One of the requirements of the ISO 27001 standard is Clause 6.1.2 – Information Risk Assessment. This clause requires an organisation to establish and maintain information security risk assessment processes that include the risk acceptance and assessment criteria.
The requirement also stipulates that the assessments should be consistent, valid and produce ‘comparable resources’ (clearly describing the approach being taken).
Organisations are required to then apply these assessment processes to identify risks associated with confidentiality, integrity and availability (commonly referred to as CIA) of the information assets within the defined scope of the ISMS.
The risks will then need to be assigned to risk owners within the organisation, each of whom will then need to determine the level of risk, assess the potential consequences if the risk was to occur and also, decide on the ‘likelihood’ of the occurrence of the risk.
Once this risk has been evaluated, it must then be managed in accordance with the previously documented risk management plan.
The ISMS.online platform provides a comprehensive yet pragmatic approach to demonstrating risk identification, analysis and treatment. This makes it easy for your organisation to identify and address risks arising from internal and external issues.
Easily collaborate, create and show you are on top of your documentation at all times
Find out moreEffortlessly address threats & opportunities and dynamically report on performance
Find out moreMake better decisions and show you are in control with dashboards, KPIs and related reporting
Find out moreMake light work of corrective actions, improvements, audits and management reviews
Find out moreShine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Find out moreSelect assets from the Asset Bank and create your Asset Inventory with ease
Find out moreOut of the box integrations with your other key business systems to simplify your compliance
Find out moreNeatly add in other areas of compliance affecting your organisation to achieve even more
Find out moreEngage staff, suppliers and others with dynamic end-to-end compliance at all times
Find out moreManage due diligence, contracts, contacts and relationships over their lifecycle
Find out moreVisually map and manage interested parties to ensure their needs are clearly addressed
Find out moreStrong privacy by design and security controls to match your needs & expectations
Find out more100% of our users achieve ISO 27001 certification first time