Asset Risk Management

Stay informed and in control.

Define, review and rectify all risks to your organisation. InfoSaaS allows you to stay in control of your defined risks through easy at-a-glance-updates and expert guidance.

Get started

How InfoSaaS can help

Policy and Approach

It is a mandatory requirement of the ISO27001 standard for organisations to manage risks; and that these activities are documented and communicated.

InfoSaaS promotes its trusted methodology that is communicated through its information security policy and implementation manual – this can be found within our Document Packs.

Identification of Assets, Threats and Vulnerabilities
men using laptops

An effective ISMS needs to identify all of your information data and supporting assets, including premises, hardware and software.

InfoSaaS provides a comprehensive set of asset-based templates, prepopulated with a wide variety of relevant threats and vulnerabilities tailored to each asset type.

Everything is completely customisable to meet your organisation’s bespoke needs.

Completion of Risk Assessments

InfoSaaS is an intuitive and easy to comprehend asset risk assessment tool . It allows you to assess the threats and vulnerabilities which may affect your assets.

Assessments of probability and impact are measured against defined parameters, giving the asset owner an opportunity to identify and measure the security controls are in place.

Remediating Identified Risks

A thorough risk assessment will identify threats or vulnerabilities that have been assessed as too high for your organisation to accept.

ISO27001 requires that these risks are properly treated. InfoSaaS provides several options to help manage risk treatment activities.

Examples of unacceptable risks and how they can be treated can be viewed within our InfoSaaS demonstration environment.

Statement of Applicability

Preparing a Statement of Applicability (SoA) is traditionally a manual and time-consuming process. InfoSaaS automatically produces a real-time SoA based upon your completed risk assessments.

Alternative Control Frameworks

By default, InfoSaaS refers to the control set of Annex A within ISO27001:2013. This provides a broad foundation for your organisation to manage and process information in the modern technical, internet-connected world.

We have also included optional control sets for ISO27017 (for the security of cloud environments) and ISO27018 (for the security of personal data within cloud environments).


Depending on the size, function or sector of your organisation, risk management activities may seem complex or challenging.

Some customers find that they can use our software to deliver the appropriate parts of the ISO27001 standard themselves, others may need a helping hand.

We can hold workshops, training or shadowing sessions to guide organisations through the whole process.

Bespoke Development

We understand that some organisations may have specific risk management requirements, which are not fully met by our standard cloud-based solution.

You may have unique requirements for risk calculations, or you may even need other operational changes; like it being presented in a foreign language.

“The InfoSaas platform has been enormously helpful as we work towards ISO27001 certification. The structure, support and documentation available have allowed us to make quick progress now that we can easily track all of our assets, risks and actions.”

Chris Thompson, Managing Director

“InfoSaaS provides established and credible solutions for delivering information security and data governance, proven time and again with successful certification results.”

Martin Law, Information Security Entrepreneur

“InfoSaaS provides an effective and integrated GRC solution, which makes a significant contribution to the information security posture of our clients.”

Karen Godwin, Director

“It was clear that InfoSaaS was going to be the easiest to use … and was going to help us keep on top of everything properly.”

James Chillman, Managing Director

Learn more