Comprehensive Risk Management Software Modules Available. Try our #1 ranked assessment tools risk free today!
Our risk assessment modules all participate in auto mapping to the global compliance frameworks saving you time and trouble. Even better, our real-time scoring, reporting, and dashboards help you stay current and compliant.
Call +1 888-896-6207 to find out more.
Build your own risk module easily, or use our preconfigured inventory covering:
NIST Special Publication 800-30
NIST Special Publication 800-30 provides guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in Special Publication 800-39. Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an overall risk management process—providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks. In particular, provides guidance for carrying out each of the steps in the risk assessment process (i.e., preparing for the assessment, conducting the assessment, communicating the results of the assessment, and maintaining the assessment) and how risk assessments and other organizational risk management processes complement and inform each other.
Special Publication 800-30 also provides guidance to organizations on identifying specific risk factors to monitor on an ongoing basis, so that organizations can determine whether risks have increased to unacceptable levels (i.e., exceeding organizational risk tolerance) and different courses of action should be taken.
Modules include:
- NIST Special Publication 800-30 - Risk Management Guide for Information Technology Systems
ISO/IEC 27005
The ISO/IEC 27005 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that can compromise the organization's information security. This module supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.
Modules include:
- ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management
COSO Enterprise Risk Management Integrated Framework
The Framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management.
Modules include:
- COSO ERM
Third-Party Risk Assessments
A third-party risk assessment is an analysis of vendor risk posed by an organization's third-party relationships along the entire supply chain, including vendors, service providers, and suppliers. Risks being considered include security risk, business continuity risk, privacy risk, and reputational risk.
Modules include:
- Site Visit Security Risk Assessment
- Third-Party Risk Assessment & Management
- Physical Security Risk Assessment
- Vendor Risk Management
- Use our creation tools to build your own!
What are you waiting for?
You are just a conversation away from putting the power of Continuum GRC to work for you. Contact us using the form below or calling us at 1-888-896-6207 for immediate assistance.