Home
arrow_forward_ios
Blog
Governance, Risk & Compliance

The Future of CRI: Extending the Model Beyond Financial Services

Jon Darbyshire
CEO SmartSuite
January 13, 2026
7 mins
read
This is some text inside of a div block.
Back to top

When the Cyber Risk Institute (CRI) Profile was first introduced, it was designed to solve a very specific problem: create a unified cybersecurity and resilience framework for the financial-services sector: an industry defined by regulatory intensity, operational complexity, and systemic importance.

And it worked. In ways few frameworks ever have.

Over the past several years, I’ve watched global banks, regional institutions, credit unions, and emerging fintech companies embrace CRI as the backbone of their cyber maturity, operational resilience, and governance models.

It has become a shared diagnostic language that connects cyber, risk, audit, compliance, and resilience teams, something the industry has needed for decades.

But as adoption has grown, something interesting has happened: leaders in other industries have started paying attention.

Healthcare, energy, manufacturing, retail, government agencies, and even technology companies are all beginning to ask a variation of the same question:

“Why doesn’t our industry have a CRI Profile?”

And after spending years studying how institutions across sectors manage risk, I believe the question is well-founded, and the opportunity is real.

The CRI Profile may have been born in financial services, but its underlying design philosophy is industry-agnostic. Its greatest strength, a unified diagnostic structure that harmonizes complex regulatory environments, is exactly what other industries now desperately need.

The future of CRI may extend far beyond banking.

Why CRI’s Core Design Is Universal

CRI succeeds not because of the specific regulations it harmonizes, but because of the model behind it. That model is universally applicable in any complex, regulated environment.

Across industries, several truths hold:

  • Cybersecurity is inseparable from operational resilience.
  • Third-party ecosystems create systemic risk.
  • Regulatory expectations overlap, conflict, and evolve.
  • Executives and boards need clear, consistent maturity reporting.
  • Teams speak different operational languages.
  • Evidence is scattered across systems and functions.
  • Organizations struggle to communicate risk coherently.

These conditions don’t belong to financial services: they belong to modern business.

CRI’s diagnostic structure addresses these challenges in a way that transcends the original sector:

  • It’s diagnostic rather than prescriptive.
  • It defines outcomes instead of dictating controls.
  • It creates harmonized clarity from fragmented requirements.
  • It supports continuous monitoring and assurance.
  • It gives executives and boards a common risk language.
  • It maps naturally into workflow-based governance platforms.

In other words: CRI is not a banking framework. CRI is a model, one that just happened to find its first home in banking.

The Oversized Impact of a Harmonized Framework

Across my work with top-tier institutions, one insight has become increasingly clear:

When an industry shares a single diagnostic language, everything moves faster.

With a harmonized model:

  • Vendors integrate more easily.
  • Evidence becomes reusable.
  • Assessments become comparable.
  • Remediation becomes consistent.
  • Maturity becomes measurable.
  • Supervisory relationships improve.
  • Board reporting becomes coherent.
  • Technology platforms can connect meaningfully.

These benefits are not financial-services specific, they are universal.

And they would be transformational in industries like:

Healthcare

Where HIPAA, NIST, HITECH, FDA requirements, and third-party risk expectations often conflict.

Energy & Critical Infrastructure

Where NERC CIP, DOE guidelines, and supply chain risks create complex interdependencies.

Manufacturing & Industrial

Where OT/IT convergence, safety requirements, and supply chain controls lack unified frameworks.

Government

Where agencies operate under multiple overlays like FISMA, CISA, NIST SP frameworks, and sector-specific mandates.

Retail & Payments

Where PCI, data-privacy requirements, fraud controls, and cyber resilience must merge.

Each of these industries faces the same fragmentation problem CRI solved for banking, just at different scales.

Why CRI Resonates Across Sectors

The more I’ve studied governance models across industries, the more I’ve realized that CRI’s success stems from structural attributes rather than sector-specific ones.

1. CRI aligns deeply technical work with governance outcomes.

Boards, executives, and practitioners all use the same diagnostic statements.

2. CRI harmonizes overlapping frameworks.

It eliminates confusion caused by competing standards.

3. CRI provides a maturity model that is explainable, defensible, and comparable.

4. CRI supports continuous assurance.

Because diagnostics map easily to real-time monitoring signals.

5. CRI provides a foundation for vendor ecosystem alignment.

Tools can integrate around a shared structure.

6. CRI serves as a unifying architecture.

It aligns cyber, risk, audit, compliance, and resilience.

These capabilities are not unique to financial services. They are the capabilities every modern industry needs.

Patterns I’ve Observed Across Industries

Across years of working with organizations outside financial services, I’ve seen the same structural challenges that existed in banking before CRI was introduced:

  • No shared maturity model across cyber, operational risk, and resilience.
  • Redundant assessments across frameworks.
  • Limited ability to reuse evidence.
  • Lack of interoperability between security tools.
  • Difficulty producing consistent board reporting.
  • Fragmented remediation workflows.
  • Conflicting interpretations of regulatory expectations.
  • Lack of a unified diagnostic structure.
  • Slow movement from periodic to continuous assurance.

Every one of these challenges maps naturally to CRI’s design. This is why I believe CRI is not merely an FS framework, it is a blueprint.

What a Cross-Industry CRI Evolution Could Look Like

If CRI were to expand into other sectors, I believe it would follow a familiar pattern:

Phase 1: Harmonization of existing frameworks

Map sector-specific standards (e.g., HIPAA, NERC CIP) into a diagnostic structure.

Phase 2: Alignment of regulatory expectations

Establish common maturity diagnostics across agencies.

Phase 3: Vendor ecosystem alignment

Security tools begin integrating directly to the diagnostics.

Phase 4: Workflow operationalization

Platforms like SmartSuite embed diagnostics into:

  • Assessments.
  • Evidence.
  • Issues.
  • Remediation.
  • Continuous assurance.
  • Executive reporting.

Phase 5: Industry benchmarking

Shared diagnostics create a foundation for peer comparison.

Phase 6: Board-level adoption

Diagnosed maturity becomes the new standard for governance reporting. This model works, because it already worked in the most complex sector of all: financial services.

Why SmartSuite Is Positioned to Support Cross-Industry Expansion

SmartSuite was built around workflows, not modules, which makes it uniquely suited for frameworks built around diagnostics.

Whether CRI extends into healthcare, energy, manufacturing, or government, SmartSuite’s workflow-native architecture allows:

  • Diagnostics → to become automation triggers.
  • Evidence → to follow workflows.
  • Controls → to map across domains.
  • Issues → to align to maturity expectations.
  • Vendors → to integrate against a unified structure.
  • Dashboards → to reflect continuous state of readiness.

SmartSuite is not tied to FS frameworks; it is tied to process, which is universal.

If CRI expands, workflow-native platforms will be the operational backbone that brings it to life across industries.

Conclusion: CRI Is Not the End of a Story: It’s the Beginning of One

The CRI Profile has already reshaped cyber governance across financial services. But its greatest contribution may be yet to come.

CRI has demonstrated that harmonized diagnostics can unify:

  • Cyber.
  • Risk.
  • Audit.
  • Compliance.
  • Resilience.
  • Vendors.
  • Boards.
  • Regulators.

No other framework has achieved this.

And the need for this kind of unity is not confined to financial institutions.

Every complex industry now faces the same ecosystem of risk, the same regulatory fragmentation, the same need for continuous assurance, and the same demand for board-level clarity.

That is why I believe the future of CRI, or CRI-inspired diagnostic models, extends far beyond financial services.

Because the model works. Because the need is real. Because the world is ready for harmonization, not fragmentation.

And because resilience, trust, and governance depend on it.

Table of Contents
What are the best policy management platforms on the market ?
#1: What policy lifecycle scope do you need to manage ?
Start using SmartSuite Today

Run your entire business on a single platform and stop paying for dozens of apps

  • Manage Your Workflows on a Single Platform
  • Empower Team Collaboration
  • Trusted by 5,000+ Businesses Worldwide
Start Free Trial

Featured writers

You’re Subscribed !
And never miss a single update !
Oops! Something went wrong while submitting the form.

Discover SmartSuite

-
5 Ways to Greatly Improve Workflow Efficiency
How to Spotlight by Status or Single Select Field to Simplify Your Workflow
Using Gantt Charts to Get Project Timelines Under Control
Course & Curriculum Planning for Colleges & Universities
Unlocking the Potential of Prefilled Forms
Merge Records Automation Action
7 Effective Tip For Project Planning At Work
Revolutionize Your Logistics: Tame Supply Chain Chaos with SmartSuite
Top 10 Project Management Softwares in 2024
SmartSuite's Commitment to Security: Achieving ISO 27001 and SOC-2 Type 2 Compliance
Building and Leading an Inspiring Workplace
What's New in SmartSuite: January 2024
Empowering Innovation: landman® Elevates Real Estate Operations with Smartsuite Integration
Introducing SmartSuite's Integration with Relay
Mastering Checklist-Based Filtering in SmartSuite
How to Spotlight Record Fields in SmartSuite
Team Collaboration Software: Why Your Team Needs It In 2024
How to Streamline Your Team’s Tasks with Automation Tools
How to Adjust the Row Size in SmartSuite
Unlocking Efficiency: Your Guide to SmartSuite Integrations
Introducing SmartSuite's Integration with Softr
Introducing SmartSuite's Integration with Easy Portal
5 Strategies to Improve Team Communication in 2024
Managing Projects Effectively with SmartSuite: From Estimation to Execution
Why Good Document Management is Vital for Your Business
Introducing SmartSuite's Integration with Bardeen
Project Management Techniques: Efficient Ways to Stay on Top of Your Game
5 Best Practices for Project Planning: A Comprehensive Guide for Teams
The Power of Process Automation: How it Benefits Your Business
How Consulting Teams Use SmartSuite to Maximize Project Planning, Allocation, & Utilization
The Agile Brand: AI & the Workforce
Introducing SmartSuite & Noloco Integration
Supercharge Your Project Management with SmartSuite Formulas
New Multi-Select Grid Controls
What's New in SmartSuite: September 2023
Mastering Field Type Switches in SmartSuite | A Step-by-Step Guide
How to Highlight Data In SmartSuite
Scale Your SaaS: Your New Growth Mantra: Follow the Customer
How Creative Agencies Manage Project Financials to Make Better Decisions Pt. 2
How to Name Items in SmartSuite
Introducing SmartSuite's Integration with Integrately
What's New in SmartSuite:  July 2023 Edition
How Creative Agencies Use SmartSuite for Client Projects, Workflows, Tasks, and Utilization Pt. 1
Product of the People: The Secret Sauce Behind SmartSuite's Triumph
Day 7: Future of the No-Code / Low-Code Landscape
Day 6: AI Innovation Within the No-Code and Low-Code Landscape (Part 3 of 3)
Day 5: Understanding the  No-Code and Low-Code Landscape (Part 2 of 3)
How to Track Time Between Stages of a Project
Day 4: Understanding the No-Code / Low-Code Product Landscape (Part 1 of 3)
Day 3: Exploring No-Code and Low-Code Use Cases
Day 2: The Key Benefits of No-Code / Low-Code Products
Smarter Software Outsourcing: Cultivating Remote-first Collaboration Across Distributed Teams
Day 1: The History of No-Code and Low-Code Products
The Digital Workspace Works: In a Digital Workspace, Workflows Are Everything
Our Partner-First Journey: A Thriving Ecosystem of Global Collaboration
How SmartSuite Revolutionized Our Content Creation Process
Enterprise Excellence: What Does the Future of Workplace Automation Look Like?
First Customers: Jon Darbyshire's SmartSuite Journey and Early Customer Acquisition
Office Hours with David Meltzer
What's New in SmartSuite: June 2023 Edition
Streamlining Club Events with Event Registration Software
Streamlining Fundraising Campaigns with Donor Management Software
Enhancing Building Security with Access Control Systems
Revolutionizing Venture Capital with Fundraising Management Software
Streamlining Venture Capital Operations with Deal Flow Management Software
Harnessing the Power of Customer Analytics and Reporting Tools for Performance Tracking
Unleashing the Power of Customer Support Ticketing and Management Software
Customer Onboarding Software for Effective Customer Adoption: The SmartSuite Advantage
Customer Feedback and Survey Tools for Customer Satisfaction: The Power of SmartSuite
Customer Success Management Software for Customer Retention: The Power of SmartSuite
Risk Management Software for Enterprise-Wide Risk Mitigation: The Power of SmartSuite
Quality Management Systems for Process Optimization: The Power of SmartSuite
Knowledge Management Software for Internal Collaboration: The Power of SmartSuite
Contract Management Solutions for Legal Compliance: The Power of SmartSuite
Enterprise Resource Planning Software for Business Management: The Power of SmartSuite
Lights on Data Show: The Future of Workplace Automation
Workflow Automation Tools for Streamlined Operations: The Power of SmartSuite
Procurement Software for Efficient Purchasing Processes: The SmartSuite Advantage
Logistics and Transportation Management Software: The SmartSuite Advantage
Facilities Management Software for Building Maintenance: The Power of SmartSuite
Seamless Workflow Connectivity for Business Success: Harnessing the Power of SmartSuite
Overcoming Product Management Challenges: A Comprehensive Guide
Improving Business Workflows with Integrated Solutions: The Power of SmartSuite
Achieving Success with Goal-Setting Software for Personal and Professional Development
Connected Workflows for Streamlined Operations: The Power of SmartSuite
Integrating Workflows for Business Productivity: Harnessing the Power of SmartSuite
Mastering Rollup and Formula Fields in SmartSuite
Optimizing Business Workflows with Connected Technology: The Power of SmartSuite
Membership Management Software for Nonprofit Organizations: A Comprehensive Guide
Connected Systems for Improved Workflow Management: Unleashing the Power of SmartSuite
Workflow Connectivity for Seamless Business Processes: The Power of SmartSuite
Grant Management Software for Grant Application and Tracking: A Comprehensive Guide
Volunteer Management Solutions for Nonprofit Organizations: A Comprehensive Guide
Connected Workflows for Business Efficiency: A Detailed Guide
Streamlining Workflows with Task Management Solutions for Effective Organization
Streamlining Workflows with Connected Solutions: A Comprehensive Guide
Streamlining Event Spaces with Venue Management Software
Collaborative Workflows for Team Efficiency: Unleashing the Power of SmartSuite
Simplifying Church Events with Event Scheduling Software
Customized Enterprise Applications with No-Code Software