Assets can be tracked and mapped to your risk register, internal controls, and any issues (findings) in the C1Risk platform. Assets can also be related as upstream or downstream associations. For example, vendors can be associated to business systems or units they are working on as part of their engagement with the enterprise. This enables a more comprehensive view of how risk impacts the business.
Cyber Threat and Cyber Risk continuous monitoring
Reports and assessment review/response/finding details can be quickly exported to either an .CSV or PDF report for your clients.
Once you have responded and submitted your assessment, upon review, the risk manager will send you a notification with any findings/issues that require further attention or risk mitigation.
Mapping Findings to the Risk Register and Risk Register to the Vendor to provide a Vendor Risk Score.
Notifications will alert users that they have an assessment to complete. Follow these simple steps to access the platform and complete the assessment. Note, email notifications come from C1Risk (support@c1risk.com) and respondents must be licensed to use the platform.
Assessments can be sent to internal or external (vendor) company affiliates. Learn how to send an assessment here.
This training covers the types of questions you can add to an assessment template, as well as the "parent-child" question structure available to you in the assessment template.
Vendors can be reviewed internally for their impact on the bussiness prior to sending assessment to the vendor for security review.
C1Risk has a library of templates that can be added to the platform at any time using our central repository, or you can create your own assessment template and we will upload it for you.
Your vendors may have one or more contacts that need to be associated with their records. All contact must be users on the platform in order to receive assessments, reports, and notifications from the C1Risk platform. Here’s how to add your vendor’s contact to C1Risk.
Vendors can be onboarding in bulk or as single records in the C1Risk platform. C1Risk will provide a template for bulk uploading. Vendor records may also be configured to manage vendor data based upon company requirements.
CMMC requires a NIST Self-Assessment be submitted to the Supplier Performance Risk System (SPRS - "Spurs"). This video demonstrates how managed service providers, or your own internal team, can easily conduct the Self-Assessment, including:
1. Sending the assessment to one or multiple entities
2. Respond with access to 800-171A implementation guidance
3. Auto-score the assessment based on the DoD scoring methodology
4. Auto-create findings
5. Export a ready for submission report
Pre-configured assessment templates for vendor risk, security review, compliance review, asset impact analysis and more, are all available in the C1Risk platform. You can also provide your own custom assessments to the C1Risk platform. Here is a quick and easy guide to for creating and uploading your internal and external risk assessments.
Risk scores are automated in the C1Risk assessment module, and can be categorized based upon your own risk management policies. See how easy it is to set up in your C1Risk platform.
Fast, reliable, affordable. Get CMMC Certified with C1Risk on our best in class, integrated risk and compliance management platform.
All your risk assessments can be customized from a question and risk scoring perspective to ensure assessments meet your risk management policy requirements and risk classifications.
Once an assessment has been completed, you can track and mitigate findings in the C1Risk platform and/or export a summary report of the assessment in Excel or PDF format with the click of one button.
Why wade through spreadsheets scoring assessments, adding findings, and creating reports, when you can easily auto-create and manage findings and reporting in the system or "one-click" export reports into PDFs or Excel. Great for MSP, Consultants and TPRM Teams.