RiskWatch
RiskWatch International · Founded 1993 · Sarasota, FL, USA
Mid-market logistics enterprise risk platform: one global register from threat to treatment, KRI auto-escalation, with C-TPAT, TAPA, AEO, and ISO 28000 mapped underneath.
Summary
RiskWatch is an enterprise risk management platform built around a Global Risk Register that rolls up supply-chain-security, operational, vendor / supplier, and physical (warehouse and terminal) risk into one view, with business-unit-to-enterprise aggregation for the board. It runs a risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk breaches its threshold, a treatment workflow with owner assignment and tasks, and native threat and vulnerability libraries that feed risk scores; first-party physical-security assessment covers warehouses, distribution centres, marine terminals, and cross-docks with a crime-data overlay. Its differentiator is Risk-to-Compliance bi-directional mapping: customer-audit findings flow back into risk scores and the register feeds control-assessment scope, so a C-TPAT or TAPA assessment is both an audit artefact and a live risk input. Pre-built control libraries for C-TPAT (Customs-Trade Partnership Against Terrorism), TAPA FSR / TSR (Transported Asset Protection Association Facility and Trucking Security Requirements), AEO (EU Authorised Economic Operator), ISO 28000 / 28001 supply-chain security, ISO 27001:2022, NIST 800-53, NIST 800-171, CMMC 2.0, PCI DSS, GDPR, and OSHA (powered-industrial-truck, LOTO, dock safety) sit underneath (40+ frameworks total), cross-mapped so customs-broker, security, and operations draw from one evidence vault. In the field since 1993 with 3PL, freight-forwarder, contract-carrier, and large-shipper customers; single-tenant deployment is available for customs-broker data residency and customer-audit response packs are first-class output rather than a custom report build.
Strengths
- Global Risk Register consolidates supply-chain-security, operational, vendor / supplier, and physical (warehouse and terminal) risk into one register with business-unit-to-enterprise rollup for the board
- Risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk crosses its threshold, so exposure surfaces between annual C-TPAT and TAPA cycles
- Risk treatment workflow with owner assignment, tasks, and recommendations tracked to closure, plus native threat and vulnerability libraries, heat maps, and board-ready executive dashboards
- Risk-to-Compliance bi-directional mapping: C-TPAT, TAPA, and AEO customer-audit findings flow back into risk scores and the register feeds control-assessment scope (competitors usually split this across two products)
- First-party physical-security assessment module (ASIS-aligned) for warehouses, distribution centres, cross-docks, marine terminals, and yard perimeters with crime-data overlay, in the same tenant as the risk register
- Pre-built control libraries for C-TPAT, TAPA FSR / TSR, AEO, ISO 28000 / 28001, ISO 27001:2022, NIST 800-171 / CMMC 2.0 (defence-logistics primes), PCI DSS, and OSHA (powered-industrial-truck, LOTO, dock safety) underneath (40+ frameworks), cross-mapped so customs-broker, security, and operations draw from one evidence vault
- Single-tenant deployment with customer-owned data residency, an advantage for ITAR / EAR controlled defence logistics and EU customs-broker data-locality customers
- Vendor / supplier risk management with supplier-audit, BAA, and SOC 2 tracking across a multi-3PL network
- 33-year operating history; customer-audit export packs are first-class output when a Tier-1 retailer or DoD prime requests a TAPA or C-TPAT evidence pack, and the survey-based assessment engine works for non-technical control owners (warehouse managers, terminal supervisors, customs clerks)
Weaknesses
- No native motor-truck-cargo claims management at Riskonnect or Origami Risk depth; pair RiskWatch with a dedicated RMIS if MTC, auto-liability, and workers-comp claims volume is the load-bearing brief
- No native FMCSA CSA scoring or DOT driver-qualification-file engine; fleet-safety directors should pair with Samsara, Lytx, or a DQ-file system if CSA is the dominant requirement
- No native multi-tier supplier-mapping graph at the Everstream Analytics or Resilinc depth; manual supplier-audit workflow rather than a 450,000-supplier network
- No native critical-event-management mass notification at the OnSolve / Crisis24 depth; pair if duty-of-care and traveler tracking are the brief
- RiskWatch is sold quote-only because deployment topology varies materially across multi-yard logistics networks, so there is no public list price to compare line-by-line
Mid-market 3PLs, freight forwarders, contract motor carriers, and large shippers (200-5,000 employees) that want one Global Risk Register across supply-chain-security, operational, vendor / supplier, and physical (warehouse and terminal) risk, with KRI-driven escalation, treatment workflows, and board-ready heat maps, plus C-TPAT + TAPA + AEO + ISO 28000 + OSHA + PCI mapped in, warehouse and terminal physical-security assessment, and customer-audit response packs.
Large motor carriers whose load-bearing requirement is high-volume motor-truck-cargo and auto-liability claims management at $50M+ annual reserves; Riskonnect or Origami Risk fit that brief better. Also wrong for Tier-1 OEMs whose dominant need is sub-tier-N supplier-graph visibility; Everstream Analytics or Resilinc fit that brief better.
Key features
- Global Risk Register with business-unit-to-enterprise rollup (supply-chain-security, operational, vendor / supplier, and physical risk)
- Risk assessment engine with a KRI (Key Risk Indicator) library and threshold auto-escalation
- Risk treatment workflow with owner assignment, tasks, and recommendations
- Threat and vulnerability libraries that feed risk scores
- Heat maps, risk dashboards, and executive / board risk reporting
- Risk-to-Compliance bi-directional mapping (C-TPAT, TAPA, and AEO customer-audit findings update risk scores)
- Pre-built control libraries for C-TPAT, TAPA FSR / TSR, AEO, ISO 28000 / 28001, OSHA, PCI DSS, NIST 800-171, CMMC 2.0, ISO 27001:2022 (40+ frameworks), cross-mapped
- Physical-security assessment module (ASIS-aligned) for warehouses, distribution centres, cross-docks, and marine terminals with crime-data overlay
- Evidence vault with versioning and customer-audit-ready export packs
- Vendor / supplier risk management with supplier-audit and BAA tracking
- Policy management with approval and attestation workflows for terminal and yard SOPs
- Single-tenant deployment for ITAR / EAR and EU customs-broker data-residency requirements
Integrations
25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Slack, Jira, Salesforce, Custom REST API.
Target size
200 to 25,000 employees · US · Canada · EU · UK · AU