Control Horizon
ISO 31000:2018 aligned

See your risk. Then manage it.

Control Horizon gives teams a clear, structured view of risk — from identification through treatment to ongoing review. Whether you run projects, ship software, or prepare for audits.

See how it works
No credit card required
Free tier foreverSOC 2 ready

Who it's for

Anyone managing uncertainty

If your team tracks what could go wrong — and what you're doing about it — Control Horizon replaces the spreadsheet you've outgrown.

Engineering & Product

Track technical debt, outage risk, and delivery uncertainty. Built-in templates for common technical risks with suggested controls like code review, CI/CD, and monitoring.

Compliance & Audit

ISO 31000:2018 cause-event-consequence risk statements, full audit logs, configurable matrices, and CSV export for evidence packs.

Project Delivery

Portfolios, heatmaps, treatment tracking, and risk appetite thresholds. Every project gets its own register, controls, and residual scoring.

Startups & Founders

Start in 60 seconds with risk templates. Free tier includes unlimited projects. Upgrade when you need sensitivity analysis or team collaboration.

Capabilities

Everything you need. Nothing you don't.

Not a spreadsheet. Not a bloated GRC platform. A focused tool for people who actually manage risk.

Portfolio View

Drill into every number

The portfolio heatmap aggregates residual risk positions from every project. Click any dot to jump to the risk. Click any stat card — projects, open risks, contingency — to see the breakdown. Health grades surface what needs attention first.

Dashboard — Portfolio Heatmap
Low
Med
High
Critical
Risk Register

Templates to get started fast

Pick from 20+ common risk templates across six categories — technical, schedule, cost, scope, resource, and external. Each template pre-fills an ISO 31000 cause-event-consequence statement with suggested scores. Or write your own from scratch.

Project Alpha — Risk Register
RiskScoreCategoryStatus
API rate-limit breach
20
TechnicalOpen
Key engineer departure
15
ResourceMitigating
Vendor contract expiry
12
ExternalOpen
Scope creep on Phase 2
9
ScopeMitigating
Database migration delay
6
ScheduleAccepted
Sensitivity Analysis

Which controls actually matter?

Toggle controls on and off to model what-if scenarios. Tornado diagrams rank controls by impact on your residual score. Save named scenarios and compare them side-by-side for board presentations.

Sensitivity — Tornado Diagram
Automated testing
85%
Code review
65%
Monitoring
50%
Schedule buffer
35%
Backup plan
20%
Score impact when control disabled
Baseline: 12
Worst: 20
Controls & Scoring

Residual scores, auto-calculated

Add preventive, detective, and corrective controls with suggested options per risk category. Rate effectiveness on a 5-point scale. Residual scores update automatically as you implement controls — no manual overrides.

Risk Detail — Controls & Residual Score
ControlTypeEffOn
Peer code reviewPreventive
CI/CD pipelineDetective
Load testingDetective
Failover systemCorrective

How it works

Three steps to clarity

01

Identify

Create a project and pick from risk templates or write your own. Each risk gets an ISO 31000 cause-event-consequence statement, category, owner, and inherent score.

02

Analyse

Add controls from category-specific suggestions. Residual scores auto-calculate. Run sensitivity scenarios to see which controls drive the biggest score reduction.

03

Monitor

Set review cadences. Track treatment progress. Drill into any dashboard figure to see what's behind it. Export registers for board papers and compliance evidence.

About

Built by practitioners

Control Horizon is built by Arcbene, an Australian company in Canberra. We build tools we'd use ourselves — pragmatic, standards-aligned, and free of enterprise bloat.

20+

Risk Templates

Common risks across technical, schedule, cost, scope, resource, and external categories — ready to use.

3×3 to 6×6

Matrix Configurations

Custom labels, criteria, and colour bands to match your existing framework. Not locked into a single model.

Canberra

Australian-built

Built by Arcbene. Australian-owned and operated. Real people, real ABN, real support.

Pricing

Simple, transparent pricing

Start free, no credit card required. Upgrade when your needs grow.

Free

Free

For individuals and small teams getting started.

  • Unlimited projects and risks
  • Risk register + heatmap
  • Controls, treatments, and contingency
  • ISO 31000 cause-event-consequence statements
  • 20+ risk templates across 6 categories
  • Suggested controls per risk category
  • Print reports
Most popular

Professional

$79/mo

Advanced analysis for teams managing real risk.

  • Everything in Free
  • Sensitivity analysis + tornado diagrams
  • Saved what-if scenarios
  • Risk appetite thresholds + breach alerts
  • Review cadence + guided review wizard
  • Custom matrix config (3×3 to 6×6)
  • Full audit trail + CSV export

Governance

$199/mo

Multi-user collaboration for PMOs, GRC, and compliance.

  • Everything in Professional
  • Team members via Clerk Organizations
  • Email invitations + verified domain enrollment
  • Enterprise SSO (SAML / OIDC) *
  • Organisation-wide portfolio visibility
  • Priority support

* Enterprise SSO is available as an add-on at additional cost.

All plans include ISO 31000:2018 alignment. View full plan comparison

Ready to see your risk clearly?

Create your first project in under a minute. No credit card, no sales call, no spreadsheets.