What is Open FAIR™?

Open FAIR™ (Factor Analysis of Information Risk) is the go-to standard for quantitative risk analysis. Open FAIR™ provides a framework for understanding, analyzing, and quantifying information risk in financial terms. 


The adoption of an Open FAIR™-based approach brings the organization benefits including:

  • Improved communication and understanding of risk through the use consistent terms and language.
  • A structured way to model risk, which leads to more thorough analysis. 
  • Risk presented in financial terms, enabling cost/benefit analysis.

"Apps [HealthGuard's Founder & CEO] is the person I think of when I think of healthcare InfoSec. You won't find anyone stronger in the field." 

Jack Jones

Creator of FAIR

Modular Approach 

Organizations can implement Open FAIR™ in a modular fashion by plugging it into an existing risk management process. It can be phased in slowly or implemented as a forklift upgrade. It is also complimentary to existing security frameworks such as NIST Cyber Security Framework, NIST 800-53, and ISO 27000. 

Open FAIR™ quickly begins producing quantitative measures of risk that can be used to improve decision making.

An International Standard

FAIR was originally released to the public in 2006. It was later adopted by the Open Group in 2014, making it the only international standard for the quantification of cyber security and operational risk. 

The Open Group has released numerous Open FAIR™-related publications, including two standards: O-RT, Risk Taxonomy Standard, and O-RA, Risk Analysis Standard. These are available here.

Open FAIR™ is a trademark of The Open Group