RiskWatch
RiskWatch International · Founded 1993 · Sarasota, FL, USA
Construction risk platform: one register from threat to treatment, with KRI auto-escalation and 40+ libraries underneath.
Summary
RiskWatch is an enterprise risk management platform built around a Global Risk Register that rolls up project-site, safety, IT, vendor, and physical risk into one view, with project-and-region-to-enterprise aggregation for the board and the surety underwriter. It runs a risk assessment engine with a KRI (Key Risk Indicator) library that auto-escalates a risk when it breaches its threshold, a treatment workflow with owner assignment and tasks tracked to closure, and native threat and vulnerability libraries that feed risk scores into heat maps and executive dashboards. Its differentiator is Risk-to-Compliance bi-directional mapping: audit and assessment findings flow back into risk scores and the register feeds control-assessment scope, so a GC runs risk and regulatory compliance together rather than in separate spreadsheets. Pre-built control libraries for 40+ frameworks sit underneath, including OSHA 29 CFR 1926 (Construction Industry Standards), OSHA 1910 General Industry, ISO 45001-aligned controls, ISO 14001-aligned controls, ISO 27001:2022, NIST 800-53, NIST 800-171 / CMMC 2.0 (relevant for federal construction contractors), PCI DSS, GDPR, CPTED for site security, and Davis-Bacon and Service Contract Act compliance documentation. Construction customers include regional GCs, heavy-civil contractors, and specialty-trade firms running multi-state projects. Single-tenant deployment means buyers retain full control of their project data and can answer owner-audit and surety-underwriter data-locality questions without a vendor escalation, and a survey-based assessment engine lets non-technical control owners respond without a workflow-builder learning curve.
Strengths
- Global Risk Register consolidates project-site, safety, IT, vendor, and physical risk into one register with project-and-region-to-enterprise rollup for the board and the surety underwriter
- Risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk crosses its threshold, so exposure surfaces between assessment cycles
- Risk treatment workflow with owner assignment, tasks, and recommendations tracked to closure; native threat and vulnerability libraries feed heat maps and executive risk dashboards
- Risk-to-Compliance bi-directional mapping ties assessment findings back into risk scores and feeds the register into control-assessment scope, so a GC runs risk and regulatory compliance together
- 40+ pre-built framework libraries with cross-mapping underneath covering OSHA 1926 Subparts L / M / P / Q, OSHA 1910, ISO 45001-aligned controls, ISO 14001-aligned controls, NIST 800-171 / CMMC 2.0 (federal-contracting GCs), PCI DSS v4, and CPTED site-security
- 33-year operating history with state and federal customers; owner-audit and surety-underwriter export packs are first-class output, not a custom report build
- Project-site physical security assessment software is in the same tenant as cyber and compliance risk, useful for lay-down yards, materials storage, and federal-secure-facility construction (ICD 705); single-tenant deployment with customer-owned data residency suits ITAR-controlled federal construction and ENR Top-400 multi-region rollups
- Survey-based assessment engine works for non-technical control owners (project-site safety managers, superintendents, foremen) without a workflow-builder learning curve
- Subcontractor risk module assesses prequalification + insurance + BAA / safety record without forcing subs onto a $400 / yr ISN or Avetta seat (keeps the bidder pool open), with a published support tier ladder rather than gated demos
Weaknesses
- No native EHS-specific modules at the depth of HSI Donesafe, Intelex, or VelocityEHS; OSHA 300 / 300A recordkeeping is supported via the assessment engine but is not a turnkey logbook the way it is in a dedicated EHS platform
- No native chemical inventory / SDS management at the VelocityEHS or EcoOnline depth; pair RiskWatch with a dedicated chemical platform if site-level SDS access is the load-bearing requirement
- No native claims management module; pair RiskWatch with Origami Risk or Riskonnect if workers-comp, GL, builder's risk, or surety claims are the load-bearing brief
- No native Procore tie; sits alongside Procore rather than inside it, which adds a tab for project managers who live in Procore daily logs
- Public pricing is opaque; RiskWatch is sold quote-only across every tier
Mid-market GCs, CMs, and specialty trades (200-5,000 employees) that want one global risk register across project-site, safety, cyber, vendor, and physical risk, with KRI-driven escalation, treatment workflows, and board-ready heat maps, plus 3+ regulatory frameworks (OSHA 1926 + ISO 45001 + PCI or CMMC) mapped in and an owner-audit and surety-underwriter response pack.
Frontline-only EHS buyers whose single load-bearing requirement is mobile JHA / toolbox-talk capture at scale across 1,000+ field workers; HSI Donesafe or EcoOnline fit that brief better.
Key features
- Global Risk Register with project-and-region-to-enterprise rollup for the board and surety underwriter
- Risk assessment engine with a KRI (Key Risk Indicator) library and threshold auto-escalation
- Risk treatment workflow with owner assignment, tasks, and recommendations
- Threat and vulnerability libraries that feed risk scores, heat maps, and executive dashboards
- Risk-to-Compliance bi-directional mapping (assessment findings update risk scores)
- Pre-built control libraries for OSHA 29 CFR 1926 Construction Industry Standards, OSHA 1910 General Industry, ISO 45001-aligned occupational safety, ISO 14001-aligned environmental, ISO 27001:2022, NIST 800-171 / CMMC 2.0, PCI DSS v4, GDPR, CPTED site-security, cross-mapped (OSHA 1926 to ISO 45001 to CCIP requirements)
- Survey-based assessment engine for non-technical control owners (project-site safety managers, foremen, superintendents)
- Evidence vault with versioning and owner-audit / surety-underwriter export
- Subcontractor risk module with prequalification + insurance + safety record tracking (no per-sub seat fees)
- Physical security assessment module (ASIS-aligned and CPTED) for lay-down yards and materials storage
- Policy management with approval and attestation workflows for safety SOPs and toolbox-talk content
- Single-tenant deployment for data-residency requirements (federal construction and ENR multi-region)
Integrations
25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Slack, Jira, Salesforce, Custom REST API.
Target size
100 to 25,000 employees · US · Canada · EU · UK · AU