Evidence-first
Structured the way auditors want proof presented — preparer / reviewer / approver sign-off, tickmark legend, revision history on every tab.
RiskForge is the work of Luis A. Santos — an information security and cyber risk professional with 10+ years maturing enterprise cybersecurity and GRC programs inside regulated banking and U.S. defense environments. The same workbooks the consulting bill was hiding, built once and priced for sanity.
After enough audit cycles, one pattern is impossible to un-see: teams paying five figures for a workbook they could have owned outright.
Spend ten years inside regulated industries and you watch the same scene replay every audit cycle. A consultant arrives, runs a gap assessment, and leaves behind a spreadsheet. The invoice reads $15K to $50K. The deliverable could have been built once and reused forever.
The workbook was never the hard part. The hard part was knowing what a QSA or an internal-audit reviewer actually wants to see — how evidence should be laid out, which testing procedures belong on the page, where maturity scoring earns its keep. After assessing 500+ controls across banking and U.S. defense — and maturing an enterprise IT & Cyber Risk framework against NIST CSF, FFIEC, PCI DSS, and COBIT — that knowledge stops being research and becomes muscle memory.
RiskForge is that muscle memory, packaged. Every tab is structured the way auditors expect evidence presented. No filler. No theatre. Just the deliverables the consulting bill was hiding.
Every role added a different lens — and a different set of auditors and examiners to satisfy. The workbooks carry all of it.
Every workbook ships against the same principles — the conventions GRC reviewers, QSAs, and internal audit expect to see.
Structured the way auditors want proof presented — preparer / reviewer / approver sign-off, tickmark legend, revision history on every tab.
NIST CSF 2.0 and PCI DSS v4.0.1 — not the old versions still floating around in free templates. Updated when the frameworks move.
No dashboards that impress and don't audit. Every cell earns its place against a real requirement, testing procedure, or artifact.
One-time purchase, lifetime updates within the major version, hidden branding tab. Rebrand it and ship under your own name.
The standards behind the workbooks — and the cross-walks that tie them together inside every tab.
If you've ever rebuilt the same tracker from scratch the week before an audit, this was built for you. Put it to work before your next cycle.
The workbook tour is a real workbook — every tab, not a screenshot. Walk through it before you decide.