Does your Risk Assessment Tool Produce an Audit-Ready Statement of Applicability?

Risk assessment is the first process in the risk management methodology.  Organisations use risk assessment to determine the extent of the potential threat and the risk associated with an Information system.  The output of this process helps to identify appropriate controls for reducing or eliminating risk during the risk mitigation process. Risk assessment is the critical step in the ISO 27001 implementation. Risk assessment process helps to identify the organisation risks including physical security, human, operational risk, business risk etc…

Risk is a function of the likelihood of a given threat-source’s exercising a particular potential  vulnerability, and the resulting impact of that adverse event on the organisation.

vsRisk is a unique software tool designed to guide your organisation through the process of carrying out an information security risk assessment that will meet the requirements of ISO 27001:2005.

vsRCE is an affordable and intuitive risk assessment management tool for the IT consultant community that allows consultants the ability to directly support their clients’ risk assessment activity from an off-site location. vsRCE allows clients to create and export risk assessment files that can be analysed on the consultants’ own workstations or laptops, and then re-imported into the client’s own software. vsRCE allows IT consultants to manage up to ten separate risk assessments or risk assessment in up to ten different organisations, each of which must have purchased its own copy of vsRisk. By working in harmony with its sister application vsRisk, vsRCE will dramatically reduce the time and effort it takes for companies to achieve ISO27001 compliance.

The benefits of using vsRisk risk assessment tool are:

  • Reduce the complexity of risk assessment
  • Reduce manual effort and time
  • Predefined threats and vulnerability database
  • Simpify risk assessment reports generation
  • Provide operation reports for control implementation status and risk remediation
  • Produces an audit-ready Statement of Applicability
  • Provide detailed gap analysis helps drive forward the risk treatment plan

In vsRisk we can group the assets based on their impact scales and asset types. Risk level is estimated automatically by the vsRisk tool, using a multi-level scale that takes account both of extent of impact and frequency of occurrence. The risk levels can be viewed onscreen. User can also add new threats, vulnerabilities and additional controls to the existing database.  This tool makes information security risk assessment easier. The unique vsRisk Risk Assessment Tool: Automates and delivers an ISO/IEC 27001-compliant risk assessment; Uniquely, vsRisk can assess confidentiality, integrity & availability for each of the business, legal and contractual aspects of information assets as required by ISO 27001 Comprehensive best-practice alignment.

Many organisations have failed to acquire accredited ISO 27001 certification due to failure in risk assessment process. IT Governance provides a range of ISO27001 products and services to help you instigate and implement an ISO27001 project, to find out more about vsRisk tool click here: