On September 26, 2024, SimpleRisk proudly earned its ISO 27001 certification after a focused 18-month effort to refine security practices and address control requirements. Despite personal hurdles, their journey highlights how dedication and the right tools make ambitious compliance goals achievable.

Check out this recap of the webinar, "How to Model Security Maturity in Your Organization," co-hosted by SimpleRisk and GRC 20/20. This webinar helped equip participants with a clear roadmap on how to establish a security maturity baseline within their own organizations, create a desired state of maturity, and identify where gaps exist in order to achieve their objectives.

Check out this guest blog from Michael Rasmussen of GRC 20/20 to learn about seven strategies to mature your existing GRC program for enhanced efficiency and effectiveness.

Check out this guest blog from Michael Rasmussen of GRC 20/20 to learn about six core elements required to craft compliance programs that meet current standards and are adaptable and scalable to meet future compliance challenges and opportunities.

Struggling with where to begin with your Information Security Program?  Learn how taking a risk-centric approach can help accomplish your goals.

Learn the 8 fundamentals we recommend to establish an effective Enterprise Risk Management process from the ground up, which will set the stage for a successful GRC program rollout.

In this post, SimpleRisk's Founder and CEO walks us through the different approaches to assessing and managing third-party risks.

Learn how to use our Risk Assessment Extra to manage inbound assessments within SimpleRisk. Create a repeatable process without purchasing a separate tool.

Learn how to minimize the level of effort required to track a risk’s progress over time and how to measure the effectiveness of your risk mitigation.

Let’s go back to the basics and break down what enterprise compliance is and how you can use it to ensure your organization is conforming with its stated requirements.

SimpleRisk has assessed our risk against the Apache Log4j vulnerability and determined that no customers deployed with our standard deployment instructions, regardless of On-Premise or Hosted environment, should be impacted by this vulnerability.

Let’s go back to the basics and break down what enterprise risk management is and how you can use it to mitigate the risks that threaten your organization.

Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.

Today I had a really interesting conversation with a guy from Japan via LinkedIn.  It started with him trying to sell me...

Currently, SimpleRisk supports six different risk scoring methods.  We have Classic Risk, which is the likelihood ...

This is just a short (1 minute) animated video explaining some of the capabilities around performing internal and ...

As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when ...

A couple of weeks ago I participated in a CISO Summit with a focus on the topics of Security Visibility and Incident ...