Skip to main content

Simplerisk On-Premise

A Governance, Risk Management and Compliance (GRC) solution run on your own servers that enables you to identify, rank, monitor and track risks through their mitigation life cycle and continually measure the overall progress of your cybersecurity program.

What is SimpleRisk On-Premise?

The SimpleRisk On-Premise platform is designed to deliver a simple, effective and affordable GRC solution that ensures customers will benefit from the repeatable, scalable and sustainable processes that are the foundation of any successful GRC program. SimpleRisk On-Premise enables you to run our award-winning software on your own servers inside of your own datacenter environment. This allows you to leverage your own internal security controls with the platform, but you are responsible for the ongoing administration of the platform including monitoring, backups and upgrades. A SimpleRisk On-Premise installation begins with downloading and installing our free and open source product, SimpleRisk Core, which provides all of the basic GRC capabilities.


What are SimpleRisk Extras?

SimpleRisk Extras are plug-and-play modules that can be downloaded and installed into your SimpleRisk instance to provide functionality beyond what is available in the SimpleRisk Core. Once you've downloaded and installed SimpleRisk, you will have the option to register your SimpleRisk instance. After a successful registration, you are immediately granted access to two free SimpleRisk Extras:



The Upgrade Extra is designed to make the process of upgrading SimpleRisk much easier. It provides you with a button that you can click at any point to get a backup of the SimpleRisk database, as well as an upgrade capability that handles the application and database upgrades for you with a single click of the mouse.

Secure Controls Framework (SCF)

The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!

Additionally, SimpleRisk offers the following
catalog of licensed SimpleRisk Extras:


Advanced Search

The Advanced Search Extra expands the functionality of the top bar's search box to be able to find risks by doing textual search in risk data.


The API Extra allows customers to use a RESTful API to create scripted interactions with other applications to gain advanced automation and leverage existing infrastructure.


The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.


The Customization Extra enables the ability to add and remove different types of fields and dynamically create custom page templates.


The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.


The Encrypted Database Extra generates a random AES-256 bit encryption key and then uses that to encrypt sensitive text prior to it being inserted into the SimpleRisk database. This prevents anyone from being able to view or modify the data without using the SimpleRisk application directly.


The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.


The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.


The Jira Integration Extra provides users with the ability to integrate bi-directionally with a Jira instance. It enables connecting risks to Jira issues, as well as syncing their data, status and comments.


The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.


The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.


The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.


The Unified Compliance Framework (UCF) Extra is an API-level integration between the Unified Compliance Framework and SimpleRisk. Enabling it allows you to import selected frameworks and control mappings directly from UCF.


The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.


Does SimpleRisk Offer Support Plans?

SimpleRisk offers three different tiers based on the level of support required by your organization:

Silver Support

Monday through Friday 8 AM to 5 PM CST (No Holidays). E-mail and web-based support with 1 business day turnaround. Phone support scheduled as necessary.

Gold Support

Monday through Friday 8 AM to 8 PM CST (No Holidays). E-mail and web-based support with 1 business day turnaround. Phone number provided for on-call assistance.

Platinum Support

24 hours a day, 7 days a week, 365 days a year. E-mail and web-based support with 1 business day turnaround. Phone number provided for on-call assistance.

All of our SimpleRisk Extras come standard with our SimpleRisk Silver Support for all configuration and troubleshooting of the purchased functionality.

These support plans may be purchased to add configuration and troubleshooting support for the SimpleRisk Core or to add expanded support hours for your SimpleRisk Extras.

Does SimpleRisk Offer Professional Services?

We find that SimpleRisk is so simple and intuitive that our customers don't normally require any professional services to get started. We encourage our customers to reach out to our Support Team should they ever encounter any issues or if they have questions about how to do something. All of our SimpleRisk On-Premise packages also include quarterly "Ask the Expert" calls with SimpleRisk's Founder and CEO, Josh Sokol.

With over a decade of experience running the Information Security Program for a large, global, publicly traded enterprise, we've found that giving customers the opportunity to speak with him on a regular basis has been invaluable in helping to jump start their GRC programs, as well as helping them to avoid some of the pitfalls experienced along the way.

What if I Need a Second Environment for Testing?

Sometimes customers will come to us asking for additional licenses to be able to test out things like software upgrades and new features in a non-production environment. While we do not offer discounted licensing for this purpose, our On-Premise Premium package includes a license for an additional development server. Customers who have purchased that package are able to install a second copy of SimpleRisk for the purpose of development and testing in a non-production environment, with all of the Extras included, at no additional charge.


How is SimpleRisk On-Premise Priced?

The most cost-effective way to purchase Extras for your On-Premise SimpleRisk instance is with one of our packages. These packages were created to provide you with the most commonly licensed SimpleRisk features while saving you thousands of dollars off the cost if you were to purchase them a la carte:

  $9,995 / yr $14,995 / yr $19,995 / yr

All packages include Quarterly "Ask The Expert" calls, Silver Support, Governance, Risk Management and Compliance capabilities and are licensed for an unlimited number of users and risks.


Secure Controls Framework (SCF) Extra


Upgrade Extra


Team-Based Separation Extra


Email Notification Extra


Import-Export Extra


Custom Authentication Extra


Risk Assessment Extra


Encrypted Database Extra


API Extra


Customization Extra


Advanced Search Extra


Jira Integration Extra


Vulnerability Management Extra


"Development Server" License


Incident Management Extra

    $9,995 / yr

Organizational Hierarchy Extra

    $2,995 / yr / BU
  Quote Quote Quote

We understand, however, that sometimes these packages don't work for everyone. If you find yourself wanting to only purchase a couple of SimpleRisk Extras, or wish to hand select the Extras for your organization, use the link below:

What if I Want to Try the Extras Before I Purchase Them?

Unfortunately, we do not offer On-Premise trials of our SimpleRisk Extras. If you would like to learn more about our SimpleRisk Extras before purchasing them, we suggest that you either Schedule a Demo with us using our convenient online calendaring system or sign up for a Free 30 Day Hosted Trial, where you can experience all of our SimpleRisk Extras firsthand, on your own dedicated cloud instance of SimpleRisk.