Empowering Security Leaders to be More Effective
Automation for Risk Management and Compliance
The Action Items Tiles serve as a dashboard for the user to both inform them of important statistics and to drive behavior. In general, all tiles should be approaching zero or zero.
The Findings module is a “sandbox” area to record items that are, or might be, risks (i.e., “Findings”). Items in the Findings area record important information regarding the item that assist the user in determining the likelihood ...
(made up of Threat Cluster statistics and Control Maturity) and impact of a risk (the highest score of an impact to Mission, Objectives, and Obligations). In this manner, a risk score is calculated (likelihood x impact = risk score).
Unused Findings may be archived and may be referred to for historical purposes but do not impact the Action Tiles results.
Risk Analysis Scenarios are snapshots of Findings that were considered but ultimately disregarded as the Safeguard and resulting Risk Score generally did not satisfy the user’s objectives.
The Risk Register serves as the “database of record” for all active Risks. While similar to the Findings screens, the Risk Register panels add several key attributes not found in other GRC packages.
First, industry controls (ISO 27001, CIS Controls, HIPAA, etc.) are mapped to a proprietary control set called the “Common Security Program”. This enables translation between industry control sets. Secondly, the Risk Register introduces the concept of Initial Risk Score, Current Risk Score, and Safeguard Risk Score. While most GRC packages have Initial and Residual Risk Scores, Reasonable Risk has three scores enabling the user to track risk reduction over time. Finally, Risks in Reasonable Risk can be mapped directly to a Remediation Project.
The Project Details screen provides basic project management metrics and status.
Each project consists of any number of Tasks.
Task details include more project management specificity as well as linkage to any number of Risks. In this manner, Projects, Tasks, and Risks are connected to better facilitate Risk Management and Risk Remediation.
The user can also view the collective Risks that a project addresses. There is a many-to-many relationship between Risks and Projects.
Additionally, some Risk details can be viewed and edited directly from the Projects Module.
The Audits and Assessment module allows the user to plan, track, and report status on recurring audits.
The Audits and Assessments detail allows the user to configure and report status and timing of recurring audits.
The Audits and Assessments module also provides a Completion Log to detail which audits have been completed in the past.
Reasonable Risk generates PowerPoint presentations based on the data within the application and two proprietary methodologies for presenting that data. The presentations are a “Budget Request Presentation” and an “Executive Status Presentation”.
Presentations are configured by following a simple wizard.
The presentation wizard includes date criteria to help configure the PowerPoint output for both presentation types.
Reasonable Risk allows administrative users to define Likelihood and Impact definitions at both a Customer and Scope level.
Up to 10 impact definitions per Impact level can be defined for each of the Mission, Objectives, and Obligations impact types.
The #1 DoCRA-based GRC SaaS Platform that combines Risk Management with powerful project management and executive reporting.
Dashboard with Overview of Organization’s Risk Posture
- Facilitates risk identification, definition, and prioritization with DoCRA-based scoring in an easy-to-use Risk Register.
- Different user roles with a variety of permissions and audit log.
- Alerts users on findings and risks that have gone unaddressed for specified periods of time.
- Sandbox capabilities for assessment “Findings” and remediation snapshots, or “Scenarios,” to model safeguard controls.
Remediation Projects - Tasks and Updates with Built-in Dependencies
- Reasonable Risk identifies an acceptable level of risk for the program.
- Only remediate unacceptable risks based on what is reasonable.
- Map risks to remediation projects with ongoing tracking.
- Roadmap of risk reduction as you mitigate identified risks.
- Risk scoring updates as tasks are completed.
Executive Reporting & Budget Approval
- Simple wizard for instant executive report PPT presentations.
- Pre-mapped field data instantly imported with meaningful findings, risks, projects, and tasks.
- Visualize program progress over time and identify program changes.
- Visualize planned vs. actual risk reduction, and list of identified unacceptable risks.
- Budget requests and budget variances and why.
- Project-level & risk-level budget details
Reasonable Risk solves the following business problems:
Communication with C-Suite
Communicating risks in business terms.
Providing executive-level program status so that the C-Suite can make informed decisions.
Providing C-Suite a roadmap for your program that reduces risk to an acceptable level (answering “are we where we need to be and if not, when will we get there?”)
Approving expenditures or securing the budget you need for your program.
Ensuring your security program is legally defensible and complies with the SEC Cybersecurity Rule (July 26, 2023)
Security Risk Management
Managing your Risk Register in a spreadsheet is difficult and often makes it unusable. (Cannot collaborate, manage up or down, tie a risk to a project, track risk reduction over time, etc.)
Tracking risk score reduction across remediation efforts (connecting risk score management to project management).
Understanding the “overall risk” level to your organization (i.e., your risk GPA or FICO score).
Defining a “clear line of acceptable risk” below which you accept risks and above which you remediate.
Demonstrating your security program is effective
Client Testimonials
Product Updates
Reasonable Risk November 2023 Product Update
Welcome to our fourth Reasonable Risk newsletter to inform you of enhancements coming to your platform soon. Reasonable Risk Application Updates The latest
Reasonable Risk July 2023 Product Update
Welcome to our first Product Update blog! We want to continue to share exciting news about updates and upgrades for Reasonable Risk and