Understand your level of risk before a security breach occurs.

FISASCORE Estimator evaluates your company’s information security program and measures its risk of a security incident.

This estimator, which is based on the full FISASCORE® onsite assessment, is a free, self-assessment tool that analyzes security standards in place at your company and provides an estimate of your security risk.

Once completed, you’ll receive a risk-based measurement, from 300 (not secure) to 850 (excellent), that indicates your company’s level of vulnerabilities, gaps and deficiencies in your security program.



FISASCORE is a comprehensive, risk-based measurement of information security assigned to your company. A FISASCORE identifies critical vulnerabilities, control gaps/deficiencies, and applicable threats to administrative, physical and technical controls used to protect the confidentiality, integrity and availability of information in your organization.

Well-Rounded Assessment

A successful information security program is more than just software and hardware. A FISASCORE evaluates information security risks across all facets of information security: administrative, physical and technical controls. Covering all facets allows FISASCORE to represent the most comprehensive evaluation of information security risks that all people can easily relate to, regardless of your experience level.

Backed by Regulations

Drawing from standards such as NIST 800-53 and ISO 27000 together with regulatory requirements from HIPAA (Healthcare), GLBA (financial services) and PCI (retail credit card sales), our evaluation criteria are chosen to identify risk to information security. Using a common language and a standard set of objectives for a comprehensive risk-based security program, we can communicate information risk and protection between organizations with varying size, business purpose and internal culture.

Reporting Capabilities

FISASCORE allows all members of the organization to quickly and confidently understand and quantify information security risks. Each FISASCORE includes a measured scorecard, clear recommendations for senior leaders, and an Action Plan. The Action Plan guides in the decision-making after the assessment and the creation of work plans for ongoing improvement. Technical teams are provided with detailed reporting related to specific security controls, evaluation methods, tangible recommendations, and all the supporting information to enable significant risk reduction. Every FISASCORE includes comparisons to industry averages and recommendations to achieve a “best practice” or “acceptable” level of risk.

What Customers are Saying

“The support and personal attention that we’ve received from SecurityStudio has made it easy for us to focus on the needs of our clients. We look forward to continuing our partnership and working together to revolutionize the delivery of security assessments.”

Randy AndersonLoffler

“The team at SecurityStudio supported the product with training that got our audit team up and running in short order, as our first audit was weeks away. Support since we adopted the tool has been excellent, and the SecurityStudio team keeps an open line of communication on new features and content.”

Matt RileyNetgain

“We’ve been able to insert the tool directly into an audit and remediation mechanism we use to help our medical clients satisfy very specific audit requirement.”

Matt RileyNetgain

“SecurityStudio helped Netgain bridge the gap between more-general security awareness tools and a tool to capture the unique and very compliance-driven needs of the medical practices Netgain serves.”

Matt RileyNetgain

“SecurityStudio is the perfect fit for us! They have a great tool that enables us to assess our clients’ level of information security, giving us the capability to provide them with a standardized security score along with a comprehensive, customized action plan. We look forward to bringing FISASCORE® to all of our customers!”

Dave SteeleBankers Equipment Service