CRI Profile
A financial services-focused cybersecurity profile that consolidates expectations into a practical, assessable set of diagnostic statements - and operationalizes them in SmartSuite.
SmartSuite provides the system for managing controls, evidence, mappings, assessments, and reporting. Framework text may require a separate license unless explicitly provided.
What is the CRI Profile?
The CRI Profile is a cybersecurity and resilience framework created for the financial sector. It consolidates regulatory and supervisory expectations into a single, practical structure that organizations can use to assess their program consistently and communicate results in a common language.
CRI is organized around seven functions - Govern, Identify, Protect, Detect, Respond, Recover, and Extend - and expresses expectations as diagnostic statements that can be tested, tracked, and improved over time. This makes it well suited for programs that need repeatable assessments, clear ownership, and audit-ready evidence.
In SmartSuite, CRI Profile becomes a living controls program: you map internal controls to CRI diagnostic statements, link evidence and testing, track issues and remediation, and report readiness by function, tier, system, business unit, or audit period.
A quick reference you can keep consistent across every framework page.
- PublisherCyber Risk Institute (CRI)
- Region / scopeGlobal (financial sector)
- Requirements318 diagnostic statements
- Framework type7 functions (Govern, Identify, Protect, Detect, Respond, Recover, Ex
- Current versionProfile v2.x
Crosswalks and mappings
A major benefit of CRI is the crosswalk. CRI publishes mapping resources so teams can start with CRI as a baseline and demonstrate alignment to additional frameworks and references - without rebuilding their program from scratch.
How SmartSuite supports this framework
Operationalize this framework as a living controls program - not a one-time assessment.
Controls library as the system of record
Define owners, cadence, scope, and status for every control.
Map controls to framework requirements
Maintain coverage notes and traceability without duplicating work.
Evidence workflows
Request, collect, review, and refresh evidence on a schedule.
Assessments and testing cycles
Run recurring tests and assessments with clear status and reviewers.
Issues and remediation tracking
Route exceptions to owners, manage SLAs, and track closure evidence.
Dashboards and reporting
Roll up coverage, gaps, and readiness by domain, owner, and period.
Frequently Asked Questions About Services Offerings
Can I connect SmartSuite to something that isn’t on your integrations list?
Do I need other accounts or API keys in order to access tools in SmartSuite?
How can SmartSuite give me better data coverage and pricing than Zoominfo or other data providers?
Turn ESG Goals into Measurable Business Outcomes
SmartSuite helps you centralize ESG data, automate reporting, and collaborate across departments. Break down silos between sustainability, compliance, and operations to drive accountability and impact.