Choosing the Right Risk Assessment Solution
13th December 2014
ISO27001 is the international standard for Information Security Management Systems (ISMS), and with an ever increasing number of cyber security threats it’s not surprising that so many organisations around the world seek to demonstrate their competencies by achieving ISO27001 certification. At its core is the requirement to implement and manage an effective risk assessment activity, and doing this well is essential to fully protect your organisation and its valuable data.
Traditionally this requirement has been undertaken manually, either being paper-based or in a series of spreadsheets, and in most cases has also required investment in expensive consultants to help establish the initial selection of vulnerabilities and threats, as well as suggesting appropriate security controls which will be required to properly manage them. However, keeping an ISMS operating effectively and efficiently requires the development of a range of competencies by the organisation, including tracking and assessing against emerging or changing threat actors and newly discovered vulnerabilities.
This will be most onerous on SMEs, who are unlikely to have a dedicated team of information security professionals devoted to this task. Some have chosen to seek assistance in the form of dedicated risk assessment software, which varies widely in terms of cost (some actually being more expensive than hiring a dedicated IA professional!), functionality and ease of use. Whilst all such solutions will claim to help organisations streamline and improve the operation of their ISMS – and the risk assessment activities in particular – own prior experiences with some has been wholly disappointing.
We’ve recently taken our own successful manual methodology and automated it into a cost-effective and highly-functional solution suitable for all sizes of business. Use the library of included risk templates, or use InfoSaaS to design your own if you operate in a different sector. We’ve encompassed the convenience, flexibity and most importantly security of the cloud, which is of great benefit to geographically-diverse organisations with colleagues in different countries. We have not designed InfoSaaS as a community cloud: instead each customer has their own dedicated instance to provide the highest possible levels of confidentiality to their ISMS data. There’s no requirement for any expensive additional software either.
The project took over three years to complete, and with significant investment by the Company’s founders we are committed to becoming a leading provider to those seeking or maintaining ISO27001 certifications. We’re now developing a series of language packs in response to requests from a number of countries worldwide.
During our pre-launch trials, not only did we successfully convert all of our existing customers from their manual approach, but we also sought the opinions and feedback of several of the most credible and respected IA consultancies within the UK. Their testing regime was extremely thorough, but we are pleased to note that they have now fully adopted InfoSaaS as their software tool of choice! At this point, we could become poetic about how we use InfoSaaS for our own ISO27001 certification, or how many UKAS-audit bodies have already issued certificates to our customers. That’s all well and good, but we would rather potential customers try it for themselves. Our fully featured demonstration environment has been created so you can immerse yourself quickly and easily in an operational system, and try it for yourself. You’ll be glad you did.