Client Success

“It’s been a game changer for us in a good way. When we first started working with HALOCK, the mission was simple. I felt that the way we were looking at risk was very immature for an organization our size. We work with HALOCK on the methodology, on the Duty of Care risk analysis process, and that production of a risk register. All of that was essential. Then we needed a way to translate that. We needed a way to almost automate that. And that’s where the Reasonable Risk tool has really helped us a lot. We’re able to take the findings that come out of our risk register.

We’re able to prioritize those findings, and then we’re able to use Reasonable Risk to really stand up projects, to tie that to NIST controls, to figure out who the accountable officers need to be in the business unit. And it really gives us a true understanding of how we can get to that risk reduction that we’re looking for as an organization. For example, if I have an associated project that has seven or eight different subtasks and there’s associated risk ratings with each of those, but I know that if I were to complete this remediation plan, it would take me to x score. You know, that’s very helpful to me. It’s very helpful to my team.

And I think the thing I like about Reasonable Risk too is that the ease of use is there. We’ve been fortunate to be one of the early adopters. I’ve worked with other GRC tools before and the implementation process for some of those GRC tools took us months. And it was one thing for an information security team, or even an IT team to use some of those governance tools. But then when we tried to propagate that to the rest of the organization, it presented another challenge. It was confusing. It was time consuming. It was overly complicated when it didn’t need to be. So I know for all twelve people on our team, we all have visibility. We all use, and we understand how the risk tool can help us achieve our mission and continue to mature the program.”