Risk analysis for a pharmaceutical company

Answer:
I am not sure if your requirement is about information security risks, because you can also have financial risks, environmental risks, etc. ISO 31000 can help you to develop your own methodology for all risks (information security, financial, etc). So this methodology, aligned with ISO 31000 can be interesting for you “Risk Assessment and Risk Treatment Methodology” : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/

And this article can be also interesting for you “ISO 31000 and ISO 27001 - How are they related?” : https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/

This article can be also interesting for you if you want to write your own methodology according to ISO 27001 “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

Finally, these materials will help you to know more about the risk management methodology:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/