How long does an ISO 27001 risk assessment take?

Completing a risk assessment is often the most complex and difficult aspect of an ISO 27001 project.

Whatever tool you decide to use in your project, it needs to take into account many elements, such as assets, threats, vulnerabilities and controls, and the likelihood and impact values of those threats and vulnerabilities, as well as reporting and analysis.

Risk assessment software vs spreadsheets

Many organisations will resort to spreadsheets when tackling an ISO 27001 risk assessment. Often, this is because they see it as a cost-effective tool to help them get the results they need. There are, however, a number of reasons spreadsheets aren’t the best way to go. View our infographic to compare spreadsheets vs risk assessment software >>

The risk assessment software tool vsRisk™ is fully compliant with ISO 27001 and helps you produce consistent, robust and reliable risk assessments year on year.

The table below demonstrates how much time and money vsRisk can save you in your ISO 27001 risk assessment compared to using spreadsheets.

  Spreadsheet   Total time saved Typical cost savings*
Planning stage 1 week 1 day 4 days £920
Risk owner/asset owner input* 1 day/owner 1 day 1 day/owner £230 per person
Risk assessment stage 1 week 1 day 4 days £920
Review 4 weeks 1 week 15 days £3,450
Total time with 10 asset/risk owners** 40 days 8 days 32 days £7590

* Based on an average lead risk assessor salary of £50,000 per annum (£230 per day), excluding the cost of overheads.

** Based on estimated times for a single user working with the standalone version of vsRisk.

Save 80% of your time with vsRisk

As demonstrated in the table above, vsRisk can save you 80% of your time, cutting the risk assessment down to just eight days. The risk assessment software tool ensures return on investment and delivers simple, fast, accurate and hassle-free risk assessments.

Book a live, one-to-one demonstration to see vsRisk in action >>

Leave a Reply

Your email address will not be published. Required fields are marked *