Many consider the risk assessment the most complex step in ISO 27001 implementation. Companies often mistakenly start the risk assessment without a documented risk assessment methodology defining the risk assessment approach and criteria.
Clause 6.1.2 of ISO 27001:2013 requires you to document the risk assessment and risk treatment methodology. This entails describing how risks will be identified, how risk owners will be identified, the criteria for assessing risk impact and likelihood, and the criteria for calculating and accepting risks.
In fact, documentation plays a pivotal role throughout the risk assessment and ISMS implementation. There are more than 15 mandatory documents that are required for certification to ISO 27001:2013, with a host of additional documents that are recommended.
vsRisk™, the leading information security risk assessment software, helps you tackle all of these challenges in a simple and user-friendly format.
With flexible management scales, risk calculations and risk assessment criteria, vsRisk provides a customisable tool that ensures the risk assessor remains in control of the assessment (see image below).
vsRisk 2.5, being released this week, now also features a built-in ISO 27001 documentation toolkit that comprises 7 policies, 55 procedures, 23 work instructions, 25 records, guidance documents, and a range of editable meeting, project and process templates. When purchased along with vsRisk, the assessor will have access to the full range of editable templates, already populated inside the tool against the relevant ISO 27001:2013 control (see image below).
Combined with vsRisk, the toolkit helps you optimise your resources, saving you months of unnecessary work and expenses.
With these two essential tools, you will be able to implement ISO 27001 easily and efficiently at a fraction of the cost of hiring a consultant.
vsRisk also features a useful controls viewer panel, which can be seen as an interactive Statement of Applicability (SoA). This panel lets you indicate controls that are in place because of a contractual, business, statutory, regulatory or legal requirement, in addition to those that have been selected as a result of the risk assessment (see below).
Version 2.5 of vsRisk will be launched this week!
Find out more about the brand new vsRisk version 2.5, which includes seven control sets, built-in databases of threats, vulnerabilities and risks, six reports including the SoA, and a host of other features.
Sample documents are available for relevant controls in ISO27001:2013 in vsRisk. Full access is available with the purchase of the ISO 27001:2013 Documentation Toolkit.