When a lost deal with the world’s largest healthcare company revealed a critical gap in SimpleRisk’s compliance posture, it set us on an 18-month journey to achieve ISO 27001 certification. From assessing our maturity and closing governance gaps to leveraging AI and tackling a rigorous third-party audit, we turned a challenge into an opportunity to enhance our operations and platform.

In today’s complex business world, managing risks and compliance shouldn’t feel chaotic. Discover how SimpleRisk, as highlighted by Michael Rasmussen, the "Godfather of GRC," streamlines governance, risk, and compliance with efficiency and agility. Learn why organizations are switching to this game-changing platform in our latest blog post!

On September 26, 2024, SimpleRisk proudly earned its ISO 27001 certification after a focused 18-month effort to refine security practices and address control requirements. Despite personal hurdles, their journey highlights how dedication and the right tools make ambitious compliance goals achievable.

Check out this recap of the webinar, "How to Model Security Maturity in Your Organization," co-hosted by SimpleRisk and GRC 20/20. This webinar helped equip participants with a clear roadmap on how to establish a security maturity baseline within their own organizations, create a desired state of maturity, and identify where gaps exist in order to achieve their objectives.

Check out this guest blog from Michael Rasmussen of GRC 20/20 to learn about seven strategies to mature your existing GRC program for enhanced efficiency and effectiveness.

Check out this guest blog from Michael Rasmussen of GRC 20/20 to learn about six core elements required to craft compliance programs that meet current standards and are adaptable and scalable to meet future compliance challenges and opportunities.

The Security and Exchange Commission (SEC) released its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, effective mid-December 2023. Check out this blog to learn what this ruling entails, how this new regulation may impact your organization, and what your organization needs to do ensure compliance.

This guest blog by Michael Rasmussen of GRC 20/20 outlines how to define a process for regulatory change management and leverage the right technology to ensure your organization stays compliant.

We are frequently asked about using the CIS Critical Security Controls in SimpleRisk.  In this blog post you will learn about the different ways you can use their controls with our platform.

Struggling with managing compliance across multiple different control frameworks?  Learn how a common control framework can help you to simplify your compliance, saving you time and money.

Let’s go back to the basics and break down what enterprise compliance is and how you can use it to ensure your organization is conforming with its stated requirements.

Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.

SimpleRisk partners with various MSSP providers to give customers a one-stop "GRC-as-a-Service" offering.  Learn more about how this works and whether the SimpleRisk GRCaaS platform may be a good fit for your organization.

What is the right way to do risk management?  We hear this question fairly frequently on calls with prospects and my answer is always the same.  There is no "right way" or "wrong way" to do risk management.  There's only your way...

Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.

At the end of June 2020, a civil rights coalition, which includes the Anti-Defamation League (ADL) and the NAACP, launched the #StopHateforProfit campaign.  This campaign calls upon major corporations to put a pause on Facebook advertisements, citing the company's...

Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table.  I learned the tricks ...

Every comic book superhero has a story behind them describing how they overcame some form of adversity in ...