What is the Risk Assessment for ISO 27001?
One of the requirements of the ISO 27001 standard is Clause 6.1.2 – Information Risk Assessment. This clause requires an organisation to establish and maintain information security risk assessment processes that include the risk acceptance and assessment criteria.
The requirement also stipulates that the assessments should be consistent, valid and produce ‘comparable resources’ (clearly describing the approach being taken).
Organisations are required to then apply these assessment processes to identify risks associated with confidentiality, integrity and availability (commonly referred to as CIA) of the information assets within the defined scope of the ISMS.
The risks will then need to be assigned to risk owners within the organisation, each of whom will then need to determine the level of risk, assess the potential consequences if the risk was to occur and also, decide on the ‘likelihood’ of the occurrence of the risk.
Once this risk has been evaluated, it must then be managed in accordance with the previously documented risk management plan.
We make achieving ISO 27001 easy
Get a 77% headstartOur ISMS comes pre-configured with tools, frameworks and documentation you can Adopt, Adapt or Add to. Simple.
Your path to successOur Assured Results Method is designed to get you certified on your first attempt. 100% success rate.
How to easily demonstrate 6.1 Risk assessment process
The ISMS.online platform provides a comprehensive yet pragmatic approach to demonstrating risk identification, analysis and treatment. This makes it easy for your organisation to identify and address risks arising from internal and external issues.
- Step 1 : Evidence your risk management
- Step 2 : Adopt, adapt and add
- Step 3 : Demonstrate to your auditors
- Step 4 : A time-saving path to certification
- Step 5 : Extra support whenever you need it
Step 1 : Evidence your risk management
The tool can be customised to meet your organisation’s approach to managing risk, and it’s simple to collaborate on risks with your implementation team. As you populate your risk map, it’s simple to link your work to relevant policies & controls to keep the ISMS joined up.
Step 2 : Adopt, adapt and add
You are provided with ready-made controls and references to subordinate policies that can be adopted, adapted, or added to out of the box.
This means that you have ready-made simple to follow foundation for ISO 27001 compliance or certification giving you a 77% head start.
Step 3 : Demonstrate to your auditors
Step 4 : A time-saving path to certification
This will then help you to determine which assets, systems, people, locations etc. This falls within the scope of your Management system, which will enable you to think about the risks that affect them.
Step 5 : Extra support whenever you need it
Disconnected templates and toolkits supported by an expensive consultant just don’t cut it anymore. You need an ISMS that works for you both now and as your business grows.
Policies & Controls Management
Easily collaborate, create and show you are on top of your documentation at all times
Measurement & Automated Reporting
Make better decisions and show you are in control with dashboards, KPIs and related reporting
Audits, Actions & Reviews
Reduce the effort and make light work of corrective actions, improvements, audits and management reviews
Mapping & Linking Work
Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Interested Party Management
Visually map and manage interested parties to ensure their needs are clearly addressed
Simply document, easily control and publish your procedures to ensure stakeholders follow them
Other Standards & Regulations
Neatly add in other areas of compliance affecting your organisation to achieve even more for less
Staff Awareness & Compliance Assurance
Engage staff, suppliers and others with dynamic end-to-end compliance at all times
Supply Chain Management
Manage due diligence, contracts, contacts and relationships over their lifecycle
User Management & Permissions
Practical permissions with low cost plans for more regular and occasional users