Manage your security risk with Resolver’s ESRM app

Connect incidents to risks with Resolver’s Enterprise Security Risk Management app

Request a Demo
scroll down

Take a data driven approach to risk

Connect your incident data to your risks and start making data driven decisions and investments to further reduce security risk. Easily show your impact on risk reduction with heatmaps and reports.

Take a data driven approach to risk

Why ESRM by Resolver?

Track Your Assets

Track actual and perceived value of your assets and the business stakeholders responsible for them.

Track Security Risks

Assess, document and prioritize risks to your organization’s identified assets.

Report Risk Events

Demonstrate the impact your security measures have on your organization by reporting saves and negative events.

Improve Awareness

Ensure your organization’s asset owners are aware of the importance of their role in securing your organization’s assets.

Mitigate Risk

Improve your impact by focusing security on the highest risks to your organization’s objectives.

Manage Corrective Action

Use the app’s built-in audit functionality to audit your security controls and ensure corrective actions are addressed.

Practice enterprise security risk management with ease

Easily follow the globally established and accepted ESRM risk principles. Resolver’s ESRM app guides you through the ESRM process step by step, helping you to:

  • Identify and quantify your enterprise’s assets
  • Identify and quantify security risks to each asset
  • Prioritize the security risk and the security risk relationship with each asset
  • Develop risk treatment plans
  • Continuously improve

You're in good company

Over 1000 of the world’s largest organizations use our cloud software to protect their people.


Frequently Asked Questions

We're here to answer any questions you might have.

ESRM vs. ERM: What’s the difference?

It’s not a binary choice of using one or the other. Both are risk-based practices and both focus on protecting the business. They complement each other and can be used together as a bridge between security and the business risk owners.  

  • ERM uses risk practices, applies the practice to any risk across the enterprise: capitalization, human capital, regulatory, all security risks.
  • ESRM defines the scope of focus on security risks and the management of those in partnership with departmental leadership. It uses risk principles to define and guide the security practitioner in managing the security scope of risks.  This includes administrative, physical, cyber, technical, workplace violence, terror, or business resilience.

What is Security Risk Management?

Security Risk Management is the shared decision-making process between the security leadership and business leadership. This includes educating the departmental leadership of realistic impact to assets under their control. As well, presenting potential strategies for impact mitigation, and enacting the security safeguard choices.

Security Risk Management focuses on the identification of assets, assessment and prioritization of risks to those assets, followed by a coordinated resource plan for counter measures to minimize, monitor, and control the probability and/or impact of incidents occurring.

What is Operational Risk Management?

Operational Risk Management is defined as the risk of loss resulting from people, inadequate or failed internal processes and systems, or from external events. This includes legal risk but excludes strategic and reputational risk. 


Adam Harting, Security Internal Assessments Manager, Raytheon
Adam Harting Security Internal Assessments Manager, Raytheon
Kirsty Bradley-McMurtrie, Director of Safety, Security and Parking, Conestoga College
Kirsty Bradley-McMurtrie Director of Safety, Security and Parking, Conestoga College
Keith Pua, Public Safety Coordinator, Humber College
Keith Pua Public Safety Coordinator, Humber College