Frequently Asked Questions

Learn about our project most commonly asked questions in this section, if you cant find an answer to your question please use the Contact Us form on the menu to drop us an email.

We are a group of people that spent many years (well, decades) running corporate security and compliance at large and small organisations around the world, eventually in 2006 or so we got fed up with not having simple cheap tools to do the work.

We then decided to build this project to: design, build and distribute a simple and cheap alternative to GRC spreadsheets and companies out there.
Eramba is a company registered in the UK (feel free to query our company name at Company House) and we run the team out of Bratislava, Slovakia
Eramba was built by GRC professionals in different industries and different parts of the world as a tool to help us get our job done in a more efficient and professional way than simpler tools (spreadsheets, sharepoint, etc). Eramba is a tool that helps with compliance, risk management, control testing, exception management, etc. See our open, free documentation for details.

Typical use cases are ISO 27001, SOC2, PCI, Risk Frameworks, Vendor Assessments, Awareness Training, Incident handling, etc. Typical users professional profiles are Security Professionals, GRC, Compliance, Internal Audit, Auditors, IT Managers, Etc.
Tools help us do things quicker and many times better. A stone axe and a chainsaw are both tools, obviously the chainsaw does things quicker and more precisely. It does so at an expense which many times is not justified (killing a mosquito with a cannon).

Other well known tools are (just to name a few): Archer, Metric Stream, Spreadsheets, Sharepoint, Custom Built Systems, Jira, Etc. There are many tools that help you with GRC.

You need to find something that helps to solve your problem and its expense in capital and human resources is justifiable.

We don't compare tools because it is hard to do it without knowing them intimately and much harder to keep that comparison updated over time. We also don't work for a profit, that fundamental business model difference makes most comparison simply unfair. We believe GRC professionals do not need sophisticated tools to get their job done and therefore we don't think complicated or expensive GRC tools are needed for most people out there. We have a large community that supports that line of thought.

Our documentation is completely open, it takes no longer than a day of reading and watching videos to understand well what eramba does and how
Please review our install guides, eramba gets installed thousands of times every year around the world so it's a very solid and standard process by now. If you have problems and you are an enterprise customers contact support@eramba.org
Our website has free, full access to our documentation, forum, roadmap, releases history, Etc. If you are an enterprise customer you can access support by emailing support@eramba.org
Every company is different in the skills they have, resources at hand and scope of implementation (some only risk, some risk, compliance, etc) so implementation times vary wildly.

Is best to break down this problem into smaller manageable pieces:

  • Installing eramba takes less than an hour if you know what you are doing and you have an underlying linux system running. Enterprise customers get assistance on this and the call never takes longer than an hour.
  • Configuring eramba with LDAP, SAML, Users, Groups, Email Settings can take again a few hours if you know what you are doing at least to get started with.
    Before you start using eramba you need to understand what features you want to use and how they work. The recommended approach is:
    Learn how to use eramba with our basic four course training (see documentation) which takes 6 hours of watching dreadfully boring videos. We suggest budgeting 16 hours to be on the total safe side since you might need to watch them a few times to fully grasp concepts and implementation techniques. If you are an enterprise customer you can purchase consulting hours (per hour) so you have our support clarifying concepts.
  • Practice your new knowledge in a testing environment, in particular notifications, status, imports, Etc. This is a very important and seldom ignored step. Again you can purchase consulting hours to refine your skills.
  • Implementing eramba means you start to upload content such as: policies, internal controls, risks, compliance requirements, etc. This is of course a three step process: Creating Content, Uploading Content and Operating eramba.
  • Creating content is harder than it seems in particular for internal controls as most companies that have not used a GRC system before are not used to perform testing, etc. You will prepare all these content on CSV formatted files so they can be quickly imported into eramba.
  • Uploading content takes minutes since it's basically CSV imports.
  • Operating eramba means that eramba is not a static spreadsheet and will trigger notifications when things are due (risk reviews, policy reviews, control testing, etc, etc) and therefore you need to follow up otherwise the system becomes a very expensive spreadsheet. This is again dependent on the amount of data and people you have to keep the system updated.
We try to update community once a year, enterprises get two updates a month on average
Please use our website contact form or email the issue to support@eramba.org, we will most likely need from you:

  • What steps you follow to trigger it
  • What version of the software you are using (System / About)
  • Full error logs (System / Settings / Errors / Download All)
  • We might need a few more things but that's a start
Yes, please review our documentation
We provide community users with an enterprise level GRC solution, probably the only one in the world (at least for free!). Literally thousands of companies have downloaded and used this software for free and that makes us happy.

We provide the community with:
  • A detailed documentation portal with videos and documents that explain how eramba works and how is implemented
  • Demo online eramba’s to play and test every feature
    Detailed install guides with videos and documents for source code and VM installations in case you are not a linux geek
  • A clear product roadmap and release history
  • A forum (read only)
Users sometimes hit well known bugs which have been fixed in enterprise but have not still been fixed on community (remember, community gets updated once a year and enterprise multime times per month). You will have to wait until a fix becomes available, there is nothing we can do specifically to help you.
We of course can not guarantee there will never be vulnerabilities, any software producer makes many changes over time and having bugs (functional or security) is inevitable, our case being open is different from closed products though.

Our code is open, if there is a bug or security issue it won't be hard to notice it around the world:
  • Our user base is considerable, around 8 thousands as of today (2019)
  • We basically serve the security industry, many security experts test our product hundreds of times every year.
  • By being open, our product does not have “secrets” – the long “security by obscurity” strategy (which is what you get from a closed code vendor) does not apply and that is great. Just google why open-source is as or more secure as closed products.
Now, how do we build eramba (securely)?
  • We have the same development team since pretty much day zero, they know the app and the community very well. They all have formal secure coding training. We also have no attrition and that means education and knowledge is not dispersed.
  • The very founder of eramba has been involved in application security around europe since 2007 at several OWASP chapters as a speaker, contributor, etc. We understand application security, although this is not a guarantee of anything, is a big plus.
  • We have asked friends in the industry to review some of the key functionalities in eramba manually, we don't do this more than once a year approximately. We do 3-4 releases per month, it is impractical to assess eramba by a third party on every release. In a continuous development strategy that simply does not scale.
  • Every functionality we build is documented from a functional and testing perspective, this means that we document security controls and how they will be tested as we design a functionality. This is built in our Github workflows and reviews.
  • We scan our software with Acunetix on pretty much every (major) release, look on our forum for “Release”, sort by the “latest” post and you will see the reports. Anyone can see them.
What if we make a release that contains a security bug?

We fix it just like we fix stuff every day. We make an urgent release (it typically does not take more than a couple of days) for enterprise customers. We notify customers on our forum and explain the issue on the forum, again we are open in any way to the community
Eramba handles no private data from any customer or supplier other than:
  • What is on a typical invoice (your company name, address, contact name, etc)
  • Your invoice information is stored at Xero, we have strong authentication so as long as they don't mess your data we should be ok. Your support information is stored at Zendesk, same story as with Xero.
Eramba is not a SaaS service so again, nothing yours is handled by us. We are all here people with obvious security backgrounds and although eramba does not have nor plans nor believes it is necessary to have ISO 27001 certificates, SOC2 reports, Etc we do have controls in place that deal with potential risks (endpoint security and strong authentication on our cloud services, etc).

We do not share with customers or suppliers what such risks are nor the exact list of controls in place.
Yes, a security or a functional bug is exactly the same for us - a functionality that does something on the software or its data that is not documented. Every year eramba gets installed thousands of times and is used by many people around the world, in particular security people, so we do receive every month some sort of report. Is a perfectly normal operational task for a software used by many people. We work on certain types of bugs and under certain conditions:

The bug you found must actually cause proven damage, is not enough to talk about "potential" damage, it must be proven that one of the following happens:

  • You were able to access to the system or specific functionalities (with write or read permissions) bypassing authentication and authorization controls
  • You are able to affect the data integrity of the software, you modified data that you should not have been able to do so
  • You are able to make the system unavailable to users
Then we need to know how you got there, for that we need that you copy paste the following items on an email to support@eramba.org and respond each one of them:

  • Describe which of the three issues above are of concern
  • If the exploit requires an authenticated and authorized account
  • A STEP BY STEP procedure we can repeat that leads to the bug. This is fundamental, step by step what actions (clicks, etc), payloads (POST, GET, payload, etc), response headers (the response from your requests), scripts, etc you used to exploit the system
  • The version of eramba you are using. Ideally you should be using the latest community or enterprise release.
Please email your report (as per the guides above!!!) to support@eramba.org and we'll assist. It typically requires many back and forward messages to understand the issue, in particular if it's complicated. If the exploit is reproduced by us we'll fix it and work with you in order to publish CVEs, forum posts, Etc.

IMPORTANT: The information above is impossible to provide without deep technical skills, screenshots or videos. Do not send automated scanner reports as those are of no use to us, they do not provide any of the above mentioned requirements
Bugs and features arise from us and the community over email, forum or casual conversations while we do training or attend meetings. Anything it catches our attention will receive a Github issue (which we only can see). If a request does not receive a github issue is because most likely we won't be working on it.

There is a ton of work and limited resources, for that reason we need to prioritise. We manage three queues:
  • Ongoing (its software we are building now for the next release)
  • Short Term (is what comes next, typically those items with a PRIO-1 label on that queue will be the chosen ones for the next release, the rest will have to wait)
  • Long Term (is stuff we want to do but we are not sure how to do it or when to do it. Things from this queue move upwards to the short-term)
What goes in which one is not something we have a book set of rules for so things can change in particular for features. When it comes to bugs the general rule is:
  • Serious bugs (functionality is unusable, data could be compromised, etc) goes as hotfix, it gets done as quick as possible (days typically)
  • Complicated, Esthetic bugs, Etc go to short-term
We of course prioritize as well which bugs get our attention first based on what we think is more urgent for the community. You can see what is where on the queue by looking at the roadmap yourself and search your Github id on the queue. We don't mind you asking us when something will get done, just understand we call the shots. If you need something urgent or something special you can use our customisation service.
eramba is an Apache+MySQL+PHP based software, this is probably the most common app setup you can find on the Internet today. All these user-space software components run on every linux system in the universe, so eramba WILL run on your prefered (modern) linux distribution.

We assume you have people at your organisation that understands Linux and can install these packages (a very simple task for any Linux administrator). They should look at our install guides and will soon figure it out. If you dont have linux experts, you can try our VM, but sooner or later you will need to do some adjustment. The steps to get eramba installed are:

  • Install these packages: This varies widley depending on how your distribution handles packages, how you distribute these packages, if you use automation, if you use containers, etc. Is impossible we or anyone can provide a guide for every single scenario. We provide guides for: RH, Centos, Ubuntu using their package systems.
  • Install eramba: this is basically uncompressing source code (php, etc) and uploading a SQL schema on your MySQL compatible db.
  • Configure Apache, PHP and MySQL: adjust their settings to our standards (memory, etc). These configs are universal to all linux (because you are configuring user space apps) but of course the config file locations and its handling is OS dependent
Use our guides, review the common issues guides, review the forum and if none of that works write to support@eramba.org for help (if you are enterprise)
The community software (which is free and open) costs money and that needs to be paid somehow. We sell an enterprise software version (which is paid and open) to raise sufficient funds every year to cover the entire project cost (salaries, offices, etc).

Eramba has never operated as a standard business that tries to make more money every year, nothing wrong with that of course, we just built this project with the goal of developing an ideal (well, in our view) lifestyle where we value our freedom and time. Having built this on our free time a decade ago, being frugal with our expenses, being very flexible and quick on making decision has allows us being 10-20 cheaper than the competition and that means: we don't have debts, no-one owns us, we dont need sales targets, conversion targets, budget targets, sales teams, marketing teams, Etc. We just don't need them.

While our pricing is cheap and somewhat static, every year we complete 30-40 releases making the software better and better. Over the years, our asset which is the software and the community get better and better while the pricing remains the same. More value, same cost.

Despite (in the past) some experts have called us naive, this model has allowed us to grow organically, develop a worldwide community of tens of thousands, get global recognition by Gartner, etc. We have been running these way since 2012 and are happy to continue for as long as it goes!
The following is included:
  • Our enterprise software (not community) valid for two installations (production and testing)
  • Enterprise only features (see the documentation, some features have an enterprise only ribbon)
  • 30-40 Software updates every year
  • Email based support from the core team
    Access to our forum
  • Instructor led, free Online Trainings (every couple of months)
The software has no limits on the number of users or data you put in, well the limit is probably the software capacity to deal with huge amounts of data!
Eramba is an on-prem solution, once you download the software you need to install it on your systems using our documentation. If you are an enterprise customer you get support from us to get that done.
We run eramba without aim for profit, if you purchase our enterprise service you are billed a flat annual fee. It does not matter to us how big or small your company is, how many users you will have, how much data you will feed in, Etc.

It’s a flat, annual fee. At the end of the year, unless you ask us for a renewal, the service is terminated. You have absolute control
You can probably think of them as the same software except for the following:
  • Enterprise gets multiple updates per month. Community is updated once a year by taking the latest enterprise edition and stripping it from some functionalities.
  • Some features are only enterprise, so even when we copy all to community once a year, some features won't be there. You can tell which ones are those by looking at our documentation, features with the “Enterprise Only” tag are of course not copied to community
  • This means that the community might at times have the same code as enterprise (without some features) but as the weeks go the gap in between them increases. In a typical year we do some 40-50 updates, so the gap can get pretty wide.
  • On top of that, enterprises get access to online training and support
Because we charge what we need to operate (salaries of developers, support, admin, office expenses, servers, etc) and that is about it. We don't markup our prices like any other normal business would do. We seek no profit, magnanimous bank account expansion, fancy offices, growth, etc.

It does not matter if you are a huge or small organisation, everyone willing to use our enterprise release pays the same yearly flat fee.

Our goal is to reach as many people as possible in the world, keeping the project open, honest and accessible from a pricing perspective helps us achieve this goal.

Yes - we know other GRC tools are 10-20 times more expensive and we could probably be also a lot more expensive, remember this project (and many other open projects) is not about making ourselves rich
We do not share customer names, references, Etc.

eramba is an open project, all its documentation is detailed on videos and online demos and a fully functional software for free to download and use (our community release), there is little point asking someone for a reference when for the most part you can try it and see it for yourself. We do not have sales or marketing materials, we don't need them. The website is far more detailed than any of that.

We do share project statistics and customer statistics (rate of customers, renewal rate, customer by size, customer by location, etc). Look at our website on the foot you will see a link to a PDF report called “Company Presentation (Slides)”, you will find detailed statistics there.
Over email for the most part - you will write to us at support@eramba.org with any software related question and we will respond to you. If we don't understand each other over emails we will of course set up a Zoom meeting and try with screen-sharing, etc to speed up the process.

We work from 8am to 5pm during CET business days, so if you are in the US West coast and you write to us during your lunch or afternoon time the answer might arrive the following day.

Our typical response for %60 of the request is less than 8 hours , if you consider we don't work 16 hours a day our response time is pretty quick. Although we understand support is important (in the beginning in particular) experience shows that customers raise far less tickets after a couple of months of using the system. This is what allows us to run the project with minimal staff.
No.

Our documentation is free to anyone and really detailed and most of the time is enough for users to understand how the system works. On top of this, every couple of months, we run free instructor led online trainings (10 hours in total) on core eramba functionalities. Rarely customers need more than this, but if that is the case then you can also purchase consulting hours (billed by hour) on our website at any time.
Yes - our team can help you do that remotely at no cost.

Please contact support@eramba.org for details. There is a migration process that can be very simple or lengthier depending on the release gap in between the community and enterprise.

Basically we’ll provide you with a special code for your community, you’ll need to run a few commands and then update one by one all updates in between the community and the latest enterprise release.
Not really, eramba enterprise is an open piece of code, if you give you that code for you to test it on your premises then you have the application no matter if you later decide to engage with our services or not.

We understand people want to try things (in particular expensive GRC solutions, but that is not really our case - is it?) before committing but consider eramba:
  • Is priced at a fraction of any other solution (why is that?) so even purchasing one year of our enterprise subscription is almost nothing for any organisation.
  • Our documentation, roadmap, online demo websites, release history and community edition is completely available to anyone on our website. There is nothing hidden, there are no “private” portals, etc. There is literally hundreds of hours of documentation you can go through with videos.
  • Our mandatory four session basic training (5 hours) is free and explains eramba in extreme detail. You will need this training so why not do it before you purchase eramba to understand what you will need to know?
If you still believe an on-premise trial would put your mind at rest ! (we totally respect that) we suggest you play with the community edition and ask us if you have doubts on how enterprise differs on a particular functionality.

We can always schedule a Zoom call to demo the product and how our project operates (don't worry, we don't have sales teams, only core members of the project do this meetings)
You stop getting updates and support but the system will remain fully functional with the latest version you had for an unlimited period of time.
No - you need to ask us to explicitly renew the license otherwise it will expire and get disabled.
As stated before no trials are available for potential enterprise customers and therefore whatever assessment you wish to do will be constrained by that limitation.

You might use our documentation to test user functionalities or our community version (although is typically way behind updates in comparison to enterprise). If your plan was to perform a security assessment of eramba, although that might (or not) give you a list of current issues, with 40-50 releases a year, a week or two after the assessment the application will be different.

Read the article on how we build software, it might be of use to understand how we design and build eramba.
If you have multiple customers and you manage GRC for them and plan to use eramba you might be wondering if “one eramba can handle many customers”. The answer is no, eramba was designing from day one to be used by a single company.

So you will need an independent install of eramba for each one of your customers. This applies to enterprise and community. If you are a partner and you plan to use eramba with two of your customers then you will need to purchase three licenses: one for the partner (to become a partner) and one for each customer
You will be invoiced by our company incorporated in the UK. Some countries (India, Portugal, Japan, Etc) have tax agreements to avoid paying tax withholdings. Each country has a different process and guides, etc. We are not able to provide you with assistance as that administrative cost is prohibitely expensive in comparison to our license fees. Whatever overhead cost your country imposes on you will have to be paid by your organisations, not us.
A small subset of our customers use online systems to register their suppliers. These systems require usernames, passwords, validations, training, etc. This is too much administrative cost for us in comparison to our license fees and therefore we do not work with them. If this is absolutely necessary for you (meaning you can not upload our company details to your system and you wan us to do it instead), then we can work on them but at a fix administrative fee of 200 EUR (and its equivalent in GBP/USD)

Bear in mind, the only information we can upload to your system is the one already published on our website, basically this is it:
  • Company Name: eramba limited
  • Company address: 71-75 Shelton Street, London, WC2H9JQ, United Kingdom
  • VAT Registration ID: GB265865853 (VAT Certificate)
  • Company Registration ID: 9524547
  • Company registration details: Visit UKs Company House official website: https://find-and-update.company-information.service.gov.uk/company/09524547
  • Bank details / certificates: visit https://www.eramba.org/payments or any quote/invoice we have issued
  • Contact Person: for all types of inquiries always use support at support@eramba.org, phone number +44 2036379084


Any other information requested by your system can not be provided, no matter if you pay the fee. If this terms prove unacceptable then we are sorry that at this time it won't be possible to do business together.
Although we sign up hundreds of customers a year from all sizes, industries and geographies a very small subset of them (statistically under %1) have complicated onboarding procedures requiring: certificates, contracts, large questionnaires, etc.

If your questionnaires involve any of the following we won't be able to work on them:
  • They require changes to our TCs
  • They require additional TCs
  • They require RFIs, RFPs
  • They require company (legal, financial, etc), staff or customer information that is not already public on UKs Company House portal (see here)
  • Ask things which are already answered on this FAQ (how we secure our software, how we secure our company, etc)
The reason for this is that we operate at a cost (this is why we are so cheap) and any work in this regard costs us time and legal reviews, both very expensive tasks that offset any margin on our very cheap pricing.

Although we do not reply to such questionnaires we are happy to Zoom and get to know each other and you can always ask whatever is relevant for you there, simply use the contact us form on our website to schedule a call.

We understand other GRC software companies might not bill or mind doing all this for you, the reason is basically because their pricing structure contemplates these costs. In our view it is unfair to increase our fees to everyone when only a few (less than %1) customers require this additional admin work.
You will need to learn how eramba works (training) and you might need help to implement eramba (consulting), we have solutions for both.

In regards to training
  • Our website documentation (videos and written docs) which are free and very detailed
  • Instructor Led Trainings (once every couple of months, free to enterprise customers)
In regards to consulting
  • Online Consulting (Zoom)
As you can see, you need to learn how to use eramba using the website videos and instructor led trainings. You can complement that with consulting hours if you wish.
Our website documentation includes hundreds of recorded videos that explain how eramba works and is implemented in detail. These videos are free for anyone. We strongly recommend using them, in particular our 5 steps "Basic Training" which really goes into a lot of detail.

%95 of our customers go this route and make it pretty well within a couple of weeks.
Every month or so we invite (free) over email to all our enterprise customers for a four day online training. We cover the same content which is available on our website but of course you are free to make as many questions as needed to the instructor.
You can purchase packaged consulting hours and we'll work on them using Zoom online.

Consulting hours are a popular way to fine tune your knowledge and / or implementation strategy - we are flexible in helping you with whatever you need so as long is related to eramba of course. We try not selling more than 10hours / customer as typically is not necessary. You can purchase them at any time, not necessarily at the time you purchased your license.

You will be billed at our standard consulting hour rate and you must use the hours during the terms of your product license (typically one year)

Typically Esteban, the guy that funded this project delivers trainings. He speaks fluent English and Spanish
Generally speaking no, the license for both community and enterprise forbids distributing and re-distributing our software or / and derivative products. Eramba has built in customisation features you can use, please check the documentation
Yes - you can build software that talks to eramba using APIs or direct database access (just read access), this should allow you to get data and put data (using APIs not database) on eramba remotely.

We don't have any ready to use integration to other tools like Jira, etc but again is doable if you know what you are doing. You must be a developer to understand our Cake based code and therefore work out how eramba works, APIs are structured and the database schema
We don't have a per customer version of eramba, this means we do not build customisations for each customer that needs some special features.

Instead we do global customisations, this means that if a customer wants something we don't have and we believe is useful for the whole community we can consider it but of course the customer must fund the customisation and agree that it will be used by the whole community.

The process begins with the customer documenting in as much detail as possible what eramba is missing, we’ll have a look and determine if the feature is something we think is useful for the whole community or not and is a priority to do or not. From that point in time we can start working on the customisation, of course all this only applies to existing enterprise customers.
A bit like developing any other feature, simplifying things a bit: we document the functionalities needed, security and functional test cases. We quote the work as time and materials and we start the development. Then we, test and eventually release the update
We charge our standard consulting rate, so the amount of hours multiplied that rate
We have two licenses one for community and another for enterprise:
  • Community: http://www.eramba.org/community_tc
  • Enterprise: http://www.eramba.org/tc
Under certain provisions, these licenses allow your organisation to use our software.
Typical license stuff !
Not really.

The only reason we sell an enterprise subscription is to finance the project, there is no aim of major profits here. That is why eramba is and will always be ten times cheaper than the competition.

We sell the same service (basically support) to thousands of companies for the absolute minimum price, that leaves a very small margin and forces us to run a very lean organisation.

Adjusting TCs for customers would add an immense admin and legal overhead which would simply be too complicated and expensive to deal with. We don't run this project for the money, so the truth is we would rather not sell you a license than dealing with this legal stuff.

We understand our competition will be glad to review legal documents, but then they factor that review cost into their pricing which is many many many times more than our.
Probably yes - so as long as you don't publish and distribute it, please read our license
Same as above applies, most likely NOT as by doing OEM or White Label you are planning to re-distribute the source code or the software (by hosting it) outside your organisation, that is not possible with our license.

You can do any modification as long as it is for you and only you. Please review the TCs for the fine print
Eramba uses frameworks, libraries, etc which allow the system to work - this is a normal behaviour in software no-one writes code from zero.

With the exception of the user interface template (which has a custom license eramba paid for to be used commercially) all components (CakePHP, jQuery, Cake Plugins, wkhtml2pdf, etc) are either GNU v3 or MIT license based
Eramba has no such certifications nor plans to apply for them in the foreseeable time
Consulting businesses - by far.

They typically mention to us the following benefits:
  • Deliver customers something more than spreadsheets, a platform that scales over time.
  • Focus the customer allocated budget for any given GRC project on consulting and not software. If a company has a GRC budget of $10 to implement GRC, you (consulting business) don't want $6 to go to the software that will be used to manage GRC because that leaves you with only $4. By using a cost effective solution budgets can further be used on consulting rather than software.
  • Some consulting businesses can host eramba for their customers (especially if they don't know or want to do that) and add an additional revenue on that service
To become a partner you need:
  • Demonstrate to us you have skills and staff specialised in GRC. We review this trough interviews, reviewing your website and your Linkedin profiles
  • You must purchase an eramba license for your consulting company and keep it active (renewed) during the time you wish to keep being a partner - the license will entitle you to become to support, access our training, Etc. The license will be sold to you at a %40 discount, renewals to that license will also benefit from a %40 discount. Please go to our website, under "GRC Software" / "Enterprise" complete the form and at the end on the notes field specify this is a partner license
  • Once we receive your request we'll process and request you to send over email a signed copy of our partner agreement
  • After the invoice is paid and terms are signed we'll request from you a logo and website we can include on our portal
Important: this “partner license” can not be used by the partners customers, is meant to be used only by the partner. The partners customers must have their own licenses which can be purchased at the partner discoun
We don't enforce conditions on our partnership based on how much you sell once you become a partner. Please read our partner terms and conditions below
Once you have signed up as a partner (review the requirements above) and you have purchased a license for your own, all new licenses purchased (typically on behalf of your consulting customers) will include a %40 discount on the first purchase and a %40 on subsequent renewals.

Important: if you stop paying your “partner license” you stop being a partner and all the licenses sold your customers will stop receiving the %40 discount

If you are a reseller (not a partner) then there are no discounts available to you.
Say Acme is a company interested in becoming a partner because it sees potential and also knows that a customer of theirs called FooBar will use eramba, then the process is:
  • Eramba invoices Acme for a license (to become a partner) at a %40 discount. Voila! Acme is now a partner for the following 12 months.
  • Acme provides to eramba FooBar company details, eramba will invoice Acme again for this new license at a %40 discount - the license will clearly state the end-user for this license is actually FooBar.
When the renewal time is due the process is repeated at the renewal discount rate stated above
We will make your company logo displayed on our website and we can engage with your customers in calls to demo the product if you need. We sometimes agree on country visits in order to deliver a workshop, this type of agreements are discussed case by case
You can, but since all our pricing is public is likely you’ll get caught!
No, eramba is one software and that is it. You can change the logo (that is a normal customisation setting in eramba) but that is about it.
Our license forbids you to make software modifications and distribute them, so you can’t.
What you can do is to build a pre-loaded eramba (with controls, risks, etc) and distribute that preloaded database to your customer
Yes - both parties must agree to our partner agreement
Please follow the following instructions:

Use our ordering form online (https://www.eramba.org/services), complete the form with what your customer needs and your company information (not your end-customer). At the "Notes" field please include:
  • Explain you are a reseller
  • The end customer company name, address, contact person, contact person email
  • To whom you want us to send the license (by email), to you or the end customer directly
  • If you need a quote or directly an invoice

We'll then write you back and request two further documents:
  • An email from your customer clearly demonstrating they have instructed your company to request a quote for them
  • A signed copy (download, export as pdf, sign, scan and send it by email to us) by the contact name provided above (your customer) of our enterprise terms and confitions (https://www.eramba.org/tc).

The quote/invoice issued will include the end customer information as part of the notes fields, the reason for this is that the license is actually owned by them, not the reseller.
If you are a partner, you can simply email support@eramba.org and provide to us:
  • The number of licenses you need
  • The payment method you wil use: Credit card has a $100/EUR 100 fee, bank trasnfers (no fees)
  • The starting date for this licenses
  • The company name of your end customer, a contact person there (name, surname) and an email
  • To whom you want us to send the license (by email), to you or the end customer directly
  • A signed copy (download, export as pdf, sign, scan and send it by email to us) by the contact name provided above of our enterprise terms and confitions (https://www.eramba.org/tc)