---
description: Review of Blue Lava Software: system overview, features, price and cost information. Get free demos and compare to similar programs.
image: https://gdm-localsites-assets-gfprod.imgix.net/images/software_advice/og_logo-55146305bbe7b450bea05c18e9be9c9a.png
title: Blue Lava | Reviews, Pricing & Demos - SoftwareAdvice GB
---

Breadcrumb: [Home](/) > [Cybersecurity Software](/directory/4643/cybersecurity/software) > [Blue Lava](/software/413996/blue-lava)

# Blue Lava

Canonical: https://www.softwareadvice.co.uk/software/413996/blue-lava

> Blue Lava is a SaaS platform, designed with, by, and for CISOs, that offers a holistic solution for security professionals to manage security programs. CISOs can take a control framework-focused approach or a risk-focused approach to assessing the current state and maturity of the organization or individual areas of the organization. 

With copy and clone features, Blue Lava provides a consistent method for repeating assessments year over year, quarter over quarter, or at any cadence. Likewise, as subject matter experts update responses, they can also provide links to updated evidence as verification. Blue Lava does not directly capture evidential artifacts but rather captures only contextual attributes such as the name, owner, link and expiration dates for the evidence. This gives CISOs full security and access control permissions over the original content and allows the subject matter experts the ability to quickly and easily provide proof of their responses for each assessment. 

Once the security team has baselined the program with requirements and risk information, Blue Lava supports the triage and management of gaps and deficiencies identified from the baseline assessment. Blue Lava automatically creates findings from any unmet requirement, populates recommendations for closure, and provides pre-templated views to review and assign findings for remediation or risk acceptance. This includes out-of-the-box themed views to rank and order the resulting findings by maturity, by common themes, or prioritized by risk. 

During this triage process, Blue Lava natively supports simulation functionality to group findings into different scenarios for remediation or risk acceptance. Using this functionality CISOs can prioritize individuals or groups of findings to be placed into projects for management and remediation. The simulations functionality reviews priority and any provided resource needs for people, technology, and time to remediate the associated findings. The simulations engine then calculates the potential NIST coverage scores and BL CMM maturity levels that would be achieved if all findings were remediated. This allows CISOs to predict which projects would be best to fund to achieve an increase in NIST score, and maturity or to optimize limited resources across different potential projects. 

As Findings are prioritized and marked for remediation, CISOs can leverage integrations to existing ticketing tools, such as Jira Cloud, to bidirectionally manage the workflow of the finding through closure and remediation. This allows organizations to maintain the existing process and communication channels for managing gaps and issues without having to log into separate tools or manage multiple workflow processes. Once findings are aggregated into projects, using the simulations algorithm to create different project scenarios or using the different pre-populated themed views, security program owners can assign ownership and add resourcing and staffing information to projects for remediation. These tactical projects natively can roll into higher-level strategic action plans that make up the goals and Initiatives for the security program. CISOs can, therefore, directly identify, document, track, manage, and report on their objectives and key results (OKRs) and strategic goals and initiatives for the program using the Blue Lava platform. 

Natively the progress, status, and percent complete for each of these initiatives can be dynamically viewed, managed, and presented using the Blue Lava roadmaps functionality. This presentation-ready visualization allows CISOs to dynamically select different areas of the business, key initiatives, and attributes of that initiative to share with various stakeholders.
> 
> Verdict: Rated \*\*\*\* by 0 users. Top-rated for **Overall Quality**.

-----

## About the vendor

- **Company**: Blue Lava

## Commercial Context

- **Target Audience**: 51–200
- **Deployment & Platforms**: Cloud, SaaS, Web-based, Mac (Desktop), Windows (Desktop), Linux (Desktop), Chromebook (Desktop)
- **Supported Languages**: English
- **Available Countries**: United States

## Features

- Activity Dashboard
- Assessment Management
- Audit Trail
- Collaboration Tools
- Customisable Reports
- Dashboard
- Data Visualisation
- Document Management
- IT Risk Management
- Operational Risk Management
- Prioritisation
- Real-Time Reporting
- Risk Analysis
- Risk Assessment
- Risk Reporting
- Risk Scoring
- Security Auditing
- Task Management

## Support Options

- Email/Help Desk
- Knowledge Base
- Phone Support

## Category

- [Cybersecurity Software](https://www.softwareadvice.co.uk/directory/4643/cybersecurity/software)

## Related Categories

- [Cybersecurity Software](https://www.softwareadvice.co.uk/directory/4643/cybersecurity/software)
- [Risk Management Software](https://www.softwareadvice.co.uk/directory/4423/risk-management/software)

## Alternatives

1. [Pirani](https://www.softwareadvice.co.uk/software/122791/pirani-riskment-suite) — 4.5/5 (206 reviews)
2. [Wrike](https://www.softwareadvice.co.uk/software/3777/wrike-pm) — 4.4/5 (2970 reviews)
3. [D\&B Finance Analytics](https://www.softwareadvice.co.uk/software/246735/dandb-finance-analytics) — 4.5/5 (137 reviews)
4. [MasterControl Quality Excellence](https://www.softwareadvice.co.uk/software/142000/mastercontrol) — 4.5/5 (527 reviews)
5. [GOAT Risk](https://www.softwareadvice.co.uk/software/105558/goatrisksolutions) — 4.7/5 (65 reviews)

## Links

- [View on SoftwareAdvice](https://www.softwareadvice.co.uk/software/413996/blue-lava)

## This page is available in the following languages

| Locale | URL |
| en | <https://www.softwareadvice.com/risk-management/blue-lava-profile/> |
| en-AU | <https://www.softwareadvice.com.au/software/413996/blue-lava> |
| en-GB | <https://www.softwareadvice.co.uk/software/413996/blue-lava> |
| en-IE | <https://www.softwareadvice.ie/software/413996/blue-lava> |
| en-NZ | <https://www.softwareadvice.co.nz/software/413996/blue-lava> |

-----

## Structured Data

<script type="application/ld+json">
  {"@context":"https://schema.org","@graph":[{"name":"SoftwareAdvice UK","address":{"@type":"PostalAddress","addressLocality":"Egham","addressRegion":"ENG","postalCode":"TW20 9AH","streetAddress":"Tamesis, The Glanty, Staines-upon-Thames Egham TW20 9AH United Kingdom"},"description":"Software Advice helps businesses in the UK find the best software with confidence. Compare software options and learn more from our research and user reviews.","email":"info@softwareadvice.co.uk","url":"https://www.softwareadvice.co.uk/","logo":"https://dm-localsites-assets-prod.imgix.net/images/software_advice/logo-white-d2cfd05bdd863947d19a4d1b9567dde8.svg","@id":"https://www.softwareadvice.co.uk/#organization","@type":"Organization","parentOrganization":"G2.com, Inc.","sameAs":[]},{"name":"Blue Lava","description":"Blue Lava is a SaaS platform, designed with, by, and for CISOs, that offers a holistic solution for security professionals to manage security programs. CISOs can take a control framework-focused approach or a risk-focused approach to assessing the current state and maturity of the organization or individual areas of the organization. \n\nWith copy and clone features, Blue Lava provides a consistent method for repeating assessments year over year, quarter over quarter, or at any cadence. Likewise, as subject matter experts update responses, they can also provide links to updated evidence as verification. Blue Lava does not directly capture evidential artifacts but rather captures only contextual attributes such as the name, owner, link and expiration dates for the evidence. This gives CISOs full security and access control permissions over the original content and allows the subject matter experts the ability to quickly and easily provide proof of their responses for each assessment. \n\nOnce the security team has baselined the program with requirements and risk information, Blue Lava supports the triage and management of gaps and deficiencies identified from the baseline assessment. Blue Lava automatically creates findings from any unmet requirement, populates recommendations for closure, and provides pre-templated views to review and assign findings for remediation or risk acceptance. This includes out-of-the-box themed views to rank and order the resulting findings by maturity, by common themes, or prioritized by risk. \n\nDuring this triage process, Blue Lava natively supports simulation functionality to group findings into different scenarios for remediation or risk acceptance. Using this functionality CISOs can prioritize individuals or groups of findings to be placed into projects for management and remediation. The simulations functionality reviews priority and any provided resource needs for people, technology, and time to remediate the associated findings. The simulations engine then calculates the potential NIST coverage scores and BL CMM maturity levels that would be achieved if all findings were remediated. This allows CISOs to predict which projects would be best to fund to achieve an increase in NIST score, and maturity or to optimize limited resources across different potential projects. \n\nAs Findings are prioritized and marked for remediation, CISOs can leverage integrations to existing ticketing tools, such as Jira Cloud, to bidirectionally manage the workflow of the finding through closure and remediation. This allows organizations to maintain the existing process and communication channels for managing gaps and issues without having to log into separate tools or manage multiple workflow processes. Once findings are aggregated into projects, using the simulations algorithm to create different project scenarios or using the different pre-populated themed views, security program owners can assign ownership and add resourcing and staffing information to projects for remediation. These tactical projects natively can roll into higher-level strategic action plans that make up the goals and Initiatives for the security program. CISOs can, therefore, directly identify, document, track, manage, and report on their objectives and key results (OKRs) and strategic goals and initiatives for the program using the Blue Lava platform. \n\nNatively the progress, status, and percent complete for each of these initiatives can be dynamically viewed, managed, and presented using the Blue Lava roadmaps functionality. This presentation-ready visualization allows CISOs to dynamically select different areas of the business, key initiatives, and attributes of that initiative to share with various stakeholders.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductScreenshot/11da51d0-8f4a-45b0-af00-af7d00e2ab1c.png","url":"https://www.softwareadvice.co.uk/software/413996/blue-lava","@id":"https://www.softwareadvice.co.uk/software/413996/blue-lava#software","@type":"SoftwareApplication","applicationCategory":"BusinessApplication","publisher":{"@id":"https://www.softwareadvice.co.uk/#organization"},"operatingSystem":"Cloud, Apple, Windows, Linux, Chrome"},{"@id":"https://www.softwareadvice.co.uk/software/413996/blue-lava#breadcrumblist","@type":"BreadcrumbList","itemListElement":[{"name":"Home","position":1,"item":"/","@type":"ListItem"},{"name":"Cybersecurity Software","position":2,"item":"/directory/4643/cybersecurity/software","@type":"ListItem"},{"name":"Blue Lava","position":3,"item":"/software/413996/blue-lava","@type":"ListItem"}]}]}
</script>