Innovation
Thirty-five years of methodology and platform work in security, governance, risk management, and compliance. The items below are what RESCOR has actually contributed to the field — each one still in active client use, each one with a dedicated page describing how it works and what it is for.
RAPID
1992 — present
The first agile SGRC methodology. Short, iterative development cycles applied to security, governance, risk management, and compliance programs — years before the same ideas took hold in software engineering as Scrum and DevOps. Still the engagement framework behind every StrongCOR subscription and the implementation backbone of every STORM-based risk program.
RSK & STORM
1996 — 2026
The first quantitative security-testing methodology (RSK, 1996) and its modern descendant, Simplified Total Risk Management (STORM, 2013) — a quantitative risk-management methodology that produces objective, repeatable, and comparable measurements at the information cost of a qualitative assessment. Compatible with every major risk framework. Full mathematical foundations in the published STORM/RSK white paper.
ATRA
2026
STORM integrated with AI-driven data collection and a graph-backed risk model. ATRA reads the client's own artifacts — interview transcripts, scanner output, policy documents, audit reports — and proposes the Transform inputs STORM needs. Analysts review and approve. The result is a complete quantitative risk assessment at a fraction of the labor cost of a manual engagement, updated continuously rather than once a year.
StrongCOR
2003 — present
An SGRC engagement model built on the observation that security, governance, risk management, and compliance are ongoing work rather than project work. A flat monthly rate replaces project quotes; RAPID cycles happen on schedule rather than whenever calendars free up. Strict separation of duties between testing and support preserves objectivity.
Simplified Total Risk Management, STORM, ATRA, StrongCOR, RAPID, and RSK are trademarks of Andrew T. Robinson.