AlterRisk is a software tool designed for risk management and compliance with policies, standards, and other best practices in information system governance. 

The current knowledge base included in the tool is focused on information system risks, and compliance can be measured against various international standards and guidelines, including:

• ISO/IEC 27001/27002:2022 (with legacy versions from 2013 and 2005),

• ISO/IEC 22301:2012,

• ISO/IEC 9001:2015,

• ISO/IEC 20000:2018,

• COBIT v4.1,

• PCI DSS v2.0,

• NIST,

• ITIL,

• GDPR,

• Decision of the Croatian National Bank on adequate information system management (Odluka HNB-a o primjerenom upravljanju IS-om),

• Guidelines of the Croatian National Bank on adequate IS management (Smjernice HNB-a o primjerenom upravljanju IS-om),

• Decision on minimum standards for information system management from Bosnia and Herzegovina (Odluka o minimalnim standardima upravljanja informacionim sistemima iz BiH),

• Cybersecurity Regulation (Uredba o kibernetičkoj sigurnosti).

The core functionalities of the tool include:

• Information asset management,

• Audit or compliance assessment against various standards and regulations,

• Creation of internal control systems,

• Information system risk management (risk assessment and treatment),

• Management of records related to personal data protection (GDPR),

• Support for security awareness training,

• Basic reporting on assessed risks and compliance status with standards.

The tool is accessed via a web browser and is built on the ASP.NET v4.7 platform, running on Internet Information Server (IIS) within Windows operating systems. Data is stored using the Microsoft SQL Server family of database management systems.