A shout out to all the security professionals that are attending the ASIS Europe 2019 conference in Rotterdam. Stop by F6 and get a demo of the brand new version of Human Risks.

If you are responsible for managing security across multiple sites - this is the tool you should be looking at.

Im exhibiting at - medium.jpg

Online security risk management platform with auto-generated risk assessments that makes management and documentation of compliance a walk in the park. Manage risks, control measures, recurring tasks, report internal incidents and stay updated on global events with our live data feed.

Hope to see you there!

The New Platform is Live!

Our platform has been updated to meet the challenges of new technologies!

Our system has been optimised for vast quantities of data and statistical analysis preparing us for exploiting machine learning and AI to improve the platform’s capabilities.

The platform’s look & feel has also been updated and is now easier than ever to navigate and use. Optimised for tablets the full suite of features can be used when on the go!


Never Be the Smartest Person In the Room!

To keep evolving be around people smarter than yourself! That is why I am happy & proud to present a board of advisors that include people with impressive skill sets and experiences very different from ours. On top of that they are all just really good people!

The board will help Human Risks scale our offerings based on the experiences we have drawn over the past three years.

Dear Brian, Nick, Tommy, Daniel and Joe - thank you for being on our Advisory Board. I look forward to what seems to become a fantastic 2019!

Read more about the advisory board here.

Screenshot 2019-01-19 at 20.56.15.png

I didn't Invent the Wheel...

…But I am suggesting security professionals replace spreadsheets with a better way - I've been the caveman to the right for too long.

When managing security risks three things are important:

  1. Keep it simple – and help your organisation understand the “why” through involvement

  2. Link risks to mitigating measures. Keep it simple and scalable, and

  3. Put effort into implementing those measures. This is where you add value and reduce risk

We are trying to give security professionals an updated overview across multiple sites and allow you to involve the organisation (back to the “why”) by delegating and measuring on the implementation of measures in one single platform. If you are curious about how we do that please contact us for a demo at or send me a message.

Lucky for us, not all say “No thanks!” One of our customers - a major player in the food industry with sites in most parts of the world – said this about Human Risks in a recent interview:

» Human Risks enables us to decentralise the security risk management process, which helps us empower local management to take ownership. It increases the effect of what we are doing and reduces our costs substantially.

Sometimes it feels like being a caveman suggesting his peers try something new…

Sometimes it feels like being a caveman suggesting his peers try something new…

Our new dashboard gives you a comprehensive overview!

Screen Shot 2018-06-14 at 13.18.27.png
  • Risk assessments that automatically match threats with mitigating measures.
  • Distribute your (white labelled) mitigating measures across your organisation containing text, files and videos.
  • Manage all recurring tasks (training, inspections, reviews etc.) providing you with a complete audit trail.
  • A report module that allows your organisation to report any incidents and gives you a visual overview.
  • An external data feed that keeps you updated in real-time on global events.
  • A mobile app to manages audits and report incidents - integrated with device’s GPS and camera.
  • A best-in-class cloud security and two-factor authentication.

And now a dashboard that ties it all together:

  • Upcoming and exceeded deadlines. 
  • Efficiency in implementing mitigating measures. 
  • High-level risks that are not mitigated. 
  • Recent security incidents in the vicinity of your facilities.

If you are managing security risks this tool gives you a live overview of the entire process, is easy to use, and affordable to acquire. Our clients are all from the top tier of their industries and have in common that they needed a tool to help them take a risk-based approach to decision making, get a clear overview of their risks and measures, and reduce costs.

Does it come in your company’s colours? Yes, of course. A white label solution is part of the package.

Incident reporting with our app!

It is time to bring you great news again - now you can report incidents in our app as easy as 1-2-3!

1 - Select incident

2 - Give a short description

3 - Click submit

...and the app takes care of the rest; adds location & date and you can add photos with your device’s camera. On our web platform, you can search and filter across all incidents and get the total overview on the dashboard - Reach out for a demo...

Total Overview - Always Updated! 

incident reports dashboard.png

Cybersecurity of SaaS-Solutions

There is - for many good reasons - much talk about cybersecurity and if you are not an expert (which I am certainly not - but I have skilled people helping me with this) it can be difficult to navigate the jungle of technical terms and assess the vulnerabilities and level of risk in what is a multi-billion ($) industry.

In our company information security is something we take extremely serious since our product and only distribution channel is online, which is why protecting our customers' data is embedded in everything we do - the life of our company depends on it.

Without getting too deep into technical jargon the protection of data in Software as a Service is primarily centred around three entities and the connections between them; 1) the hosting environment, 2) the vendor's internal set-up and 3) the end-users’ IT-environment.

If your SaaS-vendor is using one of the top two or three hosting partners you are sure they adhere to the most rigorous security requirements on hosting but you should also explore if:

  • APIs and connections are encrypted (AES 256)

  • all databases are encrypted and decrypted in real time

  • how often backups are done

  • a redundant set-up/offsite replica (a secondary mirroring of the data, which can take over if the first goes down) is in place, which is not given unless your vendor specifically has chosen that solution (and pays for it)

  • the vendor’s own access to the production database is limited i.e. to on-premise IP-numbers to ensure that access to the most vulnerable point is restricted and that both the digital and physical access to computers are managed carefully.

One element that is out of the vendor’s control is the customer’s behaviour and systems. The UK Government provides us with good advice on 5 actionable cybersecurity controls provided by The National Cyber Security Centre.

Screen Shot 2018-03-05 at 20.46.48.png

The two-factor authentication mentioned in advice number 2 is an effective way to close a gap where the vulnerability of the user potentially can have big (read: extreme) impact. You probably know it from payment systems where you have to receive a code on your mobile device before being able to complete a transfer.

At Human Risks, we have implemented two-factor authentication free of charge for our customers to use so that we are as certain as we possibly can be that it is the right person with the right authorisation to log in to our platform. With two-factor authentication, we have reduced the risk of negligent password behaviour being exploited substantially and closed a potential vulnerability on our customers’ side.

Any important points about the vulnerabilities of SaaS and how to mitigate them I have left out? If so - don't hesitate to comment.

If you are interested you can download our IT Security White Paper here...