CRI Compliance (Community)
Assess and manage cybersecurity compliance using the Cyber Risk Institute framework — with structured workflows, shared mappings, and a stronger foundation for supervisory readiness.
Product Overview
Streamline Cybersecurity Compliance with the CRI Community Framework
CRI Compliance (Community) is a productized solution built to help organizations operationalize the Cyber Risk Institute Profile in a structured, repeatable way. Developed by and for the financial sector, the CRI Profile is grounded in globally recognized standards and designed to support alignment with supervisory expectations. SmartSuite’s CRI Compliance (Community) software provides a structured, scalable system for managing CRI-based assessments, evidence, and remediation across your organization.
SmartSuite enables organizations to standardize how CRI diagnostic statements are assessed, how supporting evidence is collected, and how control gaps are tracked across business units and teams. With a centralized system of record, organizations can manage CRI-aligned compliance activities in a way that is repeatable, auditable, and defensible.
While the CRI Profile was created for financial institutions, CRI states it can also be applied more broadly. That makes this product especially valuable for financial services firms, fintechs, and other organizations that want a stronger, more structured foundation for cybersecurity and technology risk compliance.
SmartSuite delivers real-time visibility into CRI compliance posture, enabling teams to track assessment progress, monitor evidence completion, and identify areas requiring remediation. This supports more efficient supervisory preparation, clearer internal accountability, and a more consistent approach to cyber compliance.
As part of SmartSuite’s connected GRC architecture, CRI Compliance (Community) extends beyond a standalone framework assessment.
CRI compliance insights are continuously informed by:
- Control mappings and regulatory libraries
- Risk assessments and enterprise risk activities
- Policy management and governance standards
- Issues and remediation workflows
- Audit and testing activities
This ensures that CRI compliance is not managed as a one-time exercise, but as a connected, continuously evolving compliance process across governance, risk, and operations.
The product supports a wide range of use cases, including:
- CRI Profile assessments and responses
- Cybersecurity supervisory preparedness
- Control mapping and evidence collection
- Gap identification and remediation tracking
The result is a CRI compliance program that is:
- Structured and defensible for examiners, auditors, and internal stakeholders
- Efficient and scalable across compliance teams and business units
- Transparent and actionable for cybersecurity, risk, and compliance leaders
What is CRI Compliance (Community)?
CRI Compliance (Community) is a solution for managing cybersecurity compliance using the Cyber Risk Institute Profile. It enables organizations to assess controls, collect evidence, and improve supervisory readiness using a standardized framework.
Core Capabilities
SmartSuite’s CRI Compliance (Community) product provides the capabilities required to manage CRI-based compliance programs at scale — combining structured assessments, evidence management, and real-time reporting in a unified platform. Each capability integrates with other SmartSuite products, ensuring alignment across risk, policy, audit, and operational workflows.
CRI Profile Assessments
Run structured assessments against CRI diagnostic statements with consistent workflows, scoring, and evidence requirements.
Evidence Collection
Collect, organize, and manage supporting evidence with full traceability and audit-ready documentation.
Control Mapping
Map CRI requirements to internal controls, policies, and related regulatory obligations for stronger alignment.
Gap Identification
Identify control gaps and incomplete responses across diagnostic statements and mapped requirements.
Remediation Tracking
Assign owners, monitor corrective actions, and track progress through structured remediation workflows.
Assessment Dashboards
Visualize completion status, evidence readiness, and compliance posture through real-time dashboards and reporting.
Workflow Automation
Automate requests, reminders, approvals, and escalations using no-code workflows.
Version & Response History
Maintain a clear history of responses, updates, and evidence changes over time.
Role-Based Access Control
Ensure secure access to CRI assessments, evidence, and remediation data across teams and stakeholders.
The Risk Lifecycle
The Compliance Lifecycle
SmartSuite supports the full CRI compliance lifecycle — from assessment through remediation — with connected workflows and real-time visibility.
Scope the Assessment
Define participating teams, business areas, and CRI assessment scope.
Assess Requirements
Evaluate diagnostic statements and document responses across relevant functions.
Collect Evidence
Gather supporting evidence and validate completion against assessment expectations.
Identify Gaps
Highlight missing controls, incomplete evidence, and areas requiring action.
Remediate & Report
Track remediation and provide clear reporting for leadership, auditors, and exam readiness.
Connected Risk Ecosystem
SmartSuite products operate as part of a unified GRC platform — ensuring CRI compliance data is continuously connected to risk, controls, audit, and operational workflows.
The CRI Compliance (Community) product integrates seamlessly with related products to provide a complete view of cyber compliance readiness.
Centralize controls and map them across frameworks to reduce duplication, improve alignment, and enable a test-once, comply-many approach.
Centralize creation, approval, and publication of policies with full lifecycle tracking and attestations, ensuring they remain current, accessible, and auditable.
Manage assessment campaigns and testing schedules with a reusable question library, automated workflows, and centralized evidence collection to streamline assurance.
Track and remediate issues across audits, risk, and compliance with structured workflows, clear ownership, and real-time visibility into resolution status.
Centralize enterprise risk management with real-time visibility, standardized assessments, and connected workflows that align risk, controls, and mitigation across your organization.
Who This Product Is For
The CRI Compliance (Community) product supports stakeholders across cybersecurity, compliance, risk, and audit teams — enabling a more structured and consistent approach to CRI-based compliance.
Frequently Asked Questions
Answers to common questions about SmartSuite’s pricing models, plan options, and onboarding programs.
CRI Compliance (Community) is based on the Cyber Risk Institute (CRI) framework, which provides a standardized set of cybersecurity and risk management controls specifically designed for financial institutions. The community version offers a foundational approach to managing cybersecurity compliance using a widely recognized industry framework. It is important because financial institutions face increasing regulatory pressure and need a consistent way to demonstrate compliance. SmartSuite enables organizations to operationalize the CRI framework within a centralized platform, making it easier to manage controls, assessments, and evidence. By adopting a common framework, organizations improve consistency and reduce complexity. The result is a more structured and efficient compliance program aligned with industry expectations.
SmartSuite translates the CRI framework into structured data models, workflows, and control libraries that can be used directly within the platform. Organizations can manage controls, map requirements, and conduct assessments based on CRI guidelines. Each control is linked to workflows for testing, validation, and evidence collection. This ensures that the framework is not just documented but actively used in daily operations. By embedding CRI into workflows, SmartSuite enables continuous compliance rather than periodic reviews. The result is a fully operationalized compliance framework.
The CRI framework provides a common language and structure for managing cybersecurity risks and controls across financial institutions. SmartSuite enforces this structure by standardizing how controls are defined, assessed, and monitored. This ensures that all teams follow consistent practices. By aligning cybersecurity activities with CRI, organizations improve comparability and benchmarking. This is especially valuable for organizations working with regulators and partners. The result is a more consistent and mature cybersecurity program.
SmartSuite enables organizations to define CRI-aligned controls and manage assessments through structured workflows. Each control can be tested, validated, and linked to supporting evidence. Assessments are assigned to responsible teams and tracked in real time. Automated workflows ensure that assessments are completed consistently and on schedule. By centralizing these activities, SmartSuite eliminates manual processes and improves accuracy. The result is a more efficient and auditable compliance process.
SmartSuite centralizes evidence collection by linking documents and data directly to CRI controls and assessments. Evidence is stored with version control and full traceability, ensuring it is always audit-ready. Teams can quickly retrieve evidence during audits without manual effort. Automated workflows ensure that evidence is updated regularly. This reduces audit preparation time and improves confidence during reviews. The result is improved audit readiness and reduced compliance burden.
SmartSuite integrates CRI Compliance with enterprise risk, audit, and control management workflows. Controls can be linked to risks, enabling organizations to understand how cybersecurity impacts overall risk exposure. Audit workflows can validate CRI compliance using the same data. This integration eliminates silos and improves coordination across teams. By embedding CRI into a unified GRC platform, organizations gain a holistic view of governance. The result is a more efficient and aligned GRC program.
By adopting a structured and industry-recognized framework, organizations can improve their cybersecurity maturity over time. SmartSuite provides the tools to implement, monitor, and continuously improve CRI-aligned controls. Real-time visibility into compliance status and performance enables proactive management. Over time, organizations can identify gaps, strengthen controls, and improve resilience. This leads to better protection against threats and stronger regulatory compliance. The result is a more mature and effective cybersecurity program.
Strengthen Cyber Compliance with a CRI-Aligned Foundation
SmartSuite delivers a connected GRC platform for managing CRI assessments, evidence, and remediation with greater structure and visibility.