In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andreas Schmitz, whose journey through the risk universe began not in a product roadmap, but deep in the practitioner trenches and eventually led him to CRISAM.

They explore what happens when someone who has actually lived with risk frameworks, audits, and regulatory pressure falls in love with a GRC platform because it finally makes sense. The conversation digs into why usability is not a “nice to have” in risk management, especially in environments like Germany, where standards such as IDW PS 340 set some of the most rigorous expectations in the world.

Michael and Andreas discuss what sets CRISAM apart, why organizations across industries and of all sizes choose it, and how the platform has expanded from Germany into the broader DACH region and across Europe. They unpack who typically uses CRISAM (from risk managers and compliance teams to IT, security, and audit) and why a single, method-based system matters when requirements keep multiplying.

The episode also looks ahead to what’s coming next and how CRISAM is thinking about agentic AI, digital twins, and the future evolution of risk management without losing its practitioner-first DNA.

In a galaxy full of complexity, acronyms, and impossible standards, this episode delivers a simple reminder straight from the Guide itself: don’t panic.