Key Features

Exceed.Risk has many Key Features that could be used to facilitate the manual hassle of the risk assessment process, below are the major Key Features:


Automating and delivering information security risk management quickly and easily.


Ease of changing tool configuration based on each organization IT Risk Methodology.

Multi Standards

Fully compliant with ISO 27001:2013, 27005:2011, and 31000:2009.

Risk Library

Built-in database of threats & vulnerabilities.


Delivering a high level of reliability and consistency that spreadsheets cannot deliver.

Multi Scopes

Allow users to have several scopes.

Asset Evaluation

Conducts Business Impact Analysis (BIA).

Automated Calculation

Developing Mitigation Plans and Calculating Risk values.

Major Functions


The screen shows the overall risk standing of the organization through several views as shown in the screen below.

dashboard will not appear unless the risk assessment has been completed.


Manage scopes screen is used to define scopes, edit scope information, assign assets groups and to edit assets information. User can define multiple scopes with multiple asset groups.

After defining the scope, the user can upload assets using a predefined asset excel file.

Manage BIA

Asset valuation is done by answering all CIA question for each asset, the tool will calculate the BIA value accordingly. After Asset valuation assets is moved to BIA list tab where user can review and verify asset valuation.

After evaluation, assets must be locked to be moved into BIA history, where users can also update BIA as well.

Gap Analysis

The user is allowed to choose if the control is applicable. If the user chooses the not applicable option this control will not be used in the risk assessment nor the calculation of risk. The tool will calculate the maturity level for each control according to the CMMI model used be the tool.

The tool allows the user to upload an attachment for the evidence of the implemented control.

Threats and vulnerabilities

Asset valuation is done by answering Each asset group is associated by default with a set of pre-defined threats. Users are allowed to add a new threat, edit or delete an existing threat User can assign vulnerabilities to each threat, define controls to each threat and edit or delete any vulnerability defined to each threat .

After answering the question for the impact and probability question the tool will calculate the threat value automatically.

Contact us

Do you have any questions? Please do not hesitate to contact us directly. Our team will come back to you within a matter of hours to help you.

We'll never share your email with anyone else.