riskHive Software Solutions Ltd

riskHive ERM Enterprise Risk Manager software (RAID) application

riskHive ERM centralises and simplifies risk management processes, actions and data management and makes graphical whole-portfolio reporting a breeze. It is a robust professional database that manages risks, opportunities, assumptions, issues and trends centrally. It quickly and effectively imports, consolidates and maintains existing risk registers within a secure, holistic portfolio.


  • Provide aggregation, escalation and roll-up of risk information
  • Alignment with ISO31000, AU/NZ and COSO standards
  • Highly configurable user interface caters for all maturities and processes
  • Qualitative and quantitative assessment and reporting
  • In-built Monte Carlo simulation and analysis including confidence curves
  • Graphical interfaces like Bow Tie, Word Cloud and Risk Radar
  • Simple interface that can replicate existing data layouts and fields
  • Fast and easy import / export of data and information
  • Exceptional UI performance and low data bandwidth requirements


  • Consolidate data from multiple sources and registers - one truth
  • Instantly accessible from any browser on any device
  • Save time vs regular consolidation of Excel spreadsheets
  • Deliver consistency of data collection and reporting
  • Actively search and filter across entire portfolio instantly
  • Simplify risk clustering and automate risk escalation
  • Produce consistent, relevant and interesting reports instantly
  • Control who sees, changes, contributes and reports on what data
  • Consolidate multiple projects into programmes and portfolios
  • Easily import and export all data in Excel and XML


£1000 to £7500 per instance per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


riskHive Software Solutions Ltd

Sandu Hellings



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to RiskHive Arrisca Analyser and riskHive Sentinel KRI monitor
Cloud deployment model Private cloud
Service constraints Monthly planned maintenance.
System requirements
  • Buyers must have an internet browser
  • Buyer must have an internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Target less than one hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support:
- - Mandatory online ticketing (UserVoice) prior to telephone or email
- - UK business hours (0900-1730) and weekends within 12 hours
- - Technical account manager and cloud support engineer provided
- - On-site call-out £650 per day plus T&S (24 hours notice required)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Full online manual as PDF (Printable)
Interactive help and ticketing system with FAQs and Articles
How-to guides
Mini-video bytes
Skype and telephone
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Video
End-of-contract data extraction Export to CSV, Excel or XML.
Everything is exportable including configuration files and user information
End-of-contract process System is securely retained for 90 days at end of contract and then destroyed unless otherwise instructed. System may be hibernated at additional cost to cover hosting

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Reduced view, same data.
Service interface No
Customisation available Yes
Description of customisation Screens, menus, views, data fields, scoring and reports can be configured online. Customisation can be done using the 'Administration' functionality by the system administrator.


Independence of resources Application is delivered on a dedicated server. Loading is monitored and resources increased where necessary.


Service usage metrics Yes
Metrics types User logons and activity whilst active
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach By manual selection of data or pre-configured export followed by manual or automated creation of an exportable file that is downloaded through the browser. Files can also be set-up to FTP.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Data at rest encryption

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% (99.7% measured previous year)
Approach to resilience On request
Outage reporting Private dashboard and email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Role-based user access and control
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Internal process - available on request. Not published.
Information security policies and processes Two level hierarchy straight to the top. Quarterly reviews.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Ticket and review system is used with peer-review.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Use 3rd party software and internal SME
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Managed firewall service with automated reporting
Incident management type Supplier-defined controls
Incident management approach Available on request

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1000 to £7500 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 5-users for 30 days

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑