I am currently managing the quality department of a medium size company. xx employees, xx sites. We are ISO 9001, 14001, 27001 and eIDAS certified.
We are currently using excel to do our different risk analysis. Quite efficient... but not really user friendly. For the last couple of months, I have been trying to find out if anyone would have thought of something more dynamic. Without much success I must admit.
Would you mind advising if you ever came across a solution dedicated to risk analysis ? One that could be implemented in small businesses, practicable, affordable, not requiring 10 consultants working weeks on it to implement it ?
Any advise would be welcome.
Assign topic to the user
It's our policy not to make recommendations about technologies or products, but from our experience with small and midsized businesses, the excel base tool is still the best solution balancing cost and effectiveness.
To make a usability benchmark, I suggest you see the free demo of our Risk Assessment table (it has been widely used by small and midsized businesses all around the world in their certified ISO 27001 ISMSs). This template used the approach asset-threat, vulnerability.
You can see a demo of this template at this link: https://advisera.com/27001academy/documentation/risk-assessment-table/
These articles will provide you a further explanation about risk assessment according to ISO 27001:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Dec 05, 2020