RiskWatch
RiskWatch International · Founded 1993 · Sarasota, FL, USA
Physical security assessment platform that scores site-level visitor and entry risk, ASIS-aligned, mobile and offline.
Summary
RiskWatch is a physical security assessment platform. Multi-site security teams run ASIS-aligned assessments on any browser-enabled device, even offline, and score each site's risk across access control, surveillance, and perimeter domains. Visitor and entry management is one of the assessed control domains, so visitor logs, door schedules, badge systems, master-key control, and access reviews are scored against the standard rather than run as a reception kiosk. Cap Index CRIMECAST, Security Gauge, and Crisis24 crime-data feeds populate per-site likelihood objectively, findings convert to tracked mitigation tasks with owner and due date, and every site rolls up into a portfolio register with heat maps for the board. Each assessment cross-maps to ISO 27001 A.7 physical controls, NIST 800-53 PE, HIPAA 45 CFR 164.310 facility access controls, NERC CIP-014, and Martyn's Law, so one walk-through feeds the compliance file too. Customers include state governments in all 50 US states, healthcare networks, defence contractors, and financial-services holding companies. Single-tenant deployment with customer-owned data residency fits regulated facilities. RiskWatch is not a kiosk-first sign-in product; the pure-play visitor tools below beat it on iPad reception polish.
Strengths
- ASIS-aligned physical security assessments run on any browser-enabled device, even offline, with photos, signatures, and comments syncing on reconnect; the field team scores the site, not a receptionist at a kiosk
- Visitor and entry risk is scored as an access-control domain (visitor logs, door schedules, badge systems, master-key control, access reviews) against ASIS Facility Physical Security Control Standards, FEMA 426/452, and NIST 800-53 PE templates
- Cap Index CRIMECAST, Security Gauge, and Crisis24 crime-data feeds populate per-site likelihood objectively rather than by guesswork
- Per-site risk register plus portfolio rollup and heat maps give security leaders the multi-site view boards and auditors expect
- Findings convert to tracked mitigation tasks with owner, due date, and proof of close; every score change is captured in an immutable audit trail admissible in regulator review
- Each assessment cross-maps to ISO 27001 A.7 physical controls, NIST 800-53 PE, HIPAA 45 CFR 164.310 facility access controls, NERC CIP-014, and Martyn's Law, so one walk-through feeds many compliance files
- 33-year operating history with federal customers (US Department of Defense, VA, DOJ, NSA per public press); single-tenant deployment with customer-owned data residency
Weaknesses
- Pricing is quote-only and not published on the public site, which adds a sales-cycle step that pure-play VMS competitors with self-serve pricing avoid
Multi-site security teams (healthcare networks, logistics and manufacturing sites, utilities under NERC CIP, government facilities) that need to assess and score physical security and visitor-entry risk across a portfolio, ASIS-aligned, rather than run a reception kiosk.
Office-HQ buyers whose only brief is a polished iPad kiosk with Slack pings and Apple Wallet badge; Envoy or The Receptionist fits that brief better.
Key features
- ASIS-aligned mobile TVRA on any browser-enabled device, fully offline with auto-sync
- Assessment templates: ASIS Facility Physical Security Control Standards, FEMA 426/452, NIST 800-53 PE, ISO 27001 A.7, NERC CIP-014, Martyn's Law
- 1,000+ question library, every question mapped to a control standard
- Access-control domain scoring: visitor logs, door schedules, badge systems, master-key control, access reviews
- Crime-data overlay from Cap Index CRIMECAST, Security Gauge, and Crisis24 for per-site likelihood
- Threats catalog: intrusion, theft, sabotage, workplace violence, vehicle ramming, social engineering
- Per-site risk register with portfolio rollup and heat maps
- Findings convert to tracked mitigation tasks with owner, due date, and proof of close
- Immutable audit trail of every score change, admissible in regulator review
- Cross-mapping to ISO 27001 A.7, NIST 800-53 PE, HIPAA 164.310; single-tenant deployment with customer-owned data residency
Integrations
25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Slack, Jira, Salesforce, Custom REST API.
Target size
100 to 25,000 employees · US · Canada · EU · UK · AU