ISO/IEC 27001•

ISO 27001 Requirement 8.2 – Information Security Risk Assessment

See it in action
By Mark Sharron | Updated 14 December 2023

This is another one of the ISO 27001 clauses that gets automatically completed where the organisation has already evidenced its information security management work in line with requirements 6.1, 6.2 and in particular 7.5 where the whole ISMS is clearly documented. The organisation must perform information security risk assessments at planned intervals and when changes require it – both of which need to be clearly documented.

Jump to topic


What does Clause 8.2 involve?

Whilst information security risk assessment can be done to a very basic level in a spreadsheet, it is far better to have a tool that makes light work of the risk assessments documentation side as is the case with ISMS.online. There are also many very specialist and expensive security risk assessment applications where one could spend all day thinking about risk assessment let alone its treatment!

Our view on whether to use spreadsheets, ISMS.online or a very expensive specialist application is to look at the information value at risk, the capacity, capability and confidence of the resources being applied to the ISMS and the whole ISMS management, not just the risk component. See our article for more on the characteristics of the software for an ISMS, and if considering build versus buy on the information security management system solution itself, this download may well be useful to review as well.


Get certified up to 5x faster with ISMS.online

Compliance doesn’t need to be complicated – ISMS.online is designed to help you achieve ISO 27001 certification quickly and affordably with no training required.
We’ve streamlined the ISO 27001 process with our Assured Results Method, an 80% Headstart, your own 24/7 Virtual Coach, easy onboarding and expert support.

Book a platform demo to see how ISMS.online can help your business

Book a demo

Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

ISO 27001:2022 requirements


ISO 27001:2022 Annex A Controls

Organisational Controls


People Controls


Physical Controls


Technological Controls


About ISO 27001


Streamline your workflow with our new Jira integration! Learn more here.