Crisam Logo
  • Solutions
    Solutions
    • Risk & Resilience
    • Compliance, Controls & Security
    • Audit & Assurance
    • Reporting
  • Industries
    Industries
    • Financial Services
    • Energy & Utilities
    • Healthcare & Pharmaceuticals
    • Industrial & Manufacturing
    • Public Sector & Infrastructure
    • Technology & Telecommunications
  • Platform
    Platform
    • Platform Capabilities
    • Oversight & Governance
    • Configurable workflows
    • Centralised GRC data model
    • Risk & control libraries
    • Evidence management
    • Action tracking
    • Automated reports
    • Board reporting
    • Roles & permissions
    • Audit trails
    • Multi-entity structures
  • Process
  • Customers
  • About CRISAM®
  • en-gb
    • de
    • en
Contact us
  • Sprache
    • de
    • en
  • Solutions
    • Risk & Resilience
    • Compliance, Controls & Security
    • Audit & Assurance
    • Reporting
  • Industries
    • Financial Services
    • Energy & Utilities
    • Healthcare & Pharmaceuticals
    • Industrial & Manufacturing
    • Public Sector & Infrastructure
    • Technology & Telecommunications
  • Platform
    • Platform Capabilities
      • Configurable workflows
      • Centralised GRC data model
      • Risk & control libraries
      • Evidence management
      • Action tracking
    • Oversight & Governance
      • Automated reports
      • Board reporting
      • Roles & permissions
      • Audit trails
      • Multi-entity structures
  • Process
  • Customers
  • About CRISAM®
  • Contact us
CRISAM Gruppe

What is CRISAM®? The GRC platform for governance, risk & compliance

CRISAM® is the GRC platform that connects governance, risk and compliance in one place. This consulting-proven GRC and risk management software brings extensive content for normative IT compliance together with a competent partner network — connecting risk, controls, audit and board reporting in one defensible GRC platform.

Contact us
Home » What is CRISAM?
What is CRISAM®? The GRC Platform for IT Compliance | CRISAM®

CRISAM® (Corporate Risk Application Method) is a GRC platform — governance, risk and compliance software — that unifies information security, integrated risk, data protection, internal controls, business continuity and compliance management. As a GRC platform for normative IT compliance, it covers 53+ norms and standards and delivers audit-ready reporting at the press of a button.

Where CRISAM® comes from

Why market leaders trust CRISAM®

CRISAM® has its origins in the well-proven consulting approach called the Corporate Risk Application Method. This approach guides you in establishing or expanding your risk management as a guiding thread towards project success, so project goals can be planned and structured in a holistic representation.

One assessment, many norms

With just one assessment of compliance content, proof of compliance for many standards and norms is provided.

Multi-compliance mapping

Requirements are mapped beyond individual norms for an efficient implementation of multi-compliance.

Reports with a click

Evaluate individual risk areas and generate suitable reports with a click.

Stakeholder-specific reports

Customizable standard reports with stakeholder-specific variations.

Audit-ready

Professional preparation and reporting for internal and external audits and auditors.

CRISAM® Scoring Model

Calculate your defined partial or overall risk according to your risk policy.

Always up to date

CRISAM® Knowledge Packs incorporate norm changes by the publisher through regular updates.

Custom Knowledge Packs

Custom extension of Knowledge Packs is possible.

500+
International customers
20+
Years of experience
53+
Supported norms
700+
Content blocks

Category Leader

CRISAM® in Chartis RiskTech Quadrant® for GRC Analytics 2025

Integrated Risk Management

Configurable standard software for enterprise-wide risk; reporting for IDW PS 340 (n.F.) is included out of the box.

Information Security Management (ISMS)

A true ISMS: it assesses risk as deviation from a referenced “state of the art” and by business relevance — making risk the steering instrument for IT.

Business Continuity Management

Build a tailored BCM methodically to ISO 22301 and BSI 200-4, with interdisciplinary data and meaningful reporting.

Data Protection Management

Stand up an effective DSMS with included processes, policies, workflows and reports for every maturity stage.

ESG

Manage sustainability goals and minimise ESG risk on one intuitive platform. Strong overlap with CSRD reporting.

Internal Control System & Audit Management

Demonstrate the appropriateness and effectiveness of your ICS per IDW PS 982, supporting the Three Lines of Defence model.

One GRC platform. Many disciplines in the field of governance, risk & compliance

Defensible Board Reporting with CRISAM®

Reporting & Board Intelligence

CRISAM® turns governance, risk and compliance data into board-ready decisions. Generate stakeholder-specific reports at the press of a button and give your executives and supervisory board a single, defensible view of risk posture.

Contact us

 

Chart Symbol weiß

Business Impact Analysis

Globus Symbol weiß

Cost-benefit analysis

Schloss Symbol weiß

Sensitivity analysis

Schloss Symbol weiß

Gap analysis

Chart Symbol weiß

Portfolio analysis

Globus Symbol weiß

Compliance valuation

Globus Symbol weiß

Scenario analysis

Schloss Symbol weiß

Fault tree analysis

Built-in analyses behind every report

FAQs

Your questions about CRISAM® answered

What does CRISAM stand for?

CRISAM® is a Governance, Risk & Compliance (GRC) software platform designed to help organisations identify, assess, manage and monitor risks, compliance requirements and governance processes in one integrated system. It combines a proven risk management methodology with configurable software to support organisations of all sizes.

What does CRISAM® stand for?

CRISAM® stands for Corporate Risk Application Method. The name originates from the consulting methodology on which the software platform is based. Today, CRISAM® combines this proven method with an integrated GRC platform for enterprise-wide risk and compliance management.

Who is behind CRISAM®?

CRISAM® was developed by CALPANA business consulting GmbH, an owner-managed consulting and software company headquartered in Linz, Austria. Since its foundation in 2005, CALPANA has specialised in Governance, Risk & Compliance (GRC) solutions and continues to develop the CRISAM® platform.

Is CRISAM® a software platform or a methodology?

CRISAM® is both. It combines the consulting-proven Corporate Risk Application Method with an integrated software platform that supports Governance, Risk & Compliance processes through guided workflows, reporting and configurable modules.

Which organisations use CRISAM®?

CRISAM® is designed for organisations of all sizes, from small and medium-sized enterprises to international corporations. It is used across multiple industries to support integrated risk management, information security, business continuity, compliance and internal control processes.

Which standards does CRISAM® support?

CRISAM® supports Governance, Risk & Compliance best practices and includes content for more than 50 international standards, frameworks and regulations, including Provision 29, ISO 31000, ISO 27001, ISO 22301 and many industry-specific compliance requirements.

What are the main advantages of CRISAM®?

CRISAM® offers a method-based approach, modular implementation, guided workflows, configurable processes and integrated reporting for a defensible board intelligence. Organisations can implement risk and compliance management efficiently while adapting the platform to their specific business requirements.

How does CRISAM® help with audits and reporting?

CRISAM® provides built-in analyses, dashboards and standard reports that help organisations document risks, demonstrate compliance and prepare for internal reviews or external audits.

No risk — let’s just stay in touch

Schedule a demo and contact our CRISAM® team

Contact us

Gemeinsame Nutzung CRISAM

CRISAM GRC Limited

20 Red Lion Street

London

+44 20 4634 5000 andreas.schmitz@crisam.net

CALPANA business consulting GmbH

Blumauerstrasse 45-47

4020 Linz

+43 732 601 216-0 office@crisam.net

CRISAM GRC Limited

20 Red Lion Street

London

+44 20 4634 5000 andreas.schmitz@crisam.net

CALPANA business consulting GmbH

Blumauerstrasse 45-47

4020 Linz

+43 732 601 216-0 office@crisam.net
Solutions
  • Risk & Resilience
  • Compliance, Controls & Security
  • Audit & Assurance
  • Reporting
Industries
  • Financial Services
  • Energy & Utilities
  • Healthcare & Pharmaceuticals
  • Industrial & Manufacturing
  • Industrial & Manufacturing
  • Technology & Telecommunications
Company
  • About CRISAM®
Legal
  • Data Policy
  • Imprint

© 2026 CRISAM GRC Limited