ComplianceForge SCF Extra

ComplianceForge SCF Extra

The ComplianceForge SCF Extra is a direct integration between the ComplianceForge Secure Controls Framework and SimpleRisk. Enabling it allows you to select from 177 different frameworks that have been mapped to 1,000 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!

What are SimpleRisk Extras?

SimpleRisk Core is our widely acclaimed, award winning, free and open source product that has been downloaded over 60,000 times and contains all of the basic Governance, Risk Management and Compliance (GRC) functionality needed to establish a foundational GRC program. As an organization’s GRC program matures, extended functionality is often required to meet requirements beyond what is available in the SimpleRisk Core offering.

To address these expanded needs, SimpleRisk has developed a variety of plug-and-play modules termed "Extras" that provide functionality above and beyond our SimpleRisk Core offering. These plug-and-play modules will be essential to the success of your GRC program as your organization grows and matures its processes. While all of our Extras are available in packaged bundles with both SimpleRisk On-Premise and Hosted deployment models, they can also be purchased A La Carte for those organizations that choose to deploy our platform on-premise.

Why was the ComplianceForge SCF Extra created?

The SimpleRisk partnership and integration with ComplianceForge SCF allows SimpleRisk users to map all of the controls and frameworks to risks and dynamically build both standard and maturity Risk Assessment Questionnaires with the click of a button. Automating this process is not only simple, but has proven to be a huge time saver. Since ComplianceForge SCF is a Common Control Framework, you also have the ability to apply individual controls to multiple frameworks simultaneously, which offers tremendous time and efficiency benefits from a risk management, risk assessment, audit and compliance perspective.

While the controls contained in the ComplianceForge framework are free, ComplianceForge also offers their ComplianceForge Digital Security Program that includes the control objectives, standards, guidelines, metrics & maturity target criteria that govern your security & privacy program.

How is the ComplianceForge SCF Extra used?

The SimpleRisk integration with ComplianceForge SCF streamlines many of the native GRC processes available in SimpleRisk. These two systems work in concert enabling users to more effectively leverage SimpleRisk’s foundational GRC functionality. For example, you can:

  • Simplify compliance audits by performing control tests for multiple frameworks simultaneously;
  • Link risks & controls to multiple frameworks automatically to identify your highest risk exposure;
  • Dynamically generate risk assessment and/or maturity questionnaires for all 177 frameworks.

Compliance Forge

What users would benefit from the ComplianceForge SCF Extra?

SimpleRisk integration with the ComplianceForge SCF Extra primarily benefits Compliance Teams and Managers, but also extends benefits to Security Practitioners, and Executive Management.

Which plans include the ComplianceForge SCF Extra?

The ComplianceForge SCF is available as a Free Extra that can be activated by anyone who registers a SimpleRisk instance and as such, is included with SimpleRisk Core, our free and open source product and all SimpleRisk plans.

The ComplianceForge Digital Security Program (DSP) that contains the control objectives, standards, guidelines, metrics & maturity target criteria that govern your security & privacy program can be purchased as a pass through cost through SimpleRisk directly for a one-time fee of $8,300 USD, along with an annual fee of $1,200 USD / Year to obtain the updates. 

How can I learn more about the ComplianceForge SCF Extra or try it out for myself?

To learn more about the ComplianceForge SCF Extra or discuss specific use cases for how your organization could use it, feel free to schedule a demo online. If you would like to try out the ComplianceForge SCF Extra functionality for yourself, we offer a free (no credit card required!) 30 day trial. Please reach out to SimpleRisk Support if you have any additional questions about the ComplianceForge SCF Extra or any of the additional functionality that we offer.