Quill Knows Risk

Quantifying RISK and OPPORTUNITY is challenging for security departments and business leaders alike. It’s a constantly moving target dependent on business model, risk appetite and tolerance, local crime statistics, economic and political outlook, operational logistics, long-term goals, work-life culture, employee engagement. . . the list goes on and on.

Despite these changing conditions you must act to mitigate RISK and capitalize on OPPORTUNITY. Forgoing risk assessment is not an option. Many organizations spend $100,000’s and months of effort to get a snapshot of risk only to have it sit on a shelf, unread and drifting further from reality every day. This is simply not enough to drive informed action, let alone predict and protect against the manifold risks to your people and mission.

Risk = Threats x Assets x Capabilities

Quill automates the standard risk assessment methodology endorsed by ASIS. Quill Basic sets a baseline in minutes and will completely replace templates and spreadsheets.


When you need to go beyond the baseline, Quill Advanced can be tailored to provide a continuous insight into security risk that adapts to changing conditions and reflects your current reality, by using location mapping, predictive recommendations, incident correlation, and budget analysis.

Request Demo


Your facilities exist in a threat environment that is changing constantly. But threat likelihood is only one piece of the picture. To build your baseline risk picture we will use a threat profile like the one pictured below. We start with overall prevalence of incidents and required knowledge and materials to commit an attack to score threat categories on a relative scale.

Security Risk Assessment

Beyond Baseline: Your threat profile can then be updated, at any frequency, independent of there rest of your foundational inputs. This instantly puts any “red flag” in context and shows you whether you are vulnerable to that isolated example or rising trend.

Your threat profile can be automated as well in response to manually entered incident reports, integration with your existing incident reporting system, or open source threat intelligence sources.

Facility Risk Assessment

Learn more about automating your risk assessment in response to incidents in the Quill Wiki.

To elevate your Threat Assessment or Vulnerability Assessment to look at RISK you must consider your assets. Assets are those people, infrastructure, material, equipment, and information that allow your organization to achieve it’s mission.

To build your baseline risk picture we gather initial information about the most common and most critical assets at each facility. Assets are rated for 3 types of criticality: Operational, Symbolic and Financial.

Assets can be added, removed and edited independent of the rest of your risk picture, making it easy to gain new insight when changes to your staff or supply chain happen.

Risk Assessment Software

Beyond Baseline: Some assets are tracked closely in ERP, Inventory or Access Management systems. Quill can integrate with available systems to make sure your understanding of business impact is based on the most accurate information.

Auditing the security program already in place can be a daunting task. Quill has made it simple by building out a predefined library of policies, technologies and processes that mitigate risk. Each measure in Quill has clear definitions around capability so you can clearly evaluate if your site does or does not have the capability, or whether you need to go beyond baseline.

Security Risk Planning

Beyond Baseline: Because many security controls are reliant on people, they can change with the time of day, day of the week, level of maintenance, times since last training. Quill can incorporate validation schedules to make sure you are maximizing your existing resources.

Quill uses your data to make powerful recommendations for maturing your security level and reducing your Quill Score.

Physical Security Risk Assessment

Quill associates the cost of your security program line items with the risk reduced to give you powerful insight into cost-efficacy.

Security Threat Assessment

Risk to Budget reports and KPIs can then rollup to the department or organizational level to provide broad guidance, or targeted insight.

Security Risk Assessment