Build or upgrade your ISMS on our platform

ISO 27001 Risk Assessment

What is the Risk Assessment for ISO 27001?

One of the requirements of the ISO 27001 standard is Clause 6.1.2 – Information Risk Assessment. This clause requires an organisation to establish and maintain information security risk assessment processes that include the risk acceptance and assessment criteria.

The requirement also stipulates that the assessments should be consistent, valid and produce ‘comparable resources’ (clearly describing the approach being taken).

Organisations are required to then apply these assessment processes to identify risks associated with confidentiality, integrity and availability (commonly referred to as CIA) of the information assets within the defined scope of the ISMS.

The risks will then need to be assigned to risk owners within the organisation, each of whom will then need to determine the level of risk, assess the potential consequences if the risk was to occur and also, decide on the ‘likelihood’ of the occurrence of the risk.

Once this risk has been evaluated, it must then be managed in accordance with the previously documented risk management plan.

We make achieving ISO 27001 easy

Get a 77% headstart

Get a 77% headstart

Our ISMS comes pre-configured with tools, frameworks and documentation you can Adopt, Adapt or Add to. Simple.  
Your path to success

Your path to success

Our Assured Results Method is designed to get you certified on your first attempt. 100% success rate.  
Watch and learn

Watch and learn

Forget about time consuming and costly training. Our Virtual Coach video series is available 24/7 to guide you through.  



How to easily demonstrate 6.1 Risk assessment process

The ISMS.online platform provides a comprehensive yet pragmatic approach to demonstrating risk identification, analysis and treatment. This makes it easy for your organisation to identify and address risks arising from internal and external issues.

Step 1 : Evidence your risk management

Using our risk register and treatment plan, you can easily evidence your risk management, scoring your risks based on confidentiality, integrity and availability. You’ll get access to the risk bank, which gives you an excellent head-start, allowing you to easily populate your map from over 100 common risks.

The tool can be customised to meet your organisation’s approach to managing risk, and it’s simple to collaborate on risks with your implementation team. As you populate your risk map, it’s simple to link your work to relevant policies & controls to keep the ISMS joined up.

Step 1 : Evidence your risk management

Step 2 : Adopt, adapt and add

Our pre-configured ISMS will makes it straightforward to evidence requirement 6.1 within our platform and can easily be adapted to your organisation’s needs. Included in 6.1 is a risk methodology that can be adopted out of the box.

You are provided with ready-made controls and references to subordinate policies that can be adopted, adapted, or added to out of the box.

This means that you have ready-made simple to follow foundation for ISO 27001 compliance or certification giving you a 77% head start.

Step 2 : Adopt, adapt and add

Step 3 : Demonstrate to your auditors

You can easily demonstrate your work to auditors by recording your evidence within the platform e.g. data, policies, controls, procedures, risks, actions, projects, related documentation and reports.
Step 3 : Demonstrate to your auditors

Step 4 : A time-saving path to certification

Our Assured Results Method, ARM, is your simple, practical, time-saving path to first-time ISO 27001 compliance or certification. Requirement 6.1 is part of the first section that ARM will guide you on, which will help you to understand your organisation in relation to information security.

This will then help you to determine which assets, systems, people, locations etc. This falls within the scope of your Management system, which will enable you to think about the risks that affect them.

Step 4 : A time-saving path to certification

Step 5 : Extra support whenever you need it

If you need extra support, our optional Virtual Coach provides context-specific help whenever you need it. Additionally, our Service Delivery Team and your Account Manager are only ever a phone call away.
Step 5 : Extra support whenever you need it

fa-bolt