Empowering Security Leaders to be More Effective

Automation for Risk Management and Compliance

Action Items Tiles

The Action Items Tiles serve as a dashboard for the user to both inform them of important statistics and to drive behavior. In general, all tiles should be approaching zero or zero.
Findings Module

The Findings module is a “sandbox” area to record items that are, or might be, risks (i.e., “Findings”). Items in the Findings area record important information regarding the item that assist the user in determining the likelihood ...
Findings Module

(made up of Threat Cluster statistics and Control Maturity) and impact of a risk (the highest score of an impact to Mission, Objectives, and Obligations). In this manner, a risk score is calculated (likelihood x impact = risk score).
Archived Findings

Unused Findings may be archived and may be referred to for historical purposes but do not impact the Action Tiles results.
Risk Analysis Scenarios

Risk Analysis Scenarios are snapshots of Findings that were considered but ultimately disregarded as the Safeguard and resulting Risk Score generally did not satisfy the user’s objectives.
Risk Register

The Risk Register serves as the “database of record” for all active Risks. While similar to the Findings screens, the Risk Register panels add several key attributes not found in other GRC packages.
Risk Register

First, industry controls (ISO 27001, CIS Controls, HIPAA, etc.) are mapped to a proprietary control set called the “Common Security Program”. This enables translation between industry control sets. Secondly, the Risk Register introduces the concept of Initial Risk Score, Current Risk Score, and Safeguard Risk Score. While most GRC packages have Initial and Residual Risk Scores, Reasonable Risk has three scores enabling the user to track risk reduction over time. Finally, Risks in Reasonable Risk can be mapped directly to a Remediation Project.
Remediation Projects Module

The Project Details screen provides basic project management metrics and status.
Remediation Projects Module

Each project consists of any number of Tasks.
Remediation Projects Module

Task details include more project management specificity as well as linkage to any number of Risks. In this manner, Projects, Tasks, and Risks are connected to better facilitate Risk Management and Risk Remediation.
Remediation Projects Module

The user can also view the collective Risks that a project addresses. There is a many-to-many relationship between Risks and Projects.
Remediation Projects Module

Additionally, some Risk details can be viewed and edited directly from the Projects Module.
Remediation Projects Module

Audits and Assessments Module

The Audits and Assessment module allows the user to plan, track, and report status on recurring audits.
Audits and Assessments Module

The Audits and Assessments detail allows the user to configure and report status and timing of recurring audits.
Audits and Assessments Module

The Audits and Assessments module also provides a Completion Log to detail which audits have been completed in the past.
Reasonable Risk PowerPoint Presentations

Reasonable Risk generates PowerPoint presentations based on the data within the application and two proprietary methodologies for presenting that data. The presentations are a “Budget Request Presentation” and an “Executive Status Presentation”.
Reasonable Risk PowerPoint Presentations

Presentations are configured by following a simple wizard.
Reasonable Risk PowerPoint Presentations

The presentation wizard includes date criteria to help configure the PowerPoint output for both presentation types.
Calculated Acceptable Risk Definitions (CARD)

Reasonable Risk allows administrative users to define Likelihood and Impact definitions at both a Customer and Scope level.
Calculated Acceptable Risk Definitions (CARD)

Up to 10 impact definitions per Impact level can be defined for each of the Mission, Objectives, and Obligations impact types.

The #1 DoCRA-based GRC SaaS Platform that combines Risk Management with powerful project management and executive reporting.

Dashboard with Overview of Organization’s Risk Posture

Remediation Projects - Tasks and Updates with Built-in Dependencies

Executive Reporting & Budget Approval

Reasonable Risk solves the following business problems:

Communication with C-Suite

Communicating risks in business terms.

Providing executive-level program status so that the C-Suite can make informed decisions.

Providing C-Suite a roadmap for your program that reduces risk to an acceptable level (answering “are we where we need to be and if not, when will we get there?”)

Approving expenditures or securing the budget you need for your program.

Ensuring your security program is legally defensible and complies with the SEC Cybersecurity Rule (July 26, 2023)

Security Risk Management

Managing your Risk Register in a spreadsheet is difficult and often makes it unusable. (Cannot collaborate, manage up or down, tie a risk to a project, track risk reduction over time, etc.)

Tracking risk score reduction across remediation efforts (connecting risk score management to project management).

Understanding the “overall risk” level to your organization (i.e., your risk GPA or FICO score).

Defining a “clear line of acceptable risk” below which you accept risks and above which you remediate.

Demonstrating your security program is effective

Client Testimonials

Product Updates

Project Management tools for DoCRA-based Risk Management
All-in-One GRC Platform