The C1Risk Platform

How to add a new risks to your risk register on the C1Risk platform.

Risk groups are the macro-categories that you can configure in the C1Risk platform. Your risks will then sit under those categories, and your Risk Register or any reporting can be segmented by group.

A quick overview of the management of risk in our C1Risk platform

Learn how and why to connect your risks and controls to your assets for asset-based risk and compliance.

Connecting Assets to the Risk Register.

If you are staring out on your compliance journey, you can map and create a full set of internal controls with one-click in the C1Risk platform. Here is how.

Applicability: Establish which controls are applicable/in scope for compliance in C1Risk

Learn two approaches to selecting controls in scope for compliance and how to quickly create your Statement of Applicability on the C1Risk platform.

This helps you write and implement internal controls for your company. Who, what, when is an internal control? Find out here.

See how we use crosswalks to help you consolidate and map your Internal Controls and streamline compliance.

General users and vendors have access to a task list in the C1Risk platform where they can view all of their active tasks and begin working.

How to request additional evidence from evidence owners during the collection period.

The C1Risk platform allows you to filter your compliance workflows to see work by status, owner, and more.

How to launch and automate your evidence collection for continuous monitoring and ongoing compliance in the C1Risk platform.

As part of the audit process, you need to create internal controls to demonstrate implementation of the associated regulation or standard. Here are three options for quickly creating those controls in the C1Risk Platform.

This training gives you a breakdown of the key elements of an internal control, and what auditors are looking in terms of information provided in an internal control statement. Who, what, how often, and more.

Monitor your readiness for audit and continuous compliance and risk management for SOC 2, ISO 27001, CMMC, HIPAA, PCI, and more with C1Risk's real-time dashboards. C1Risk provides continuous cybersecurity for your organization.

Learn how to browse the control library and quickly identify controls that are or are not in scope for compliance on the C1Risk Platform.

Learn how to do the following in the C1Risk platform:

1. Choose applicable controls (EG. Criterai for SOC 2)

2. Choose Non-applicable controls (ISO 27001)

3. SOA

Quick overview of compliance management on the C1Risk Platform

Setup for primary account managers with account configuration options built-in.

CEO of C1Risk (Lily Yeoh) in conversation with Audit and M&A Risk Expert (Lily Fetterer) on IT Audit and Risk integration. Whether you are in Information Security, IT, Operational Risk, Enterprise Risk, Third Party Risk, Compliance, or new to the cybersecurity space, this is a place for sharing knowledge and learning from practitioners and experts side-by-side.

All C1Risk assessment templates can be configured to auto-create findings based upon responses. See how easy it is to score an assessment using the C1Risk platform.

How to send an assessment on the C1Risk Platform

Cyber Threat and Cyber Risk continuous monitoring

Notifications will alert users that they have an assessment to complete. Follow these simple steps to access the platform and complete the assessment. Note, email notifications come from C1Risk (support@c1risk.com) and respondents must be licensed to use the platform.

Assessments can be sent to internal or external (vendor) company affiliates. Learn how to send an assessment here.

This training covers the types of questions you can add to an assessment template, as well as the "parent-child" question structure available to you in the assessment template.

Vendors can be reviewed internally for their impact on the bussiness prior to sending assessment to the vendor for security review.

C1Risk has a library of templates that can be added to the platform at any time using our central repository, or you can create your own assessment template and we will upload it for you.

Your vendors may have one or more contacts that need to be associated with their records. All contact must be users on the platform in order to receive assessments, reports, and notifications from the C1Risk platform. Here’s how to add your vendor’s contact to C1Risk.

Vendors can be onboarding in bulk or as single records in the C1Risk platform. C1Risk will provide a template for bulk uploading. Vendor records may also be configured to manage vendor data based upon company requirements.

Risk scores are automated in the C1Risk assessment module, and can be categorized based upon your own risk management policies. See how easy it is to set up in your C1Risk platform.

All your risk assessments can be customized from a question and risk scoring perspective to ensure assessments meet your risk management policy requirements and risk classifications.

Learn how to bulk upload from a spreadsheet, or quickly add internal controls and auto-map to your regulatory and standard requirements in the C1Risk platform.

Pre-configured assessment templates for vendor risk, security review, compliance review, asset impact analysis and more, are all available in the C1Risk platform. You can also provide your own custom assessments to the C1Risk platform. Here is a quick and easy guide to for creating and uploading your internal and external risk assessments.

Policies, controls, and evidence can be mapped to regulations and standards then easily viewed from your GRC Library in C1Risk

Audit can be managed on-screen with your Auditor in the C1Risk platform. Set your evidence collection period then see your regulatory/standard control library, mapped internal controls, and relevant evidence, based on your selected audit period.

As documentation for audit is collected, compliance managers review and approve/reject documents and track this process in the C1Risk platform.

Set it and forget it! Automate evidence collection on the C1Risk platform.

Use the Control Library as your main workflow for setting up your Internal Controls.

Evidence from an IRL, PBC, or from your own spreadsheets, can be easily bulk uploaded into the C1Risk platform.

Reports and assessment review/response/finding details can be quickly exported to either an .CSV or PDF report for your clients.

Once you have responded and submitted your assessment, upon review, the risk manager will send you a notification with any findings/issues that require further attention or risk mitigation.

Mapping Findings to the Risk Register and Risk Register to the Vendor to provide a Vendor Risk Score.

CMMC requires a NIST Self-Assessment be submitted to the Supplier Performance Risk System (SPRS - "Spurs"). This video demonstrates how managed service providers, or your own internal team, can easily conduct the Self-Assessment, including:

1. Sending the assessment to one or multiple entities

2. Respond with access to 800-171A implementation guidance

3. Auto-score the assessment based on the DoD scoring methodology

4. Auto-create findings

5. Export a ready for submission report

Once an assessment has been completed, you can track and mitigate findings in the C1Risk platform and/or export a summary report of the assessment in Excel or PDF format with the click of one button.

Why wade through spreadsheets scoring assessments, adding findings, and creating reports, when you can easily auto-create and manage findings and reporting in the system or "one-click" export reports into PDFs or Excel. Great for MSP, Consultants and TPRM Teams.

All C1Risk assessment templates can be configured to auto-create findings based upon responses. See how easy it is to score an assessment using the C1Risk platform.

CMMC Certification is easy, affordable, and assured on the C1Risk platform. No need for expensive consultants and spreadsheets when you have all the tools and information you need on our best-in-class integrated risk management platform:

1. Complete your assessment with the 800-171A guidance supplement

2. Auto-score your response and create findings and risk mitigation plans

3. Create export your 'ready for submission report' and for SPRS

All DIBs (Defense Industrial Base Sector) vendors must submit a NIST 800-171 Self-Assessment through SPRS (https://www.sprs.csd.disa.mil/) before December 31. C1Risk provides the Assessment and the report needed to submit to SPRS for quick, complete readiness as you begin your CMMC journey.

Fast, reliable, affordable. Get CMMC Certified with C1Risk on our best in class, integrated risk and compliance management platform.

Policy Review notifications can be automated on the C1Risk platform during the publishing process. Current and future review notifications will be sent out based upon the cadence selected by the policy author. Policy review cadence can also be over-riden at any time using the clone or override policy functions.

The C1Risk platform enables policy reviewers to make comments during the review process. These comments are tracked and can be accessed at any time during the approval process.

This explains the policy approval and rejection process for documents that are created, linked, or attached in the C1Risk governance module.

When a policy is ready for review in the C1Risk platform, 3 options are available to you: a single reviewer, multiple reviewers who can approve in any order, or a chain of authorization

Admins can collaborate to write and edit policies in the Governance module in C1Risk

C1Risk enables you to map IC or your control library regulations and standards to your policies for control gap analysis and policy strength against multiple compliance requirements.

Control tests can be added from internal controls in C1Risk, and findings can be added to support test results to mitigate risk.

External auditors can view and download evidence and verify internal controls in the C1Risk platform for any regulation or standard in the GRC Platform.

This session is designed to provide you with an in-depth look at the enhancements that will help you optimize your risk management processes and streamline your operations.

In our latest release of 3.5 you can now create your own Risk Analysis Template.

Managing outgoing emails and email notifications.

In this video, we’ll show you how to apply and customize filters, and add, remove, or rearrange columns. You may save your preferences as the default view so your workspace is always set up efficiently.

In this video, we walk through how to create and manage custom fields in the C1Risk platform. You’ll see how to edit dropdown value lists for fields like Policy Type and Test Results, add new options, and control which values appear in your menus. We’ll also cover how to manage order, visibility, and the impact of removing values on existing records.

In this training video, you’ll learn how to respond to document requests from the C1Risk platform on behalf of your compliance team as they prepare for upcoming ISO audits. We’ll walk through how to identify the email notification, access the request portal, upload documentation, and communicate with your compliance officer directly in the system. By the end, you’ll know how to manage requests efficiently, save your progress, and ensure your submissions are audit-ready.

Create and track POA&Ms in C1Risk and export reports for key stakeholders and to meet regulatory requirements for CMMC, FedRamp (20X), GLBA and more.

Additional user or group contacts within the C1Risk platform.

Managing user groups within the C1Risk platform.

Managing user contacts within the C1Risk platform.

Assets can be tracked and mapped to your risk register, internal controls, and any issues (findings) in the C1Risk platform. Assets can also be related as upstream or downstream associations. For example, vendors can be associated to business systems or units they are working on as part of their engagement with the enterprise. This enables a more comprehensive view of how risk impacts the business.

The value of your assets and their impact to the organization - actively or when compromised - is a critical factor in the development of your risk and compliance program. Asset value informs inherent risk on the C1Risk platform and can be tracked against a single or related assets. C1Risk provides multiple templates for impact analysis, ranging from simple scoring, CIA ratings, and specific business line impact, or you can configure your own. Learn how to do your asset impact analysis here.

Learn how to quickly set up Internal Audit on the C1Risk platform and create your audit plans, programs, test results (workpapers), and add findings to build your dashboard or export reports into PDF files for distribution. Internal Audit made easy and efficient on the C1Risk Platform.

Connecting Assets to the Risk Register.

Learn how and why to connect your Risks and Controls to your Assets for asset based risk and compliance.

As you add your Assets to the 1Risk Platform, we recommend that you provide an impact analysis of that Asset to better understand the value of the asset to the organization, where it may be vulnerable and what level (high - medium or low) of Confidentiality, Integrity and Availability reports to the Asset.

Learn how to create new Assets, as well as a refresher on managing your people assets, and connect related assets for multi-asset risk management.

Asset Types help segment your asset inventory in the 1Risk Platform. Learn how to add Asset Types and configure Asset Records in this training session. 

Learn the basics of how to build out your assets inventory, different asset types, related assets and configure all your asset records.

BIA's or Impact Assessments can be customized in the C1Risk platform for you to evaluate your Assets and track their impact on/value to the company.

In this quick video, we’ll walk you through how to set up the Jira integration in C1Risk.

Learn how to use the applicability function to select not/applicable controls, write corresponding Statements of Applicability (SOAs) and export your SOA report for your ISMS.

C1Risk automatically updates and adds updated versions of your standards and regulations into your GRC Library.

C1Risk has crosswalks for many of the most common regulations and standards to help you see where you comply and are able to consolidate internal controls.

Learn how to do the following on the C1Risk platform:

1. Use the C1Risk GRC Library repository
2. Add any regulation or standard to the C1Risk platform
3. Crosswalks
4. Maintain regulations and standards (C1Risk updates obligations automatically)

This training video explains how to set up an evidence record and launch a document request in a timely fashion. to ensure you collect evidence with enough time to validate, conduct internal audit, and have all your documentation in place for your external audit.

Cybersecurity Obligations - Regulations - Standards - Crosswalks

Follow these simple steps to quickly set up your SSO if your company is using Azure Active Directory.

Here are some basic "getting around" tips for using the C1Risk platform. Learn about our universal activity buttons, how to manage your account, and more, in this quick overview training video.

Learn how to select and update multiple records on your C1Risk platform, including select and edit multiple records, group select, and more.

You can add new users, vendors, or team members to your platform at any time.

Here's how you can add logos and company branding to personally configure your C1Risk platform.

When your manager or a team member assigns you to the C1Risk platform, follow these simple steps to setup your account and password.

Ready to start your risk management journey with C1Risk? Follow this simple registration process to get started. Platform request for prospective new customers.

This onboarding video is a supplement to the onboarding checklist provided to you by your C1Risk Account Manager.