CISO Assistant

GRC can be tough:
let CISO Assistant help you

Cyber security program management can be challenging regardless of the size of your company. CISO Assistant one-stop-shop approach provides a pragmatic way to handle the complexity of GRC (Governance, Risk and Compliance) and make the tools work for you instead of the other way around.

CISO Assistant Octopus

Use cases

Discover how CISO Assistant can help for various use cases, providing a pragmatic approach to drive your cyber security program.

GRC at scale
Scaling without the headache


You want to establish GRC (Governance, Risk, and Compliance) practices through your organization but have multiple teams with fragmented practices and methodologies. You need multi-tenancy, but with strict access control based on each department's scope, and at the same time, you want to have an aggregated view and reporting.


CISO Assistant is tailored for small and large organizations, enhancing GRC practices by leveraging its folders feature. Different departments can focus on specific projects within segregated environments and scopes. Meanwhile, the CISO Assistant seamlessly handles the aggregation, analytics, and reporting, streamlining the governance, risk management, and compliance process. This integration not only simplifies management but also provides a comprehensive overview of the organization's security posture, making it an invaluable tool for any CISO aiming to maintain high security and compliance standards.

Risk Assessment
Dropping Excel for good


Risk assessment and management is a cornerstone of any cyber security program. Most organizations use fragmented Excel sheets that are hard to maintain and require considerable time and effort to make them actionable. This becomes even more dramatic when teams have their approach and methodology.


CISO Assistant was initially built to provide a risk-driven approach to cyber Security program management. It's agnostic to the methodology and focuses on the main artifacts that need to be collected during risk assessment. Furthermore, it's combined with the remediation plan follow-up capabilities to keep everything in one place, as well as the threats and controls libraries to reuse as much as possible of your previous work.

Streamline the compliance effort
Instead of being flooded by requests


CIO teams, Process and Application owners are production-oriented, and they want to optimize the time they spend to meet compliance requirements. Responding to recurrent compliance requests can become overwhelming.


CIO teams, Process and applications owners can describe once and for all the security measures they have implemented, with corresponding evidence. This provides a repository of controls that risk management can use with great autonomy. CISO Assistant will also remind the process owners to refresh the evidence documents periodically.

Security Audit Management
Control the endless struggle


Internal auditors need to formally assess the compliance of an organization or a project in a structured way and this takes a lot of effort and preparation. They need to plan, implement, and maintain an audit program over a multi-year schedule.


CISO Assistant is a tool of choice for an auditor, as it allows assessing each requirement and collecting evidence. It also helps internal auditors to plan, implement and maintain their audit program. CISO Assistant is also well suited for consultants, who can quickly assess the compliance level for a given scope, provide gap analysis and guidance on how to meet the requirements.

Security Consultants workflow
Time and effort optimization


Cyber security consultants auditing or managing the cyber security programs of multiple projects can waste significant time repeating the paperwork, duplicating Excel sheets, and making unneeded efforts to report and share the findings about security posture.


CISO Assistant can significantly help streamline the workflow of cyber security consultants. Whether working on a large-scale organization with multiple projects or managing various accounts and customers, the unified approach for risk analysis and compliance assessment made a life-changing difference for our users. Additionally, the pricing model is quite unique and advantageous for consultants as they only pay for editor seats.

Managing multiple frameworks
Rule them all at the same time


Depending on your industry, location, or organization size, you might have to comply and manage multiple frameworks at the same time. Using traditional approaches, you end up duplicating the effort and wasting valuable time on compliance management instead of focusing on remediation and risk mitigation.


CISO Assistant is based on a simple yet powerful approach of decoupling the audit from security controls but in a reusable way. Once you enumerate your controls, you map them to the framework requirements instead of duplicating the controls each time. Additionally, this significantly improves the recertification effort, in case of annual review or a framework update.

Agile Threat Modeling
Simple and continuous risk assessment


Shifting cyber security practices to the left can be challenging. Traditional approaches struggle with keeping risk assessment up to date and aligned with project evolutions resulting in poor visibility about the attack surface and security posture.


CISO Assistant can manage multiple risk assessments per project and combine them when needed for global visibility. The intuitive UI allows analysts to track threat modeling easily and in a collaborative way.

Unifying practices and controls
Catalog-oriented approach


Traditional approaches result in silos and information fragmentation. As organizations grow, IT and security teams tend to create more heterogeneity by focusing on each project's specific needs. This results in effort duplication and challenging reporting.


CISO Assistant offers multiple capabilities to centralize the catalog of threats and security controls. Not only it accelerates the assessment and mapping, but it ensures a simple and consistent reporting.

AI augmented risk management
without sacrificing confidentiality


Generative AI opened the door for many new use cases, including cyber security. Still, given that GRC usually involves sensitive and confidential data (e.g., risk assessment), organisations cannot just trust public models and third-party entities with them.


CISO Assistant generative AI capabilities are built on top of open-source private LLM models. This means you can set your instance to run on a general-purpose computer with good performance while ensuring that your data never leaves your perimeter and never used for other models training.

Flexible pricing plans

Check out the detailed pricing plans for more information


Community edition and essential features. Run on your own infrastructure with community support



Priority support, cloud hosting and managed operations, Access to advanced features and integrations

/ editor / Month


Tailored solutions for large-scale projects including advanced support, customization and enterprise features

per quote

Frequently Asked Questions

How does the pricing work?

You need seats only for contributors (editors); readers are free up to 100 readers. Beyond that scope, you need to switch to an enterprise plan for the readers' license package.

Can I move my data between environments?

Yes, with built in data export and import capabilities, you can move your data between different instances, both cloud or on-premises.

What is the support model?

The standard support plan covers business hours over a business week. For critical systems requiring advanced support, please reach out to the team for an enterprise plan.

I need custom features.

The enterprise plan includes customization options based on quotation. Any customization will be covered by the enterprise support plan.

I need help setting up GRC practices.

En plus de l'outil CISO Assistant, vous pouvez contacter l'équipe pour obtenir un devis pour un package d'accélération GRC qui comprend des sessions de coaching et des entretiens pour mettre en place des pratiques GRC pour votre organisation.

I have highly sensitive data.

Notre instance cloud est déployée selon les meilleures pratiques et normes en matière de sécurité cloud. La configuration sur site peut également être une option pour les cas d'utilisation avec des informations critiques.

What does Private Gen AI mean?

Private generative AI means that you interact with models that are exclusive to your instance and run in private environments. These can be run in your infrastructure or our cloud instance and guarantee that your data never leaves your perimeter.

How long can I keep the trial instance?

45 days.

Is the community edition free forever?


I'm an integrator looking to rebrand the solution for my customers.

We have a white label program that we can discuss .

I'm a solo consultant and don't want to pay for each one of my customers.

You only pay contributor seats since readers are free.

I would like to contribute.

This is possible, check the contributions guide on our GitHub.

What is the OSS license?


I already have a lot of risks assessments, can I import them at once?

Yes, as long as they share the same format in CSV or Excel and are structured, the import wizard of the pro version will be able to pick it up.

What are the prerequisites to install CISO Assistant?

CISO Assistant consists of a few docker images. You can install it on your laptop, desktop, or server. If it can run Excel, it can run CISO Assistant :). Once you install Docker and Docker-compose, follow the instructions on GitHub.

What are the supported languages?

English and French. We are currently working on supporting others as well.

What are the supported frameworks?

CISO Assistant has more than 20 cyber security frameworks and it is still counting. If you notice that one is missing, reach out to the team through Discord or contact form. If it's an open and free standard or regulation, we will add it for free.

Can I add a custom/internal framework?

Yes. Just follow the instructions on the documentation to use our open format. We also provide express consultancy options to assist with complex and large framework integration.

Reach out to us

Have questions or need assistance shaping your needs and projects? Feel free to contact the team using the form below. We're here to help!