ISO 27001 risk assessments: The problem with using spreadsheets

An ISO 27001 risk assessment is at the core of your organisation’s information security management system (ISMS). Those new to tackling this complex step may rely on using a manual, inexpensive solution such as spreadsheets, but there are many disadvantages to doing so.

Why using spreadsheets for your risk assessment is a bad idea

Excel spreadsheets were initially built for accountants. Despite being trusted by professionals for more than 20 years, they are not designed to deliver a risk assessment.

Experienced information security and risk management practitioners will be fully aware of the dangers of using spreadsheets, so they’ll always use purpose-built ISO 27001 risk assessment software tools instead.

The disadvantages of spreadsheets include:

  • Too much room for user-input error;
  • Large and cumbersome, making it hard to find specific information; and
  • Difficult to share and keep up to date, particularly if multiple users need to input data.

Take a look at our infographic, Spreadsheets Vs Risk Assessment Software.

Alternative solutions to spreadsheets

The risk assessment is complicated and multi-dimensional. Whatever tool you use, it needs to consider many elements, such as:

  • Assets;
  • Threats;
  • Vulnerabilities and controls;
  • Likelihood and impact values of risks; and
  • Reporting and analysis.

Purpose-built ISO 27001 risk assessment software tools will be fully equipped to cope with these elements.

vsRisk™ eliminates the need to use spreadsheets by helping you produce consistent, robust and reliable risk assessments year after year.


5 Stars

Compared to Excel, vsRisk™ has an easy to use interface. The assessment scales and the risk acceptance criteria are an easy to understand and visual way to present risks to the people.

James Ellis – Secure and Confidential Documents Ltd (SCD)


Fully aligned with ISO 27001, vsRisk reduces time spent on the risk assessment by 80% and provides accurate and auditable results.

Book a live, no-obligation demonstration with a member of our team to see how vsRisk can help you conduct your risk assessment >>



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.