What is Open FAIR™?

Open FAIR™ (Factor Analysis of Information Risk) is the go-to standard for quantitative risk analysis. Open FAIR™ provides a framework for understanding, analyzing, and quantifying information risk in financial terms. 


Organizations can expect the following benefits by adopting a Open FAIR™ based approach:

  • Improved communication and understanding of risk through the use consistent terms and language
  • A structured way to model risk which leads to more thorough analysis 
  • Risk presented in financial terms which enables cost/benefit analysis

"Apps [HealthGuard's Founder & CEO] is the person I think of when I think of healthcare InfoSec. You won't find anyone stronger in the field." 

Jack Jones

Creator of FAIR

Modular Approach 

Organizations can implement Open FAIR™ in a modular fashion by plugging it into an existing risk management process. It can be phased in slowly or implemented as a forklift upgrade. It is also complimentary to existing security frameworks such as NIST Cyber Security Framework, NIST 800-53, and ISO 27000. 

Open FAIR™ can quickly begin producing quantitative measures of risk that can be used to improve decision making.

An International Standard

FAIR was originally released to the public in 2006. It was later adopted by the Open Group in 2014, making it the only international standard for the quantification of cyber security and operational risk. 

The Open Group has released numerous Open FAIR™ related publications, including two standards, O-RT, Risk Taxonomy Standard, and O-RA, Risk Analysis Standard. There are available here.