FokusRM
Compliance readinessMove faster toward NIS-2, DORA, and ISO/IEC 27001 readiness with connected risk, supplier risk, controls, and audit evidence.
Built for modern risk teams

Replace spreadsheet chaoswithstructured cyber riskoperations

FokusRM gives security and risk teams a clear operating system for cyber and IT risk, with optional analyst support when capacity is tight.

Start free trialExplore platform
Built on:
ISO 31000NIST SP 800-30BSI IT-GrundschutzEU DORA
<5 min
Avg. time to first live register
ISO 31000
Framework-aligned workflows
2-in-1
Self-managed + fully managed
100%
Full audit trail on every change
The Platform

Everything a risk team needs. Nothing that slows you down.

Keep risk identification, scoring, treatment, controls, and reporting in one structured workflow.

01 / REGISTER

Dynamic asset and threat modeling

Build a live view of exposure, dependencies, and critical assets without rebuilding your register in spreadsheets.

02 / CONTROLS

FAIR-informed quantification

Connect operational risk signals to financial impact so treatment decisions are easier to defend.

03 / VENDORS

DORA-ready third-party risk

Score vendors across business, assessment, security-posture, and DORA compliance signals, with CIF classification, subcontracting visibility, Article 30 evidence, and Register of Information export.

04 / FINDINGS

Remediation workflows

Assign owners, due dates, and approvals so treatment plans move from discussion to execution.

05 / EVIDENCE

Board-ready reporting

Turn register activity, control health, and vendor exposure into reporting leadership can actually use.

06 / CATALOGUES

Continuous governance

Keep scoring decisions, evidence changes, and approvals traceable with an audit-ready operating record.

Enterprise Automation

Agentic risk management and agentic audits

Enterprise teams can run supervised agentic workflows for risk operations and audit readiness without giving up approvals, ownership, or traceability.

Enterprise only

Use agentic functions to prepare risk updates, chase missing evidence, and coordinate audits while keeping humans in the approval loop.

  • Human-in-the-loop approvals for every material action
  • Tenant-scoped evidence, controls, and audit context
  • Immutable change history for audit-ready traceability
  • Enterprise rollout with clear governance boundaries
See enterprise pricingRead the white paper
Risk operations

Agentic risk management

Surface stale evidence, prepare treatment proposals, and draft follow-ups for owners without losing governance controls.

Audit readiness

Agentic audits

Coordinate evidence requests, walkthrough preparation, and follow-up tracking in one supervised workflow that stays audit-ready.

How It Works

From signup to visibility in four steps

No six-month implementation cycle. Start structured risk operations from day one.

01

Create Your Organization

Sign up, provision your tenant, and invite your team. Role-based access is enforced from day one.

02

Import or Build Your Risk Register

Start from scratch or import from BSI IT-Grundschutz and NIST SP 800-30 catalogues. Configure scoring, categories, and ownership.

03

Assess, Score, and Treat

Score risks across inherent, residual, and target dimensions. Propose treatment decisions. Map controls and track effectiveness.

04

Monitor and Report

Track control health, manage findings, collect evidence, and run third-party assessments — all from one dashboard.

Comparison

Why teams switch to FokusRM

If you need speed, traceability, and clear ownership, spreadsheets and legacy stacks cannot keep up.

CapabilityFokusRMSpreadsheetsLegacy GRCConsulting-Only
Structured risk registerYesNoYesNo
Deploys in minutesYes-No-
Built-in risk cataloguesYesNoVariesNo
Vendor risk + DORA complianceYesNoAdd-onManual
Managed service optionYesNoNoYes
Full audit trailYesNoYesNo
Multi-tenant isolationYesNoVariesNo
ISO 31000 aligned workflowsYesNoVariesSometimes
Security and Compliance

Built for teams that cannot afford blind spots

Security, governance, and auditability are built in from the start.

Multi-tenant isolation

Each organization is tenant-isolated by design so data boundaries stay strict.

Role-based access

Granular permissions enforce least privilege across client and provider users.

Full audit logging

Every material change is recorded with actor, timestamp, and context for audit-readiness.

SSO support

Use enterprise authentication patterns and centralized account control.

Standards-aligned workflows

Operate using established risk frameworks instead of ad-hoc methodology.

Get Started

Take control of your risk posture

Whether you run it internally or with analyst support, FokusRM gets your team operational quickly.

  • Free trial - no credit card required
  • Setup in under 5 minutes
  • Pre-built NIST and BSI catalogues
  • Optional managed service with dedicated analyst
  • ISO 31000 aligned workflows

Request a Demo

Our team responds within one business day

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

No spam. No pressure. Just practical risk management.

FokusRM - Risk operations that deploy in minutes, not months.

Request a DemoStart free trial