User Guide

00 Foundations of GRC

• 00.01 What is GRC?
• 00.02 The GRC Program Lifecycle
• 00.03 Introducing SimpleRisk
• 00.04 The Three Lines of Defense
• 00.05 A Practitioner's Tour of GRC Frameworks

01 Risk Management

• 01.01 What is a Risk Register and Why Every Program Needs One
• 01.02 Submitting a Risk in SimpleRisk
• 01.03 Risk Scoring Methodologies
• 01.04 Reviewing and Approving Risks
• 01.05 Mitigating a Risk
• 01.06 Tracking Risks Over Time
• 01.07 The Risk Dashboard
• 01.08 Bulk Operations on Risks
• 01.09 Importing and Exporting Risks

See less ▼

02 Compliance Management

• 02.01 What is Compliance Management?
• 02.02 Control Frameworks and Control Families
• 02.03 Installing a Framework
• 02.04 Mapping Controls Across Frameworks
• 02.05 The ComplianceForge SCF Extra
• 02.06 The UCF Extra
• 02.07 Control Tests and Evidence Collection

See less ▼

03 Governance

• 03.01 What is Governance?
• 03.02 Managing Policies and Documents
• 03.03 Exceptions Management
• 03.04 Projects and Programs

04 Asset and Data Inventory

• 04.01 Why an Asset Inventory is the Foundation of GRC
• 04.02 Managing Assets in SimpleRisk
• 04.03 Data Classification and Asset Criticality
• 04.04 Tying Risks to Assets

05 Threat and Vulnerability Management

• 05.01 What is Vulnerability Management?
• 05.02 Recording a Vulnerability
• 05.03 The Vulnerability Management Extra
• 05.04 From Vulnerability to Risk

06 Assessments

• 06.01 What is a GRC Assessment?
• 06.02 Running a Self-Assessment with the Assessments Extra
• 06.03 Third-Party and Vendor Risk Assessments
• 06.04 Control Assessments and Evidence Collection

07 Incident Management

• 07.01 What is Incident Response?
• 07.02 Recording an Incident
• 07.03 The Incident Management Extra
• 07.04 From Incident to Risk and Back

08 Audit and Reporting

• 08.01 What Makes a Good GRC Report?
• 08.02 The Built-In Reports
• 08.03 Sharing the Risk Dashboard with Stakeholders
• 08.04 Exporting Data and Evidence
• 08.05 The Compliance Dashboard

09 Day-to-Day SimpleRisk

• 09.01 Navigating the UI
• 09.02 Your Account and Profile
• 09.03 Favorites and Personalization
• 09.04 Search
• 09.05 Notifications and Email Preferences
• 09.06 Working with SimpleRisk AI
• 09.07 Understanding SimpleRisk Workflows

See less ▼

10 Continuous Improvement

• 10.01 The GRC Maturity Model
• 10.02 Running a Quarterly Program Review
• 10.03 When and How to Bring in Extras