The problem with many GRC tools is that they overreach their mission and become incredibly complex. So complex that they require dedicated resources to manage them. SimpleRisk gives you exactly what you need without all that overhead. And the best part is you can download it and get started for free!

I previously used SimpleRisk prior to joining DealerSocket and was well aware of its value, so one of the first initiatives I undertook was to deploy SimpleRisk here as well. My primary objectives were to streamline the cumbersome process of tracking risks using spreadsheets, make our overall risk posture visible to peers and management, obtain actionable output to prioritize mitigation efforts, and satisfy PCI compliance. SimpleRisk not only meets these requirements, but is also very easy to implement, use, and manage, plus reports can be easily customized to match the needs of key stakeholders. I've found SimpleRisk to be both highly effective, and reasonably priced.

Rochester Regional Health chose SimpleRisk because we needed a tool that would allow us to model our risk management program within a purpose built application, versus modifying our program due to product limitations. We selected the hosted version of SimpleRisk to expand our capabilities, eliminate existing manual procedures and end perpetual spreadsheet management. This has proven to be successful for our security risk management program.

I have implemented Archer, Lockpath, and RSAM  at my previous employers. They all are super heavy weight and require armies of people or professional services to manage. I don't think you emphasize enough the small amount of body overhead with the payback that SimpleRisk provides. There is no way my current employer could afford the previously mentioned apps.

I've been looking for a simple risk management solution for quite a while. I was very happy to see your project, mainly because it's exactly what I need, and I can also relate to not having the right tools to do the job at hand.

Josh has devised a great platform in SimpleRisk; I'm really glad to have caught mention of it rolling by in Twitter reads. It fits really nicely in any threat/risk management program.