Frameworks we're fluent in. Platforms we implement. Independent — no licenses sold, no vendor commissions.
We're framework-fluent but vendor-agnostic. The right framework depends on your industry, regulator, and stage. These are the ones we work with most:
Cross-industry ERM. The default starting framework for most large enterprises.
International ERM standard. Useful when working across geographies or with non-U.S. counterparties.
U.S. cyber risk framework. The 2024 update materially strengthened the Govern function — most programs haven't caught up.
U.S. financial-institution cyber assessment tool. Examiner-aligned.
Bank credit, market, and operational risk. Capital calculations and stress testing.
Interagency TPRM guidance. The current U.S. baseline for bank third-party risk.
New York DFS cybersecurity requirements. Some of the strictest U.S. state-level cyber rules.
Sarbanes-Oxley IT general controls. Public-company audit infrastructure.
U.S. healthcare data protection. Baseline for any healthcare engagement.
Federal Reserve model risk guidance. The lineage of most modern AI / model-risk governance.
We don't sell platform licenses or take vendor commissions. We're independent.
ServiceNow IRM · Archer · MetricStream · LogicGate · AuditBoard
Kyriba · GTreasury · FIS Quantum · Trovata · ION
Epic · Cerner (Oracle Health) · Athenahealth · Allscripts
OneTrust · ProcessUnity · Aravo · BitSight · SecurityScorecard
AWS Security Hub · Microsoft Defender · Wiz · Lacework · Prisma Cloud
Splunk · Sentinel · Sumo Logic · Chronicle · CrowdStrike
60-minute call with a practitioner who has implemented it.