Expresso 2.5


 Software-as-a-Service Add to Cart$1,295.95 (as part of Subscription Plan & Money Back Guarantee) or to purchase Expresso® Monthly at $129.95 per month click here.

Omnibus Rule Ready

Download Expresso® 2.5 Data Sheet

Expresso® 2.5 shipped circa September 23, 2019!(click here for the Press Release) provides the following enhancements:

  1. A Breach Notification Wizard that walks you through the Notification process including determining when Notification is triggered;
  2. Breach Notification Wizard step-by-step help videos;
  3. Completely updated and revamped User's Guide; and
  4. Reporting bug fixes!

Expresso® 2.0 shipped circa January 2019! provided the following enhancements:

  1. A Compliance Repository where our customers can maintain their single version of the truth pursuant to visible, demonstrable, evidence of compliance;
  2. Our new Products Portal, streamlining your access to our product portfolio; 
  3. An enhanced Reporting Architecture, allowing for the asynchronous production of large reports; and of course
  4. Some overdue bug fixes!


"Before using Expresso® and the HIPAA Survival Guide products, I was unfamiliar with the extent of compliance regulations. I feel I received a 'college education' in Regulatory Compliance by watching videos, reading the documentation, and attending monthly webinars that are educational. Webinars provided by 3Lions are outstanding!

Expresso®’s documentation was easy to read so that I could report my progress right away. For me, that is worth a lot. Customer service is essential in my book, and 'Expresso® Customer Support is excellent!' With the SRA tool, you are on your own, wondering where to start.

Expresso® and the HIPAA Survival Guide’s products are a complete deal – the whole package. The alternative comes in bits and pieces of information in various online locations that you must search to find.  I was amazed and very pleased to find training documenting and videos, as well as mitigation tools in one place and were easy to use.

If you want to learn, it’s there… the whole package - from Risk Assessment to Risk Mitigation with educational steps along the way. I recommend Expresso® and the HIPAA Survival Guide’s Risk Mitigation products to anyone."– Shirleen Sando – Privacy & Security Officer

What QuickBooks Online ("QBO") did for accounting Expresso® does for Risk Assessments. QBO did not eliminate all the work associated with accounting, what it did was transform accounting from a necessary evil, something to be avoided at all costs and/or handed over to a third party, to something that a business person could master at some basic to intermediate level.

Expresso® comes pre-populated with (T)hreats, (V)ulnerabilities, and potential business (I)mpacts to your organization making the calculation of (R)isks easier than the tedious process that our competitors offer. In addition to pre-populating of Threats, Vulnerabilities and Impacts, Expresso® allows you to modify all pre-populated data in a manner that best fits your organization. 


The following list summarizes Expresso®'s principal features. Expresso®: 

  1. allows you to bulk import Security Objects (people, places, and things that Security Controls are applied to);
  2. comes pre-populated with known threats and vulnerabilities to allow for easier pairing of the two;
  3. allows Security Objects to be categorized via a user defined taxonomy so that Controls can be applied at various levels of classification;
  4. allows you to retain instances of past RAs for reporting purposes;
  5. allows for tracking the results of the Security Controls applied in the remediation step; and
  6. is based on an authoritative methodology (e.g. NIST SP 800-30) so as to meet regulatory compliance objectives.

Expresso® "productizes" the equation and the process that emerges from the NIST methodology as depicted in the graphic below:


Expresso® provides the following:

  1. Pre-populated (T)hreats,  (V)ulnerabilities, (I)mpacts, (R)isks, and (C)ontrols ("TVRCs"):  the allows you to perform a Risk Assessment in hours, instead of weeks or months;
  2. The ability to capture an unlimited number of Risk Assessments over time  in order to show visible, demonstrable evidence of past compliance
  3. The ability to import Security Objects (e.g. people, processes, PCs, servers, networks, applications, databases, physical plant, etc.) from your existing systems thereby minimizing the amount of data entry required;
  4. Tracking mechanism(s) for capturing Risk Assessment process results in the form of predefined reports:  the measurement;
  5. The ability to import (T)hreats and  (V)ulnerabilities from authenticated sources: leveraging industry data where available;
  6. The ability to directly link to the full source code of Security Rule Controls on the HIPAA Survival Guide website;
  7. Scalability, reliability, and availability built-in out-of-the-box using Microsoft's cloud platform Azure; and
  8. Much, much more, including a UI that was built for ease of use and clarity that increases your Risk Assessment productivity on day one


Expresso® provides visible, demonstrable evidence of your organization's compliance with the HIPAA Security Rule's Risk Assessment requirement. When combine with the rest of our Subscription Plan we provide the most comprehensive set of products available, at a price point unmatched elsewhere.