Skip to content
English
Customer portal
Contact us
  • There are no suggestions because the search field is empty.

00.02 Getting Help

Where to go when this guide doesn't have your answer — the SimpleRisk blog, the GitHub repository, the support channels, the documentation conventions in this guide, and how to file a useful issue or support ticket.

Why this matters

Documentation is comprehensive but never complete. A working SimpleRisk operator hits situations the guide doesn't cover — a configuration question that doesn't fit any article's scope, an error message that doesn't match anything documented, a feature that behaves differently than expected. Knowing where to go for the next layer of help is part of the operator's job; the channels are different in their strengths, and reaching for the right one for the question saves time and produces better answers.

The other reason this matters: SimpleRisk's help channels are layered. The documentation is the first line. The blog and GitHub issues are the second. Direct support is the third (for customers with paid support plans). Asking direct support a question the documentation already answers wastes everyone's time; not knowing direct support exists for the questions documentation can't cover wastes the customer's investment in support. The article describes which channel fits which kind of question.

Reference content

The documentation channels

The first line of help is the documentation itself.

  • The Administrator Guide (this volume, at admin_guide/ in the SimpleRisk repository) covers operator concerns: installation, configuration, integrations, operations, reference. The full table of contents is in admin_guide/README.md.
  • The User Guide (user_guide/) covers GRC practice: risk management, compliance, governance, asset inventory, vulnerability management, assessments, incident management, audit and reporting, day-to-day usage, continuous improvement.
  • The OpenAPI / Swagger documentation for the v2 API is rendered at /api/v2/documentation/ on any running SimpleRisk install. This is the authoritative reference for the API's specific endpoints, parameters, and response shapes. The Admin Guide's chapter 08 (The API) describes the API at a higher level; the OpenAPI documentation is the per-endpoint reference.

For most operational questions, the documentation has the answer. Search for the relevant term in the Administrator Guide first; check the User Guide for cross-cutting concepts; consult the OpenAPI documentation for API specifics.

The SimpleRisk blog

SimpleRisk maintains a blog at https://www.simplerisk.com/blog/all covering:

  • Practitioner experience reports — "we've seen X happen at customers, here's the pattern we recommend."
  • Product announcements — new releases, new Extras, deprecations.
  • Industry context — commentary on the broader GRC landscape that affects how the platform fits in.
  • Tutorial-style content for specific scenarios that don't fit the documentation's generalized form.

The blog is the right second-line for contextual questions ("how do other organizations approach X?") and for staying current on platform direction. It's a less reliable source for operational specifics — blog posts can age out as the platform evolves, and a 2022 post describing a feature may not match the 2026 implementation. When a blog post and the documentation disagree, the documentation is authoritative for current behavior.

The GitHub repository

SimpleRisk is open-source; the source repository is at https://github.com/simplerisk/code-development. Useful for:

  • Reading the implementing PHP for a specific feature when the documentation isn't precise enough about behavior.
  • Filing issues for bugs or feature requests via the GitHub Issues surface.
  • Reading recent commits to understand what changed in a release before upgrading.
  • Contributing fixes via pull requests if you're equipped to.

The issue tracker is the right channel for bug reports and feature requests. The discussion is public, the response cadence is reasonable for community-grade support, and the maintainers triage actively. For commercial support concerns, the channels below are more appropriate.

Direct support (for paid customers)

Customers with paid support plans have direct support channels through SimpleRisk (the company). The contact path varies by support tier; consult your contract or the SimpleRisk customer portal for the specific contact method (typically email, ticket portal, or scheduled-call options).

Direct support is the right channel for:

  • Production incidents affecting your install where you need real-time help.
  • Questions about your specific subscription, license, or Extra entitlements.
  • Issues that involve sensitive customer data you're not comfortable posting publicly on GitHub.
  • Architectural conversations specific to your environment that don't fit a general documentation pattern.

For these scenarios, direct support is appropriate. For general "how do I do X?" questions covered by the documentation, the documentation is the faster and more sustainable channel.

The community

SimpleRisk has a community of operators and users running similar installations. Community channels (when active for your install context) include the GitHub Discussions surface, customer-facing community forums (where SimpleRisk hosts them), and informal channels like LinkedIn groups for GRC practitioners. The community is the right second-line for the "how do other organizations operate this?" questions that are peer-experience-based.

How to file a useful issue or support ticket

Whichever channel you reach for, the issue or ticket is more useful when it includes:

  • The specific behavior you observed. "It doesn't work" produces ten clarifying questions before the support engineer can start. "When I click Save on the Submit Risk form with a Subject of 200 characters, the form returns 'Subject is too long' even though the limit is configured at 300" produces an immediate diagnostic step.
  • The expected behavior and where the expectation comes from. "I expected save to succeed because the documentation says the limit is 300 characters."
  • The environment. SimpleRisk version (visible at /admin/index.php or via GET /api/v2/version), Extras installed, deployment platform (Linux native, Docker, cloud), browser version (for UI issues).
  • The exact reproduction steps. Step-by-step from a known starting state.
  • The relevant logs. The debug log at simplerisk/logs/, the web server's error log, the database's slow-query log if relevant. Sanitize sensitive content before sharing.
  • What you've already tried. A list of "I tried X and it didn't help" prevents the support engineer from suggesting the same things.

Issues and tickets that include these elements typically get resolved in one or two round-trips; issues that don't include them often take five or six. The 30 seconds of upfront detail save hours of back-and-forth.

Documentation conventions used in this guide

A few conventions recur across the Admin Guide that are worth knowing once:

  • Code, paths, API routes, config keys, table names, language keys appear in backticks: config_settings, simplerisk/api/v2/index.php, POST /api/v2/risks, manage_users, lang.en.php.
  • UI labels appear in bold for buttons and menu items: click Save, choose "High" from the Likelihood dropdown.
  • Cross-links point to related articles using relative paths within the documentation tree.
  • Each article tracks the SimpleRisk version it was last verified against in the frontmatter last_verified_against field. When this guide says "as of version 20260422-001," that's what the version stamp means.
  • The Reference block at the end of each how-to and reference article is the operator's quick-lookup index — permission required, API endpoints, implementing files, database tables, config_settings keys.
  • Extra-gated articles open with a > **Requires:** * * callout immediately after the H1, telling Core-only customers what's gated.

Version this guide tracks

This guide is maintained against a specific SimpleRisk release version, recorded per-article in the last_verified_against frontmatter. The maintained version is updated as SimpleRisk releases ship; for any article you read, check the last_verified_against value to know what release the article was checked against.

For SimpleRisk's release history, see the release_notes/ directory in the SimpleRisk repository or the published release notes on the website. New releases happen roughly every two to three months.

Related

Reference

  • Permission required: None for reading the documentation; admin permission for accessing /admin/ and /api/v2/admin/* paths.
  • External resources: Blog: https://www.simplerisk.com/blog/all; GitHub: https://github.com/simplerisk/code-development; OpenAPI docs: /api/v2/documentation/ on any running install.
  • Implementing files: This guide is at admin_guide/; the User Guide is at user_guide/; release notes at release_notes/.
  • Version reference: simplerisk/includes/version.php for the current install's version; the article's last_verified_against frontmatter for the version this guide tracks.