You’re looking for risk management software

Good software solves a lot of issues but bad software creates more problems than it solves. Unfortunately, most risk management software out there is:

– Too slow

– Too complicated

– Too expensive

DCDR was built to solve these problems and to put effective, simple and affordable risk management software into everybody’s hands. Get the software your team needs for less than your morning coffee.

Learn more and sign up for a trial at

You’re just getting started

learn about Risk Management Basics here

Welcome! I’m thrilled that you choses to start your risk management journey here.

We all start somewhere and risk management is no different. Whether you are a newly-appointed risk manager, have just been brought onto a risk management project or been appointed to a governance and oversight role, I hope that the resources below will help you get make sense of things and started as quickly as possible.

The resources below are split into two categories: basic and deep-dives. Pick which version is most appropriate based on your experience and background. If you aren’t sure, start with the basic version even if it’s just to get an idea of the language and approach that I use throughout the site.

When you’re ready, you can find the more detailed project areas here.

You’re Interested in Enterprise Security Risk Management

Enterprise security risk management (ESRM) aligns your security program with the organization’s key objectives to ensure that the key assets are protected and that security becomes a driver of results and overall performance. Here are some resources to help build or transition into an ESRM focussed program.

What is ESRM?

ESRM takes a risk-led approach to security management to ensure that the security program is completely aligned with the organization’s strategic objectives.  Enterprise security risk management has a firm basis in proven security practices but brings security management into line with internationally recognized risk management standards.

A mature ESRM program encompasses all aspects of security risk mitigation

ASIS International introduction to ESRM

ASIS International (the leading organization for security managers worldwide) has designated enterprise security risk management to be the organization’s strategic focus.

I am a strong believer in the benefits of a risk-led approach but I was a security manager first.  I’ve adapted or developed the more general risk management materials to support the ESRM initiative as a one-stop for resources, articles, tools and templates to help security managers transition to a risk-led model.

I hope these resources help with your ESRM program and additional tools will be added as the ESRM standard and guidelines are developed.

ESRM Resources

Here are a few of the ESRM-specific resources I’ve developed.


ESRM doesn’t have to be complicated and it certainly shouldn’t be just a set of checkbox processes that your team grinds through instead of keeping your organization safe and secure. Take a KISS approach to ESRM to ensure that your system is fit for purpose and is something that you can actually use.

Read about how to keep it simple here.

Key references

ISO 31000 is a core reference for risk management.  Here’s a short article explaining what it is and what it contains. What is ISO 31000?

The ASIS ESRM standard is due for publication in early 2019 and a review/guide will be published as soon as this is available.

Designing or implementing an ESRM system?

Looking for help designing and building an ESRM system?  I’ve created a handbook that explains how to scope, design, build and implement any risk management system, including an ESRM system.

Learn more here. ESRM – a guide to developing a simple ESRM system

Looking for software?

The DCDR software project was originally a security risk assessment app making it an ideal software platform to support an ESRM program.  With the addition of security-specific modules, I hope to make this fully integrated, ESRM-ready toolkit for security managers looking for a light, fast, secure and affordable software solution.

Read more about DCDR – ESRM-ready software (Opens the DCDR website)

Can’t find what you’re looking for?  Send me an email

You’re building a risk management system

risk management system build

Building a risk management system is hard. Integrating one into an organization can be even harder. Here are some resources to help you plan and build your system and then integrate it so you can become an effective, risk-led organization.

There’s also a handbook I’ve written which provides a step-by-step guide to designing, building and integrating a risk management into your organization. This builds on the articles and guides above to give you a comprehensive roadmap to follow while you put a risk management system in place that’s going to work for you and your organization.

build a risk management system with this handbook

Learn more about the handbook here

You can also assess how mature your organization’s risk management system is using my free audit tool. Start your assessment here.

You’re Conducting a Risk Assessment

Risk assessments lie at the core of the risk management process so getting these right is critical. Here are some of the key resources you might need to help you plan, conduct and deliver your risk assessment.

Ready to get started?


Want to do deeper?

If you’ve already covered the basics and want to go into more depth, you might want to look at my book, Beyond The Spreadsheet and the accompanying course, The Risk Assessment Toolkit. These get deep into the weeds with step-by-step instructions for how to plan, conduct and deliver your assessment.

See the book on Amazon

Visit the course page

Looking for software to help? Take a look at, the software I developed to sped up and simplify your risk assessment.