Expresso ® 3.5 (Basic & Silver)


Our Subscription Plan, which includes Expresso®, now comes in two "flavors," Basic & Silver. The price for the Basic Subscription Plan, and its renewal, has not changed. They remain $1,295.95 (initial cost)  and $495.95 (annual renewal cost) respectively. 

In addition, we offer a Silver Subscription Plan; which includes Expresso®'s Business Partner Vetting Portal, at $1,895.05 (the initial price for new customers). Current customers that want to upgrade to Silver need only pay the $595.95 upgrade fee.  The Silver Plan, with a corresponding renewal of $795.95 (after the first year) reflects the Silver Add-on. The renewal from the Silver Plan is not in addition to your current renewal, rather an upgrade renewal for the Silver Plan(i.e. if you upgrade to Silver your renewal fee is $795.95 for the Silver Plan and $495.95 for the Basic Plan.

Of course, we understand that not all customers, or future prospects, will require Expresso®'s Business Partner Vetting portal, but many will, as third-party risk continues to explode


Add to Cart$1,295.95 Basic Subscription Plan; OR 

Add to Cart$1,891.90 (as part of Silver Subscription Plan

  • Click here learn to about Expresso® Risk Assessments 
  • Click here to learn about Expresso® Breach Notification Wizard 
  • Click here to learn about Expresso® Compliance Repository (single version of the truth) & access to all Products
  • Click here to learn about Expresso® Business Partner Vetting (BPV) (Expresso® Silver)
  • Click here to learn about Expresso® Requestor 

Download Expresso® 3.5 Data Sheet

Below we provide just a general overview of Expresso®'s functionality, BUT the details are covered above.


"Before using Expresso ® and the HIPAA Survival Guide products, I was unfamiliar with the extent of compliance regulations. I feel I received a 'college education' in Regulatory Compliance by watching videos, reading the documentation, and attending monthly webinars that are educational. Webinars provided by 3Lions are outstanding!..." Shirleen Sando – Privacy & Security Officer

What QuickBooks Online ("QBO") did for accounting Expresso® does for Risk Assessments. QBO did not eliminate all the work associated with accounting, what it did was transform accounting from a necessary evil, something to be avoided at all costs and/or handed over to a third party, to something that a business person could master at some basic to intermediate level.

Expresso® comes pre-populated with (T)hreats, (V)ulnerabilities, and potential business (I)mpacts to your organization making the calculation of (R)isks easier than the tedious process that our competitors offer. In addition to pre-populating of Threats, Vulnerabilities and Impacts, Expresso® allows you to modify all pre-populated data in a manner that best fits your organization. 


The following list summarizes Expresso®'s principal features. Expresso®

  1. allows you to bulk import Security Objects (people, places, and things that Security Controls are applied to);
  2. comes pre-populated with known threats and vulnerabilities to allow for easier pairing of the two;
  3. allows Security Objects to be categorized via a user defined taxonomy so that Controls can be applied at various levels of classification;
  4. allows you to retain instances of past RAs for reporting purposes;
  5. allows for tracking the results of the Security Controls applied in the remediation step; and
  6. is based on an authoritative methodology (e.g. NIST SP 800-30) so as to meet regulatory compliance objectives.

Expresso® ® "productizes" the equation and the process that emerges from the NIST methodology as depicted in the graphic below:


Expresso® provides the following:

  1. Pre-populated (T)hreats,  (V)ulnerabilities, (I)mpacts, (R)isks, and (C)ontrols ("TVRCs"):  allow you to perform a Risk Assessment in hours, instead of weeks or months;
  2. The ability to capture an unlimited number of Risk Assessments over time in order to show visible, demonstrable evidence of past compliance
  3. The ability to import Security Objects (e.g. people, processes, PCs, servers, networks, applications, databases, physical plant, etc.) from your existing systems thereby minimizing the amount of data entry required;
  4. Tracking mechanism(s) for capturing Risk Assessment process results in the form of predefined reports:  the measurement;
  5. The ability to import (T)hreats and  (V)ulnerabilities from authenticated sources: leveraging industry data where available;
  6. The ability to directly link to the full source code of Security Rule Controls on the HIPAA Survival Guide website;
  7. Scalability, reliability, and availability built-in out-of-the-box using Microsoft's cloud platform Azure; and
  8. Much, much more, including a UI that was built for ease of use and clarity that increases your Risk Assessment productivity on day one


Expresso® provides visible, demonstrable evidence of your organization's compliance with the HIPAA Security Rule's Risk Assessment requirement. When combined with the rest of our Subscription Plan we provide the most comprehensive set of products available, at a price point unmatched elsewhere.