Automated • Integrated • Powerful

Frequently Asked Questions

Customers with a single use-case need. EG. ISO / SOC 2 / PCI / HIPAA / CMMC compliance, Access Review, Incident Management, Third Party Risk Management, Vulnerability Management
Customers that need to mature their risk management and GRC governance strategies.
Ready to scale your comprehensive GRC program….
Do you need more effiective risk and compliance reporting capabilities for leadership?
Do you need certification or regulated compliance management? (ISO / SOC / SOX / PCI / HIPAA / CMMC / FedRAMP / GDPR / HECVAT)
Are you currently using niche compliance tool or doing risk and compliance in spreadsheets?
Are you using multiple tools for risk/compliance and looking for an integrated solution?
Are you looking for extensible integration. and automation capabilities?
C1Risk is a fully integrated GRC platform. Our pricing includes all 10 modules (see table below)…
C1Risk is 100% API connected. We integrate with most modern business solutions
C1Risk can be used for a single use case (third party, ISO/SOC 2 Certification) or a full scale GRC program implementation. Each module is comprehensive.
C1Risk is a SaaS platform, or can be self-hosted in your own environment.
C1Risk is “switch-on ready” and can be deployed same-day as contract signature.

C1Risk Platform Core Capabilities:

GRC Library
1. Unlimited regulations/standards
2. Crosswalks for many to one control mapping capabilities
3. Managed version control for new on updated standards and regulations
Policy Management
1. Policy write, edit, publish OR
2. Link policies from a DMS
3. Policy Review
4. Policy mapping to Control requirements and Internal Controls
5. Policy Exception process
*Policy Attestation full version coming in 2024
Compliance Management
1. GRC Library
2. Compliance Dashboard
3. Statement of Applicability reports
4. Control Mapping to Policies, Internal Controls, Evidence, Internal Audit Test Procedures
5. Automated, year-round evidence collection
Internal Audit
1. Audit Dashboard
2. Exportable reports
3. Audit Programs
4. Test Procedures
5. Test Results
6. Finding & Risk Mitigation
Asset Management
1. Configurable Asset Types
2. Asset Impact Analysis (with sample / build your own BIA Templates)
3. Risk Register, Internal Control, Issue mapping to Assets for Asset-based Risk Management
4. Related Assets
Risk Management
1. Risk Dashboard/Risk Projections
2. Risk Register
3. Automated Inherent and Residual Risk Rating (optional)
4. Risk Mapping to Assets, Internal Controls, Findings
Issue / Vulnerability Management
1. Issue Management Dashboard
2. Finding Tracking to Source
3. Risk Mitigation
4. Exception Request Process
Integration with Nessus, Nexpose, Qualys for Vulnerability Management
Incident Management
1. Incident Management Dashboard
2. Incident Reporting and Tracking
3. Incident Investigation
Vendor Management
1. Dashboard
2. Vendor Onboarding
3. Engagement/Contract Management
4. Security Review
5. Scheduled Review
6. Assessment Templates
7. Build your-own assessments
8. Automated Risk Scoring
9. Auto Finding Creation
10. Risk Reporting
11. Activation/Termination