Asset Risk Management

A mandatory requirement of the ISO27001 standard is for organisations to manage risks. There needs to be a documented approach to how these activities are delivered, which is communicated to stakeholders.

InfoSaaS promotes its trusted risk management methodology. This is communicated through the Information Security Policy and Implementation Manual templates which are part of our Document Packs.

An effective ISMS needs to identify all of your information data and supporting assets, which may include premises, hardware, software, cloud services and media (amongst others).

InfoSaaS provides a comprehensive set of asset-based risk assessment templates, pre-populated with a wide variety of applicable threats and vulnerabilities which have been tailored to the risks of each specific asset type.

Everything is completely customisable to meet your organisation’s individual needs quickly and easily.

InfoSaaS provides an intuitive and easy to comprehend asset risk assessment tool. It allows you to quantitatively assess a focused set of threats and vulnerabilities which may have negative consequences on an asset.

Assessments of the probability and impact of each risk are measured against defined parameters, giving the asset owner an opportunity to identify and measure the effectiveness of the security controls which are in place.

A thorough risk assessment will highlight those risks which have been assessed as too high for your organisation to accept.

ISO27001 requires that these risks are properly treated. InfoSaaS provides several workflow options which will guide your chosen risk treatment activities.

Examples of unacceptable risks and the various options for how they can be treated can be viewed within our InfoSaaS demonstration environment.

ISO27001 requires the production of a Statement of Applicability (SoA) to record which security controls have been selected and why.

Traditionally a manual and time-consuming process, InfoSaaS automatically produces a real-time SoA based upon your completed risk assessment activities.

By default, InfoSaaS aligns with the control set from  Annex A of ISO27001:2013. This provides a broad foundation for your organisation to manage and process information in the modern technical, internet-connected world.

We have also included optional control sets aligned with  ISO27017 (for the security of cloud environments), ISO27018 (for the security of personal data within cloud environments), ISO27701 (for privacy management) and ISO28001 (for supply chain management).

Depending on the size, function or sector of your organisation, risk management activities may seem complex or challenging. Whilst some customers find that they can use our software to deliver the appropriate elements of the ISO27001 standard themselves, others may determine that they need a helping hand.

We can hold workshops, training or shadowing sessions to guide organisations through the whole process. Please contact us to discuss your specific requirements.

We understand that some organisations may have specific risk management requirements, which are not fully met by our standard cloud-based solution.

You may have unique requirements for risk calculations, or you may even need other operational changes, like the presentation of our software in a foreign language. We can also assist with the incorporation of industry-specific or non-standard security control sets.