An ISO 27001 risk assessment is at the core of your organisation’s information security management system (ISMS). Those new to tackling this complex step may rely on using a manual, inexpensive solution such as spreadsheets, but there are many disadvantages to doing so.
Why using spreadsheets for your risk assessment is a bad idea
Excel spreadsheets were initially built for accountants. Despite being trusted by professionals for more than 20 years, they are not designed to deliver a risk assessment.
Experienced information security and risk management practitioners will be fully aware of the dangers of using spreadsheets, so they’ll always use purpose-built ISO 27001 risk assessment software tools instead.
The disadvantages of spreadsheets include:
- Too much room for user-input error;
- Large and cumbersome, making it hard to find specific information; and
- Difficult to share and keep up to date, particularly if multiple users need to input data.
Take a look at our infographic, Spreadsheets Vs Risk Assessment Software.
Alternative solutions to spreadsheets
The risk assessment is complicated and multi-dimensional. Whatever tool you use, it needs to consider many elements, such as:
- Assets;
- Threats;
- Vulnerabilities and controls;
- Likelihood and impact values of risks; and
- Reporting and analysis.
Purpose-built ISO 27001 risk assessment software tools will be fully equipped to cope with these elements.
vsRisk™ eliminates the need to use spreadsheets by helping you produce consistent, robust and reliable risk assessments year after year.
“Compared to Excel, vsRisk™ has an easy to use interface. The assessment scales and the risk acceptance criteria are an easy to understand and visual way to present risks to the people.”
James Ellis – Secure and Confidential Documents Ltd (SCD)
Fully aligned with ISO 27001, vsRisk reduces time spent on the risk assessment by 80% and provides accurate and auditable results.