Asset Risk Management
Stay informed and in control.
Define, review and rectify all risks to your organisation. InfoSaaS allows you to stay in control of your defined risks through easy at-a-glance-updates and expert guidance.
How InfoSaaS can help
Policy and Approach
It is a mandatory requirement of the ISO27001 standard for organisations to manage risks; and that these activities are documented and communicated.
Identification of Assets, Threats and Vulnerabilities
An effective ISMS needs to identify all of your information data and supporting assets, including premises, hardware and software.
InfoSaaS provides a comprehensive set of asset-based templates, prepopulated with a wide variety of relevant threats and vulnerabilities tailored to each asset type.
Everything is completely customisable to meet your organisation’s bespoke needs.
Completion of Risk Assessments
InfoSaaS is an intuitive and easy to comprehend asset risk assessment tool . It allows you to assess the threats and vulnerabilities which may affect your assets.
Assessments of probability and impact are measured against defined parameters, giving the asset owner an opportunity to identify and measure the security controls are in place.
Remediating Identified Risks
A thorough risk assessment will identify threats or vulnerabilities that have been assessed as too high for your organisation to accept.
ISO27001 requires that these risks are properly treated. InfoSaaS provides several options to help manage risk treatment activities.
Examples of unacceptable risks and how they can be treated can be viewed within our InfoSaaS demonstration environment.
Statement of Applicability
Preparing a Statement of Applicability (SoA) is traditionally a manual and time-consuming process. InfoSaaS automatically produces a real-time SoA based upon your completed risk assessments.
Alternative Control Frameworks
By default, InfoSaaS refers to the control set of Annex A within ISO27001:2013. This provides a broad foundation for your organisation to manage and process information in the modern technical, internet-connected world.
We have also included optional control sets for ISO27017 (for the security of cloud environments) and ISO27018 (for the security of personal data within cloud environments).
Depending on the size, function or sector of your organisation, risk management activities may seem complex or challenging.
Some customers find that they can use our software to deliver the appropriate parts of the ISO27001 standard themselves, others may need a helping hand.
We can hold workshops, training or shadowing sessions to guide organisations through the whole process.
We understand that some organisations may have specific risk management requirements, which are not fully met by our standard cloud-based solution.
You may have unique requirements for risk calculations, or you may even need other operational changes; like it being presented in a foreign language.