Information Security Risk Assessment Software

The Gramm-Leach-Bliley Act (GLBA) and the Interagency Guidelines Establishing Information Security Standards require financial institutions (banks, savings associations, and credit unions) establish an Information Security Risk Assessment.

CoNetrix offers an online risk assessment software solution to help banks and credit unions perform an information security risk assessment, per GLBA, as well as individual information asset risk assessments. We designed our software using guidance from the FFIEC, FDIC, OCC, FRB, NCUA, and CFPB. Our web-based risk assessment software is designed in an easy-to-follow format.

Information Security Risk Assessment

The Tandem Information Security Risk Assessment Software includes:

  • A location management tool to assist in identifying likelihood and potential damage based on physical locations
  • A threat questionnaire broken into eight sections to assist in quantifying the likelihood and potential damage associated with threats:
    • Structure & Responsibility
    • Size & Complexity
    • General Controls
    • Previous Experience
    • Natural Disaster/Elemental
    • Contracts, Legal, and Regulatory
    • Audit & Security Testing
    • Security Awareness Training
  • More than 60 pre-defined "common" threats to financial institutions, including Biological Pandemic, Remote Deposit Capture, Internet Banking System Misuse, and Wireless Emissions Compromised
  • A confidential information management section to manage data classification and data flow and to document the location of customer information and/or vital records
  • A threat management section to manage controls, information security and cybersecurity compliance, impact, and guidance associated with identified threats

Information Asset Risk Assessments

Additionally, the Information Asset Risk Assessments portion includes:

Custom Risk Assessments

Tandem Risk Assessment also includes custom risk assessment templates. Add your own threats and controls or incorporate CoNetrix suggested threats and controls to assist in the creation of various assessments. Custom assessments can be mapped to controls and guidance.


For internet banking risk assessments, use Tandem Internet Banking Security Program—which can be purchased separately and integrated with the Tandem Risk Assessment product.

Use the Tandem Policies integration, which allows users to customize a set of more than 50 pre-defined Information Security Policies, already mapped to your Information Security Risk Assessment threats.

Additionally, the asset management tool integrates with Tandem Vendor Management and Tandem Business Continuity Planning products to show connections among assets, vendor services, systems, and software, per the updated FFIEC Information Security Booklet.


The CoNetrix Information Security Risk Assessment software is feature-rich, including:

  • The ability to document an unlimited number of risk assessments
  • A storm and crime event statistics report tool
  • Suggested threats, controls, and risk levels created and updated by security and compliance experts
  • Downloadable documents in Microsoft Word and/or Adobe PDF formats
  • New features and updates are automatically included with your annual subscription
  • Free training workshops to help familiarize you with the software
  • Integration with other CoNetrix online software
  • Anywhere/anytime Internet access through a secure, online portal
  • Multi-factor authentication (optional)
  • Single Sign On (SSO) integration using SAML 2.0
  • Multi-user access
  • No software installation or equipment costs
  • The ability to manage several companies' risk assessments with one login (requires a subscription for each company)


Professional Services

For professional services, ask your account representative about adding Boost Consulting services.

Ready to Get Started?