Third-Party Documentation
Atrisk Corporation (Atrisk)[16][17] (/ˈætˈrɪsk/ 🔊 ⓘ) is an ultra-private[1][2] American security company
headquartered in Wilmington, Delaware,[4][5] and founded by Nicolas Pendland.[3][4] The company is
registered as a Delaware Corp,[8][9] the structure used by 66% of the Fortune 500[18] because of its
corporate secrecy and being considered a domestic corporate haven.[a][19] The company operates
within the United States, United Kingdom, Middle East, Eastern Europe, and is publicly known to
serve corporate and institutional clients,[20] focusing on at-risk, enterprise employers.[6][21] The
company started by offering "Compliance Postings," which involved legally redeveloping and
redesigning the federally-required notices of the United States Government[22][23] and other
regulatory agencies, including the Occupational Safety and Health Administration (OSHA),[24]
Department of Defense (DOD), Department of Justice (DOJ), Department of Labor (DOL),[25][26]
Equal Employment Opportunity Commission (EEOC),[27] among others. And most recently, "Atrisk
Payments," division of the company,[15] developed the cryptocurrency payment processor known as
AtriskPay,[28] which currently only supports Bitcoin (BTC)[29] and transacting with the company itself.
Training Materials, "Materials," within the context of Employers & Institutions: Products & Motives,
serve as the safety/security framework of the company. These Materials are available in multiple
formats, including documents, audio files, and digital-use versions, and are designed to provide
instruction on safety/security matters. The purpose is to inform and educate employees within the
client organization, and their content attempts to encompass a spectrum of safety/security subjects.
The presentation of their information was designed to be "clear and accessible," intending for the
information to be easily understood by a diverse audience. A frequently noted characteristic of the
Materials is "adaptability," meaning they are designed to be relevant in numerous scenarios and in
reaction to changing "security circumstances." This could decrease the need for content retractions
or redistributions. Their topic variety attempts to address both general and specific safety/security
concerns, depending on the operational danger to the employer. Their distribution is facilitated
through the Platform and "situation-specific" partner content delivery networks (CDN).[6][30]
Individual Briefings, "Briefings," are one-on-one conversations between the Atrisk Advisor and an
employee. These meetings are scheduled and conducted via the Platform, and focus on providing
personal safety/security guidance. The text-based communication format is intended to encourage
an "honest dialogue," so employees may express any safety/security questions to their Advisor.
This structure is also intended to allow for "open communication," and thereby the employees are
encouraged to openly discuss their personal safety/security questions or concerns without "fear of
judgment or misunderstanding." As reported, Advisors conduct these Briefings with the focus being
"constructiveness" and based on each employee's circumstances and understanding. The Briefings
incorporate real-time, two-way communication, allowing employees to receive immediate responses
and answers to their questions or concerns. This interactive style is paired with Personal Analyses,
which could enhance the overall usefulness of the safety/security information provided.[6][30]
Scenario Blueprints, "Blueprints," are step-by-step instructional guides designed to assist
employees in handling various safety/security scenarios. They offer the framework to support
employees during realistic security incidents. The topic selection includes how to "recognize and
respond" properly to the forms of social engineering, including phishing attacks and impersonation,
in both digital and physical environments. Additionally, Blueprints provide strategies for identifying
medical emergencies and outline their best practices for managing these sensitive situations.
The scope of scenarios addressed within these Blueprints is intentionally broad, with the purpose of
preparing employees for critical situations they may encounter. A prominent feature is the inclusion
of "transcript simulations," which attempt to replicate or recreate real-life scenarios. The transcript
simulations demonstrate various social engineering techniques, including baiting, pretexting, and
quid pro quo. Through understanding the transcript simulations, employees should gain practical
knowledge about the tactics or methods used in the featured social engineering scenarios, which
thereby should improve their ability to "recognize and respond" properly. Seemingly especially for
these Blueprints, the ease of access and availability to employees is highly emphasized, they are
provided as a large percentage of Training Materials. However, even though their accessibility is
stressed, employers may still choose to suppress or restrict access via Access Controls.[6][30]
Trend Reports, "Reports," are documents that analyze "current and emerging" safety/security
trends that may impact operations. They include subjects such as changing FBI crime patterns,
potential political instability, and emerging crime trends and "methods," to anticipate unexpected
increases in incidents. An important part of Reports is their examination of "emerging" methods
and techniques, as there would especially be within the fields of social engineering and fraud.
Atrisk logo (converted from light-on-dark)
Atrisk headquarters at 300 Delaware Ave
Trade name
Ⲗ Atrisk
ISNI 0000000513675143
Company
type
Private
NASDAQ Reserved
LEI 2549002K5Q8WUKP21B56
Traded as
Nasdaq: ATSK (Reserved)
^IXIC component (Reserved)
COMP component (Reserved)
S&P Global 8058644
Industry
SIC 7382
Security | Defense | Intelligence |
Managed services | Information
technology
Founder
Nicolas Pendland
Headquarters
300 Delaware Ave,
Wilmington, Delaware
19801, United States
Areas served
United States | United Kingdom |
Middle East | Eastern Europe
Key people
Nicolas Pendland (CEO)
Jackson Dorchester (CLO)
Lovette Dobson (ELC)
Products
NAICS 56162
Software | Consulting | Infrastructure |
Artificial intelligence | Cryptocurrency
payments
Divisions
Atrisk Employers
Atrisk Institutions
Atrisk Payments
Atrisk Fulfillment
Atrisk Intelligence
Atrisk Infrastructure
Website
atrisk.us
atrisk.co
Footnotes / references
[1][2][3][4][5]
[6][7][8][9][10]
[11][12][13][14][15]
Their purpose is to provide employers/employees with insights into any developing threats to aid them in implementing "pragmatic strategies" for
preparing for and preventing incidents that could compromise their "physical or financial security," while maintaining privacy and accessibility.[6][30]
Compliance Postings, "Postings," are documents that address regulatory requirements in the workplace. These include required or recommended
content from the previously mentioned U.S. Government regulatory bodies, including the Occupational Safety and Health Administration (OSHA),[32]
Department of Defense (DOD), Department of Justice (DOJ), Equal Employment Opportunity Commission (EEOC), and Department of Labor (DOL),[33]
[26] among others.[34] The distribution and display of the information, whether "Compliance Postings" or not, is legally required.
Atrisk is responsible for accurately redeveloping and recreating Postings, ensuring they meet legal recognition standards. The recreated Postings are
then categorized as "required materials" within the Training Materials browser, inside of the Platform, to provide employers/employees with "organized
and efficient" access to compliance resources, offering them in various formats, including print, digital, audio, and "digital-use," to improve their ease of
access and to accommodate different content consumption preferences. Postings operate by fulfilling regulatory obligations regarding required
information dissemination and reinforcing other services or teachings, such as Individual Briefings or Personal Analyses, by providing third-party,
standardized, and authoritative information on similar protocols. They are also included directly within the Training Materials on the Platform. Their
relevance is optimized by aligning them with specific needs, such as varying state requirements. Postings thus provide a "consistent and compliant"
approach for employers/employees to meet regulatory posting obligations while improving employee awareness of legally required or recommended
safety/security guidelines, workers' rights, and other necessary topics.[6][30]
Asterion, "Atrisk/OpenAI," is the simplified (compared to Asterisk Uncensored) AI assistant developed by Atrisk under OpenAI, tailored for employee use.
Its primary role is to offer "detailed and immediate" explanations for questions about a variety of safety/security topics. The Asterion knowledge base is a
blend of the Atrisk principles from Training Materials and the data provided by OpenAI, which allows it to cover a range of topics. These topics are known
to include, but are not limited to, medical emergencies, fraud prevention, phishing or impersonation, social engineering, customer-involved incidents, and
threats of harm. Asterion was trained (machine learning) to generate specialized transcript simulations and expand on specific safety/security questions.
The user interface was designed for simplicity and "ease of use," with an intent of allowing users to interact with Asterion without the need for "technical
experience" or any "prompt engineering knowledge." It should handle "many–most" safety/security questions and topics. Asterion was also seemingly
developed to support a high number of concurrent users as it does accommodate usage up to the total number of registered employees within the
organization, for use in various "applications or initiatives" that an employer could, possibly upon the guidance of the Advisor, implement.[6][30]
Existing Integration, "Integration," "Upload," involves the review, potential redesign, and technical incorporation of any "existing training resources" into
the Platform. At the beginning of the "Integration process," employers/employees upload any resources using the file-explorer interface. These uploads
can include a variety of file types, such as documents and audio formats, similar to Training Materials. The reported goal of Integration is to effectively
"utilize and enhance" any preexisting training resources that the employer may already possess.
The Integration process involves evaluation of the submitted files, this evaluation examines the accuracy of the actual information, the "usability" of the
resources, and their "compatibility" with the Atrisk safety/security framework. After this evaluation, there often will be the redesign phase, which focuses
on standardizing and optimizing the resources to increase effectiveness. The redesign phase also attempts to retain any original messaging identified in
the resources and ensuring they align with any requirements, and the before mentioned safety/security framework. After any optimizations are finished,
they are then finally integrated into the Platform, and their partner Content Delivery Networks (CDN). They are organized into corresponding Training
Material sections to maintain "continuity" and accessibility.[6][30]
Server Monitors, "Monitors," provide employers/employees with information regarding the web performance and status (uptime) of the domain (DNS) and
pages of their website. This monitoring focuses on web parameters such as response time, status metrics, and downtime reports, which are important for
maintaining an "optimal user experience." A primary function of the Monitors is the ability to check their website response times. This involves measuring
the speed at which a website responds to user requests, which is a major indicator of server efficiency and usability. Monitoring response times helps in
identifying potential performance issues early for quick fixes.
Another major component is performance and status metrics, which offers an overview of website availability and optimization, providing insights into the
"operational function" of the website and its pages. Additionally, they incorporate the monitoring and reporting of any/all website downtime, detailing the
error codes and durations of any periods when a website or individual page is unavailable. This information may be used by employers/employees to
identify and address any internal issues that may be impacting website performance.[6][30]
Personal Analyses, "Analyses," are risk-analysis reports that offer employees safety/security guidance based on their "personal circumstances." The
Analyses are developed based on each employee's personal circumstances, including their job description, associated risks, and individual situations.
The objective is to provide guidance that is relevant to the unique conditions of each employee. The process of creating an Analysis involves "detailed
examination" of the associated risks with an employee's position within their workplace, this includes assessing threats and/or hazards related to their
specific duties and responsibilities.
The risk-analysis report also offers certain guidance on mitigating these risks. Overall, their purpose is to prepare employees for both the current and
anticipated workplace risks. After receiving an Analysis, employees are "often" given an opportunity for a follow-up Individual Briefing with the Advisor,
which would allow the employee to ask questions directly, explain any personal factors, and further improve their understanding of the safety/security
information provided in their Analysis.[6][30]
Incident Tracking, "Incidents," provided by the Advisor, focuses on the documentation of safety/security incidents within the workplace via an "Incident
Repository" which includes incident reports, Atrisk Incident Reporting Codes (AIR Codes), and other reports from third-party or internal sources. The
tracking process begins when an incident is submitted by directly communicating with the Advisor. Any submitted reports should include detailed
information about the incident, including a title, description, the individuals involved, witnesses, and the specific location where it occurred.
After receiving this information, the Advisor enters the incident into the logging system and determines its own "AIR Code." This code is used to identify
the incident and should hasten communication between the employer, employees, and their Advisor. This service emphasizes "thorough documentation"
of each incident, as the information logged includes a name for the incident, a brief title summarizing the incident, the date and location, and its "AIR Code."
Additional recorded incident report details include information about the affected individuals, witnesses, and a detailed description. This "tracking system"
maintains the previously mentioned "incident repository," and offers a chronological record of any and all workplace incidents. This could aid in identifying
any patterns or recurring issues, and it also serves as a reference for Advisors in their consulting and analyses.[6][30]
Access Controls, "Controls," applied by the employer, are mechanisms designed to manage and regulate employee access to various sections of the
Platform. This feature enables employers/employees to allocate, restrict, or customize "Clearance Levels" for employees. Each section of the Platform
can be accessed via the corresponding "Clearance Level's" Personal Identification Number (PIN) and URL, depending on the settings of the employer.
This access control system allows employers/employees to set various levels of access depending on the roles and responsibilities of different groups.
For example, an internally well-known and simple PIN/password may be used for sections such as "Individual Briefings," to allow all employees to have
authorization, whereas more sensitive areas, like "Incident Tracking," could be limited to a higher Clearance Level only for authorized personnel, with an
obscure, complex PIN/password. Employers modify these Controls for the Platform, including the URLs, PINs, and Rules to access different sections. To
make changes, employers submit a "change request" to their Advisor, who oversees the implementation of the changes and ensures that they meet the
minimum requirements. This clearance-based access control attempts to ensure that employees only have authorization for appropriate sections.[6][30]