game - managing risk;
  • Eliminate the need to invest and maintain costly and complex GRC software in-house;
  • Avoid continuity gaps when employee turnover, unexpected illness and vacations occur;
  • Gain multiple support resources with access to MSSP SMEs and SimpleRisk expertise;
  • Stay on track with their GRC program and strategic objectives.

WHAT’S INCLUDED IN SIMPLERISK GRCaaS ?

SimpleRisk GRCaaS is a functional equivalent to our SimpleRisk Hosted Large Enterprise Plan, which includes all of our plug-and-play modules, deemed "Extras," except for Incident Management and Organizational Hierarchy, which are priced separately. In addition, the platform includes:

 

  • Quarterly “Ask the Expert” calls
  • Automated software updates
  • Daily database snapshots
  • Responsive & knowledgeable customer support
  • Unlimited number of users and risks 

THE EXTRAS BELOW ARE INCLUDED IN SIMPLERISK GRCaaS. CLICK EACH ICON FOR MORE DETAIL.

Advanced Search

The Advanced Search Extra expands the functionality of the top bar's search box to be able to find risks by doing textual search in risk data.

api api

API

The API Extra allows customers to use a RESTful API to create scripted interactions with other applications to gain advanced automation and leverage existing infrastructure.

Secure Controls Framework (SCF)

The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!

CUSTOM AUTHENTICATION

The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.

CUSTOMIZATION

The Customization Extra enables the ability to add and remove different types of fields and dynamically create custom page templates.

EMAIL NOTIFICATION

The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.

ENCRYPTED DATABASE

The Encrypted Database Extra generates a random AES-256 bit encryption key and then uses that to encrypt sensitive text prior to it being inserted into the SimpleRisk database. This prevents anyone from being able to view or modify the data without using the SimpleRisk application directly.

IMPORT-EXPORT

The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.

INCIDENT MANAGEMENT

The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.

JIRA INTEGRATION

The Jira Integration Extra provides users with the ability to integrate bi-directionally with a Jira instance. It enables connecting risks to Jira issues, as well as syncing their data, status and comments.

ORGANIZATIONAL HIERARCHY

The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.

RISK ASSESSMENT

The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.

TEAM-BASED SEPARATION

The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.

UNIFIED COMPLIANCE FRAMEWORK (UCF)

The Unified Compliance Framework (UCF) Extra is an API-level integration between the Unified Compliance Framework and SimpleRisk. Enabling it allows you to import selected frameworks and control mappings directly from UCF.

VULNERABILITY MANAGEMENT

The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with Tenable.io or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.

HOW MUCH DOES SIMPLERISK GRCaaS COST?

SimpleRisk GRCaaS includes the same functionality as our Hosted Large Enterprise plan but is sold at a discounted rate of $1,000 USD per instance, charged via credit card on a monthly basis. To receive this 40% discount, we require a minimum of three active instances as well as a 36-month commitment. Typically, our GRCaaS customers will utilize one of the three active instances for internal development, and the remaining instances can be deployed for different customers as needed. In addition, our Incident Management functionality can be added to any instance for an additional $500 USD per month. Below are pricing examples based on the number of instances provisioned:

 

Instances Cost per Month Annual Savings Cost per
Month
Annual
Savings
3 $3,000 $23,985
4 $4,000 $31,980
5 $5,000 $39,975
10 $10,000 $79,950
20 $20,000 $159,900

HOW CAN I LEARN MORE ABOUT SIMPLERISK GRCaaS ?

To learn more about SimpleRisk GRCaaS, you can schedule a demo by accessing our online calendar and choosing any one hour time slot that works for you. We also offer a free 30-day Hosted trial where you can try out the fully-featured version of SimpleRisk firsthand. Should you need any assistance, please don’t hesitate to contact us – we’re here to help!

CONTACT US

KEEP UP WITH THE LATEST
PRODUCT ANNOUNCEMENTS
AND BLOG POSTS

FOLLOW US