What do you get?

The benefits of conducting a proper Risk Assessment and Treatment process include:
‍
- address budget restrictions in a rational and compliant way - a risk-guided method
- demonstrating due diligence in securing critical company's assets to your stakeholders and customers
- building compliance with norms and regulations to achieve certification
- satisfying contractual obligations
- obtaining license for conducting activity in regulated sector


You will receive the products of the ISO 27005-compliant Risk Assessment and Treatment process:

1. Risk Register - based on specifics of your business (asset inventory and core business process in particular) and the current threat landscape, we will compile a list of identified risks and their assessment. You will be able to use this document as evidence of your compliance with norms and regulations and a basis for selecting Security Controls while rationally spending your budget (risk-guided priorities).
‍
2. Statement of Applicability (Security Controls) - a list of process- technical- and organisational-based solutions selected based on the Risk Register and your priorities (risk acceptance criteria, budget constraints) for implementation. You will be able to use this document as evidence of your compliance with norms and regulations and as a basis your Risk Treatment Plan.
‍
3. Risk Treatment Plan - implementation plan for selected Security Controls that we design and deliver once you decide on your own risk acceptance criteria, budget constraints and overall priorities. This includes specific tasks for selected roles in your company that you can assign and track overall progress in execution.