Call Us: 855.476.2701
Email: info@securastar.com
Follow Us:

ISO 27001 Risk Assessment

ISMS Manager

ISO 27001 Risk Assessment

ISO 27001 Risk Assessment

SecuraStar’s Risk Management services include the use of its ISO 27001 Toolkit and/or ISO 27001 Software.These products provide a simple, step-by-step solution to meet ISO 27001 Risk Assessment requirements, including methodology, impact and likelihood scales, risk treatment options, and mapping to Annex A controls.

ISO 27001 Risk Assessment Methodology

  • Impact & Likelihood Scales
  • Risk Calculation Matrix
  • Risk Treatment Options
  • Risk Acceptance Criteria

ISO 27001 Asset Inventory

  • Asset Type
  • Asset Category
  • Asset
  • Asset Owner
  • Asset Location

ISO 27001 Risk Assessment

  • Catalog of Threats and Vulnerabilities (ISO 27005)
  • Risk Owner
  • Assesses Raw Risk vs Current Risk (current controls)
  • Risk Treatment Options
  • Control Selection

ISO 27001 Risk Treatment Plan

  • Selected – Risk Treatment Option
  • Selected – Controls
  • Assigned to Personnel
  • Due by Date
  • Current Status

ISO 27001 Statement of Applicability

  • Mapping low level controls from Risk Assessment to Annex A
  • Mapping Annex A controls to Policies, Processes and Procedures
  • Mapping Annex A controls to Regulatory, Legal and Contractual Control requirements including HIPAA, PCI, SSAE 16, FISMA, NIST, etc.

FAQ

How often should risk assessments be done?

At least annually or whenever major changes occur in business processes, IT systems, or regulations occur.

What is the purpose of an ISO 27001 risk assessment?

To identify, evaluate, and treat security risks that could affect your business data and operations. Risk assessment is a requirement of ISO 27001 Clause 6 Planning. The output of the risk assessment includes mapping info security controls to Annex A Controls in the required Statement of Applicability (SOA) and categorizing similar controls in related Policies, Processes and Procedures.

What is ISO 27001 Risk Assessment?

ISO 27001 Risk Assessment requires an organization to measure the risk (threats and vulnerabilities) to assets within the scope. There are two types of risk assessed within ISO 27001.

  1. Risk to the loss of confidentiality, integrity and availability (CIA) or preservation of CIA.
  2. Risk of non-compliance including legal / regulatory and contractual compliance.

 

The outputs of risk assessment include the risk treatment plan (RTP), statement of applicability (SoA) and also populate the ISMS controls such as policies, processes, training and awareness, business continuity, etc.

ISO 27001 Consulting

Contact us

    TrainingGap AssessmentConsultingInternal AuditCertification AuditImplementation ConsultingSoftware

    Interested in ISO 27001 Training?

    PECB
    Contact Us
    • Address: 3145 E Chandler Blvd., Ste 110-340, Phoenix, AZ 85048
    • Phone: 855.476.2701
    • Contact SecuraStar

    • Monday - Friday: 8:00 am - 5:00 pm
      Saturday - Sunday: Closed

    © 2025 SecuraStar. All right reserved.