SaltyCloud is a Public Benefit Company

Isora: Simplify your risk assessments. Measure and quantify organization-wide risk with a simplified workflow and unlimited delegation.

Conduct scalable organization-wide IT risk assessments

Risk assessments can be a daunting task

Your organization’s sensitive data is distributed across thousands, if not tens of thousands, of devices and systems. Keeping track of what information is on what systems, who owns it, and how it is being managed can be a daunting task. Equally as challenging is efficiently rolling up that data to measure and quantify overall risk and demonstrate a maturing security posture over time.

Simplify your risk assessment with Isora

Isora is a risk assessment workflow and automation tool that provides a scalable and achievable solution for highly distributed or federated organizations.

Measure & quantify organization-wide risk

Isora provides IT security risk scores broadly and categorically across your organization. Risk scores are normalized, allowing security and risk officers to prioritize areas for focus and identify leading and lagging units.

Source risk information from across your organization

Launch assessments to broad stakeholders with in-app notifications and quick response roll-up. Unlimited delegation allows your organization to collaborate at scale efficiently.

Complete risk assessment workflow solution

Manage your assets, question sets, stakeholders, units, notifications, assessments, reports, and risk scores in a single cloud-based application — no on-premise builds, dedicated staff, or project teams required.

Isora common use-cases

Host-based asset classification

Isora provides a robust workflow and automation for asset management and classification. Thus allowing you to understand what data is on what systems, what users/units have access and how it is controlled.

Asset Workflow

Pull in inventory through API or csv upload; Auto-assign assets to owners, users, and orgs; Delegate systems for classification; Classify assets by data category, data classification and priority/ criticality; Immediate roll up of assets for reporting by department/unit or across campus.

Campus-wide IT security risk assessments

Isora allows you to efficiently conduct campus-wide IT risk assessments across any question set or security framework (eg, NIST, ISO, COBIT, ITIL). Use default question sets or upload your own. Robust question logic including: question weighting, parent/ child nesting, partial credit, free text documentation field, change log, etc.

Department/Unit Level Assessment Workflow

Choose framework or regulation; Curate questions and question sets; Build and launch assessments including: Role based permissions, notifications, and progress status; Delegate questions to broad stakeholder base for responses; Immediate response roll up to document unit bead sign off and immediate reports and risk scores for unit and compared campus averages. Reports include prior assessment responses to demonstrate trend-line/improvement of risk posture over time.

Demonstrate regulatory or policy compliance

Conduct focused assessments of covered units for various regulatory/policy requirements (HIPAA, GLBA, State Statutes). Use default question sets or upload your own. Efficiently collect specific information in preparation for an audit. Assess compliance with minimum security standards for systems or other local policies.

Regulatory Compliance Workflow

Choose Regulation and identify covered units/departments; Select or curate question set; Build and launch assessments including; Determine if want to include host classification for units, Delegate questions to units stakeholder base for responses; Immediate response roll up and reporting; Risk Scores for units and across covered/assessed units to identify gaps for prioritized remediation; Reports include prior assessment responses to demonstrate trend-line/improvement of risk posture over time.

Read the data sheet

Discover how Isora can fit the needs of your organization to conduct focused, broad, and third-arty vendor risk assessments.

New to risk management?

We can work with your organization to recommend a phased, multi-year implementation approach that allows your institution to warm up to risk assessment without overwhelming your internal stakeholders or team.

Whether you need to demonstrate HIPAA or GLBA compliance for covered entities, classify your assets, or conduct an annual campus-wide NIST assessment, you can depend on Isora. Our out-of-the-box question sets and workflow simplify the process and allow you to get started on a quick and scalable trajectory in no time.


As a Public Benefit Company, SaltyCloud offers significant discounts to higher education, governmental, and non-profit institutions. SMB or enterprise? Contact us for more details.

Let’s chat risk assessment

We’re here to help you get started. We can discuss how Isora will fit your organization’s specific needs and set up a demo for you, your team, and your stakeholders.