RiskWatch
RiskWatch International · Founded 1993 · Sarasota, FL, USA
Multi-modal transportation risk register from threat to treatment, with KRI auto-escalation and 40+ frameworks underneath.
Summary
RiskWatch is a risk management platform built around a Global Risk Register that rolls operational, physical, cyber, and compliance risk across a multi-modal transportation network into one view, with business-unit-to-enterprise rollup for the board. It runs a risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk breaches its threshold, a risk treatment workflow with owner assignment and tasks tracked to closure, and threat and vulnerability libraries that feed risk scores, plus heat maps and executive dashboards for board-ready reporting. Risk-to-Compliance bi-directional mapping ties audit findings back into risk scores and lets the register feed control-assessment scope. Underneath sit pre-mapped control libraries for 40+ regulatory frameworks; for transportation buyers the relevant libraries cover DOT and FMCSA regulations, TAPA FSR and TSR, CBP C-TPAT Minimum Security Criteria, ISO 28000 supply-chain security, ISO 31000 enterprise risk, PCI DSS v4 (for carriers processing payment data), HIPAA (for medical-transport operators), NIST 800-53 and NIST 800-171 (for defence freight), and NIST CSF for cyber, cross-mapped so shared controls are detected rather than hand-mapped. The product has been in the field since 1993 with federal customers including the US Department of Defense, the FAA, the VA, the DOJ, and the NSA per public press. Single-tenant deployment supports cross-border data residency that international carriers and port operators require.
Strengths
- Global Risk Register rolls operational, physical, cyber, and compliance risk across a multi-modal network into one register with business-unit-to-enterprise rollup for the board
- Risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk crosses its threshold, so exposure surfaces between annual review cycles
- Risk treatment workflow with owner assignment, tasks, and recommendations; mitigation is tracked to closure, not just logged
- Native threat and vulnerability libraries plus heat maps and executive risk dashboards for board-ready reporting
- Risk-to-Compliance bi-directional mapping: audit findings flow back into risk scores and the register feeds control-assessment scope
- 40+ pre-built framework libraries with cross-mapping that auto-detects shared controls (TAPA FSR / C-TPAT MSC / ISO 28000 overlap is detected, not hand-mapped); TAPA FSR, TAPA TSR, and CBP C-TPAT are first-party libraries, not consulting add-ons
- Physical security assessment module is in the same tenant as cyber and compliance risk, useful for port, terminal, and warehouse operators
- Survey-based assessment engine works for non-technical control owners (DOT safety supervisors, station agents, terminal managers); no SQL or workflow-builder skills required
- Single-tenant deployment with customer-owned data residency for cross-border operators with TSA, CBP, or EU NIS2 data-locality obligations; 33-year operating history with federal transportation customers including the FAA
Weaknesses
- No native DOT and FMCSA driver-qualification file workflow or CSA BASIC monitoring; carriers running pure FMCSA programmes will pair RiskWatch with Fleetworthy or Idelic for driver-side compliance
- No native aviation SMS module aligned to 14 CFR Part 5; Part 121 and Part 135 carriers running FAA SMS workflows will pair with Ideagen Coruson or use the assessment engine generically
- No native claims or RMIS module; insurance-led TCOR programmes will pair RiskWatch with Origami Risk or Riskonnect for claims-side workflow
- RiskWatch is sold quote-only; published list prices are not on the site, so you negotiate pricing per deployment
Mid-market and regional transportation risk teams (motor, rail, maritime, multi-modal 3PL, port operators) that want one global register for operational, physical, cyber, and compliance risk, with KRI-driven escalation, treatment workflows, and board-ready heat maps, plus DOT, TAPA, C-TPAT, PCI, and HIPAA framework mapping built in across 3+ frameworks in one tenant.
Pure trucking fleets where the brief is driver-side MVR, CSA, ELD, and telematics-driven coaching; SambaSafety, Idelic, or Fleetworthy fit that brief better, and pure Part 121 SMS-only briefs are better served by Ideagen Coruson.
Key features
- Global Risk Register with business-unit-to-enterprise rollup across operational, physical, cyber, and compliance risk
- Risk assessment engine with a KRI (Key Risk Indicator) library and threshold auto-escalation
- Risk treatment workflow with owner assignment, tasks, and recommendations
- Threat and vulnerability libraries, heat maps, and executive / board risk dashboards
- Risk-to-Compliance bi-directional mapping (audit findings update risk scores)
- Pre-built control libraries for TAPA FSR 2024, TAPA TSR, CBP C-TPAT MSC, ISO 28000, ISO 31000, PCI DSS v4, HIPAA, NIST 800-53 r5, NIST 800-171 r3, NIST CSF
- Cross-mapping engine that auto-detects shared controls across transportation frameworks
- Evidence vault with versioning and audit-ready export for CBP, TSA, FAA, and DOT auditor packages
- Physical security assessment module (ASIS-aligned) for terminals, ports, warehouses, and rail yards
- Vendor and contractor risk management with prequalification, BAA, and SOC 2 tracking
- Single-tenant deployment for cross-border data residency
Integrations
25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Slack, Jira, Salesforce, Custom REST API.
Target size
100 to 25,000 employees · US · Canada · EU · UK · AU