Build or upgrade your ISMS on our platform

Information security risk assessment for ISO 27001 8.2

ISO 27001 Clause 8. 2 – Information security risk assessment

This is another one of the ISO 27001 clauses that gets automatically completed where the organisation has already evidenced its information security management work in line with requirements 6.16.2 and in particular 7.5 where the whole ISMS is clearly documented.

The organisation must perform information security risk assessments at planned intervals and when changes require it – both of which need to be clearly documented.

Whilst information security risk assessment can be done to a very basic level in a spreadsheet, it is far better to have a tool that makes light work of the risk assessments documentation side as is the case with ISMS.online. There are also many very specialist and expensive security risk assessment applications where one could spend all day thinking about risk assessment let alone its treatment! Our view on whether to use spreadsheets, ISMS.online or a very expensive specialist application is to look at the information value at risk, the capacity, capability and confidence of the resources being applied to the ISMS and the whole ISMS management, not just the risk component. See here for more on the characteristics of the software for an ISMS, and if considering build versus buy on the information security management system solution itself, the business case planner may well be useful to review as well.

Do you find ISO 27001 confusing?
Speak with a specialist

ISO 27001 requirements

ISO 27001 Annex A Controls

About ISO 27001

See ISMS.online in action

Simple and easy to use | Comprehensive in scope | Affordable and lower cost than alternatives

Book your free demo today