Secure your information assets with our comprehensive document package!

Our Information Security Risk Analysis ISO 27001 – Document Package is a comprehensive solution for companies preparing for ISO 27001 certification, companies that want to consciously manage information assets, and those that need to quickly implement a comprehensive information security risk management process due to legal or client requirements.
What does our product include?

• Purpose and Scope: Clearly defined goals and scope of the procedure, so you know what to expect.
• Roles and Responsibilities: Explanations of who is responsible for what, making it easier to implement the procedure.
• Definitions: Key terms that will help you understand every aspect of the procedure.
• Process Flowchart: Visualization of the process flow, making it easier to understand.
• Process Description: A detailed step-by-step description of how to conduct risk and vulnerability analysis.

Action Register
Our Action Register is a practical tool that contains six tabs:

• Metrics: Basic information about the register, changelog and responsible persons.
• Process Register: List of processes subject to evaluation, with information on process name, process ID, process classification, process description, organizational unit, process owner, contact phone, and email address.
• Resource Register: Resources that may be at risk, containing information classification tables with proposed groups and categories of information, on which the value of resources depends, and the division of security zones for buildings and rooms.
• Assessment Scale: Five-point risk assessment scale, considering criteria such as:
  • Confidentiality
  • Integrity
  • Availability
  • GDPR
• Risk Analysis: Detailed risk analysis considering various criteria, such as risk factor identification, impact analysis on confidentiality, integrity, availability, and data subject rights, risk occurrence probability assessment, and risk management decisions.
• Action Plans: Action plans aimed at managing risks, allowing monitoring of status and confirming the effectiveness of implemented actions. Contains information on action status (planned, in progress, completed), effectiveness assessment, and comments on evidence of action implementation.

The Action Register is designed for easy adaptation of assessment criteria and automation, minimizing the risk of errors and ensuring information consistency. Precise functions minimize human errors, and descriptive assessment criteria translate evaluated criteria values into numerical values.

Risk Catalog
The catalog serves as an auxiliary function and provides a database of over 200 potential vulnerabilities associated with risks that information assets may be exposed to, grouped by categories:

• Human Factors
• Technical Gaps
• Physical Security
• Organizational Gaps
• Environmental Gaps
• Supply Chain
• Compliance with Legal and Regulatory Requirements
• Change Management
• Incident Management
• Supplier Oversight

Why is it worth it?

• Ease of Adaptation: Our procedure is designed to be easily adapted to the specifics of any organization.
• Comprehensiveness: Includes all necessary elements for effective risk management.
• Practicality: The Action Register guides you step-by-step through the entire process, making it easier to implement.

Invest in our Information Security Risk Analysis ISO 27001 Package and be confident that your company is on the right path to effective information security risk management!

If you need more information before making a decision, choose a convenient time for a free informational meeting: here.