SimpleRisk Hosted Plans
HOSTED SMALL PLAN
What is SimpleRisk Hosted?
SimpleRisk Hosted combines all of the functionality of our award winning SimpleRisk software with the convenience of a fully managed hosting solution. This Software-as-a-Service platform (SaaS) is unique to SimpleRisk and builds upon all of the intrinsic security benefits of the Amazon Web Services (AWS) cloud.
What are the benefits of SimpleRisk Hosted?
- From “Zero to GRC” in minutes
- Advanced features and automation
- Secure AWS hosting environment
- Effortless upgrades to the latest release
- Multiple packages to meet your needs
For more information on our deployment models and help determining whether SimpleRisk Hosted is the right option for your organization, check out this blog.
What is included in the Hosted Small plan?
- Quarterly "Ask The Expert" calls
- Silver Support
- Daily database snapshots
- Dedicated container on shared host
- License for an unlimited number of users and risks
- Plug-and-play modules (“Extras”) listed below (click each icon for additional information):
Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!
EMAIL NOTIFICATION
The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
IMPORT-EXPORT
The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
RISK ASSESSMENT
The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.
VULNERABILITY MANAGEMENT
The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with Tenable.io or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.
HOSTED MEDIUM PLAN
What is SimpleRisk Hosted?
SimpleRisk Hosted combines all of the functionality of our award winning SimpleRisk software with the convenience of a fully managed hosting solution. This Software-as-a-Service platform (SaaS) is unique to SimpleRisk and builds upon all of the intrinsic security benefits of the Amazon Web Services (AWS) cloud.
What are the benefits of SimpleRisk Hosted?
- From “Zero to GRC” in minutes
- Advanced features and automation
- Secure AWS hosting environment
- Effortless upgrades to the latest release
- Multiple packages to meet your needs
For more information on our deployment models and help determining whether SimpleRisk Hosted is the right option for your organization, check out this blog.
What is included in the Hosted Medium plan?
- Quarterly "Ask The Expert" calls
- Silver Support
- Daily database snapshots
- Dedicated AWS virtual private cloud deployment
- License for an unlimited number of users and risks
- Plug-and-play modules (“Extras”) listed below (click each icon for additional information):
Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!
EMAIL NOTIFICATION
The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
IMPORT-EXPORT
The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
RISK ASSESSMENT
The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.
TEAM-BASED SEPARATION
The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.
VULNERABILITY MANAGEMENT
The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with Tenable.io or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.
HOSTED LARGE PLAN
What is SimpleRisk Hosted?
SimpleRisk Hosted combines all of the functionality of our award winning SimpleRisk software with the convenience of a fully managed hosting solution. This Software-as-a-Service platform (SaaS) is unique to SimpleRisk and builds upon all of the intrinsic security benefits of the Amazon Web Services (AWS) cloud.
What are the benefits of SimpleRisk Hosted?
- From “Zero to GRC” in minutes
- Advanced features and automation
- Secure AWS hosting environment
- Effortless upgrades to the latest release
- Multiple packages to meet your needs
For more information on our deployment models and help determining whether SimpleRisk Hosted is the right option for your organization, check out this blog.
What is included in the Hosted Large plan?
- Quarterly "Ask The Expert" calls
- Silver Support
- Daily database snapshots
- Dedicated AWS virtual private cloud deployment
- License for an unlimited number of users and risks
- Plug-and-play modules (“Extras”) listed below (click each icon for additional information):
Advanced Search
The Advanced Search Extra expands the functionality of the top bar's search box to be able to find risks by doing textual search in risk data.
API
The API Extra allows customers to use a RESTful API to create scripted interactions with other applications to gain advanced automation and leverage existing infrastructure.
Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!
CUSTOM AUTHENTICATION
The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.
CUSTOMIZATION
The Customization Extra enables the ability to add and remove different types of fields and dynamically create custom page templates.
EMAIL NOTIFICATION
The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
ENCRYPTED DATABASE
The Encrypted Database Extra generates a random AES-256 bit encryption key and then uses that to encrypt sensitive text prior to it being inserted into the SimpleRisk database. This prevents anyone from being able to view or modify the data without using the SimpleRisk application directly.
IMPORT-EXPORT
The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
JIRA INTEGRATION
The Jira Integration Extra provides users with the ability to integrate bi-directionally with a Jira instance. It enables connecting risks to Jira issues, as well as syncing their data, status and comments.
RISK ASSESSMENT
The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.
TEAM-BASED SEPARATION
The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.
UNIFIED COMPLIANCE FRAMEWORK (UCF)
The Unified Compliance Framework (UCF) Extra is an API-level integration between the Unified Compliance Framework and SimpleRisk. Enabling it allows you to import selected frameworks and control mappings directly from UCF.
VULNERABILITY MANAGEMENT
The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with Tenable.io or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.
Looking for additional capabilities?
In addition to the extras available in our Hosted plans, we also offer Incident Management and Organizational Hierarchy, which are priced separately. The Incident Management Extra is priced at $9,995/year, and the Organizational Hierarchy Extra is priced at $2,995/year/BU. Click each icon below to learn more.
INCIDENT MANAGEMENT
The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.
ORGANIZATIONAL HIERARCHY
The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.
