RegScale Announces Cyber Risk Institute (CRI) Profile Support

June 20, 2022 | By J. Travis Howerton
Cyber Risk Institute

The Cyber Risk Institute (CRI) Profile is the benchmark for cyber risk assessment. The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations. They are working to protect the global economy by enhancing cybersecurity and resiliency through standardization. The Cyber Profile tool is the benchmark for cyber security and resiliency in the financial services industry. This ever-evolving and concise list of assessment questions is curated based on the intersection of global regulations and cyber standards, such as ISO and NIST.

At RegScale, we provide a software platfrom that offers easy and free tools to get started with building a CRI compliant program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of June 20, 2022, RegScale has announced that we officially support all four Tiers of the CRI Profile as catalogs within our platform with automated tools/wizards for building compliant cyber security programs. In addition, we have published multiple machine readable formats of CRI including an Excel spreadsheet, raw JSON, and NIST OSCAL that are available upon request. These artifacts are freely available for others to reuse in their compliance automation programs using machine readable formats.

Schedule a free demo today to learn how RegScale can help you continuously meet your CRI requirements. If you are ready to start automating your compliance processes for creating and managing CRI requirements, this demo will also show how you can leverage RegScale to deliver continuous compliance. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust CRI compliance artifacts that will help you pass audits with ease. With RegScale, our customers get software with a service to provide a concierge like experience for achieving financial sector cyber security.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.