SimpleRisk On-Premise Packages
ON-PREMISE BASIC PACKAGE
What is SimpleRisk On-Premise?
SimpleRisk On-Premise enables you to run our award winning SimpleRisk software on your own servers inside of your own datacenter environment. This allows you to leverage your own internal security controls with the platform, but you are responsible for all monitoring, backups, and upgrades.
What are the benefits of SimpleRisk On-Premise?
- Hosted in your environment
- Automated upgrade process
- Select individual Extras
- Create custom packages
- Packaged discounts
For more information on our deployment models and help determining whether On-Premise is the right option for your organization, check out this blog.
What is included in the On-Premise Basic package?
- Quarterly "Ask The Expert" calls
- Silver Support
- License for an unlimited number of users and risks
- Plug-and-play modules (“Extras”) listed below (click each icon for additional information):
Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!
EMAIL NOTIFICATION
The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
IMPORT-EXPORT
The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
TEAM-BASED SEPARATION
The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.
Upgrade
The Upgrade Extra is designed to make the process of upgrading SimpleRisk much easier. It provides you with a button that you can click at any point to get a backup of the SimpleRisk database, as well as an upgrade capability that handles the application and database upgrades for you with a single click of the mouse.
ON-PREMISE PLUS PACKAGE
What is SimpleRisk On-Premise?
SimpleRisk On-Premise enables you to run our award winning SimpleRisk software on your own servers inside of your own datacenter environment. This allows you to leverage your own internal security controls with the platform, but you are responsible for all monitoring, backups, and upgrades.
What are the benefits of SimpleRisk On-Premise?
- Hosted in your environment
- Automated upgrade process
- Select individual Extras
- Create custom packages
- Packaged discounts
For more information on our deployment models and help determining whether On-Premise is the right option for your organization, check out this blog.
What is included in the On-Premise Plus package?
- Quarterly "Ask The Expert" calls
- Silver Support
- License for an unlimited number of users and risks
- Plug-and-play modules (“Extras”) listed below (click each icon for additional information):
Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!
CUSTOM AUTHENTICATION
The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.
EMAIL NOTIFICATION
The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
IMPORT-EXPORT
The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
RISK ASSESSMENT
The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.
TEAM-BASED SEPARATION
The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.
Upgrade
The Upgrade Extra is designed to make the process of upgrading SimpleRisk much easier. It provides you with a button that you can click at any point to get a backup of the SimpleRisk database, as well as an upgrade capability that handles the application and database upgrades for you with a single click of the mouse.
ON-PREMISE PREMIUM PACKAGE
What is SimpleRisk On-Premise?
SimpleRisk On-Premise enables you to run our award winning SimpleRisk software on your own servers inside of your own datacenter environment. This allows you to leverage your own internal security controls with the platform, but you are responsible for all monitoring, backups, and upgrades.
What are the benefits of SimpleRisk On-Premise?
- Automated upgrade process
- Select individual Extras
- Create custom packages
- Packaged discounts
For more information on our deployment models and help determining whether SimpleRisk Hosted is the right option for your organization, check out this blog.
What is included in the On-Premise Premium package?
- Quarterly "Ask The Expert" calls
- Silver Support
- License for an unlimited number of users and risks
- Additional “Development Server” License
- Plug-and-play modules (“Extras”) listed below (click each icon for additional information):
Advanced Search
The Advanced Search Extra expands the functionality of the top bar's search box to be able to find risks by doing textual search in risk data.
API
The API Extra allows customers to use a RESTful API to create scripted interactions with other applications to gain advanced automation and leverage existing infrastructure.
Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) Extra is a direct integration between the Secure Controls Framework (SCF) and SimpleRisk. Enabling it allows you to select from 190 different frameworks that have been mapped to 1,057 security and privacy related common controls. This includes many frameworks heavily used by organizations today, such as ISO 27001, NIST CSF, PCI DSS, GDPR, COBIT, COSO and more!
CUSTOM AUTHENTICATION
The Custom Authentication Extra provides support for Active Directory and SAML Authentication as well as Duo Security as a second factor of authentication. In the SimpleRisk Core product, without this Extra, the only option is to create new users in the SimpleRisk identity repository.
CUSTOMIZATION
The Customization Extra enables the ability to add and remove different types of fields and dynamically create custom page templates.
EMAIL NOTIFICATION
The Email Notification Extra enables SimpleRisk to send e-mail notifications when risks are submitted, modified, or otherwise actioned upon. This extra can also be added as a scheduled script to send routine reminders when risks are ready for a management review. In the SimpleRisk Core product, without this Extra, no notifications are communicated outside of the tool itself.
ENCRYPTED DATABASE
The Encrypted Database Extra generates a random AES-256 bit encryption key and then uses that to encrypt sensitive text prior to it being inserted into the SimpleRisk database. This prevents anyone from being able to view or modify the data without using the SimpleRisk application directly.
IMPORT-EXPORT
The Import-Export Extra provides the ability to import data into SimpleRisk by mapping fields in a CSV file to fields in the SimpleRisk database. It can be used to import audit results from a 3rd party spreadsheet, vulnerability scan results from another tool, assets from your CMDB and more. The Extra also provides the ability to export CSV files from SimpleRisk containing Risks, Mitigations, Reviews, or a Combination report of all three.
JIRA INTEGRATION
The Jira Integration Extra provides users with the ability to integrate bi-directionally with a Jira instance. It enables connecting risks to Jira issues, as well as syncing their data, status and comments.
RISK ASSESSMENT
The Risk Assessment Extra provides users with the ability to define contacts, create questions (including logic), assemble multiple questions with a questionnaire template, create questionnaires and send them to contacts, view the questionnaire results, add risks based on those results, and compare the results over time, import and export externally customized assessments, and review the risk assessment audit trail.
TEAM-BASED SEPARATION
The Team-Based Separation Extra restricts risk viewing to only the users who are members of the team that the risk is assigned to. In the SimpleRisk Core product, without this Extra, every user can see every risk.
Upgrade
The Upgrade Extra is designed to make the process of upgrading SimpleRisk much easier. It provides you with a button that you can click at any point to get a backup of the SimpleRisk database, as well as an upgrade capability that handles the application and database upgrades for you with a single click of the mouse.
VULNERABILITY MANAGEMENT
The Vulnerability Management Extra provides customers with the ability to integrate their SimpleRisk instance with Tenable.io or Rapid7 Nexpose/InsightVM and import both asset and vulnerability data into SimpleRisk. From there, you can select which sites you want to cover, determine which vulnerability scores should be imported and triage which vulnerabilities are turned into risks to track them.
Looking for additional capabilities?
In addition to the extras available in our Hosted plans, we also offer Incident Management and Organizational Hierarchy, which are priced separately. The Incident Management Extra is priced at $9,995/year, and the Organizational Hierarchy Extra is priced at $2,995/year/BU. Click each icon below to learn more.
INCIDENT MANAGEMENT
The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.
ORGANIZATIONAL HIERARCHY
The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.
