The Risk Assessment is the foundation of an organisation’s Information Security Management System. As well as being a mandatory component required by ISO 27001 it is the best way of determining what the rest of the management system needs to contain.
The benefits of conducting a risk assessment early are:
· it highlights any gaps in your existing security controls, enabling you to take action now to prevent any potential problems which might damage your business operation in the future
· it determines how closely your existing controls match the requirements of ISO27001, confirming what additional controls/procedures you need to comply with the standard
· it delivers a mandatory component of a ISO 27001 security management system, reducing the work you need to undertake in order to comply with the standard.
ISM offers its clients a fixed price Risk Assessment service. Simply complete the form below, email to , fax to 01635 817555 or phone us on 01635 817309 and we shall provide a fixed price quotation for conducting an on-site, ISO 27001 compliant Information Security Risk Assessment for your business.
Nature of your businessWhat service(s) and/or product(s) does the organisation deliver to its customers?
Please enter the organisation’s website address
Size of your business
How many staff does the organisation employ (permanent and temporary)?
How many separate geographic locations does the organisation operate from?
How many staff are based at each location?
Structure of your business
What is the top management structure? Please specify the job title of each direct report to the Managing Director / Chief Executive.
Use of IT
How many PCs / workstations are in operational use within the organisation?
What are the principal business applications (i.e. information systems available from staff PC desktops)?
Please note that the information you supply to us will be treated in strict confidence. ISM is a division of Pondergrove Ltd which is registered under the Data Protection Act.
Issue 0.1 risk assessment questionnaire 0.1.doc
7-May-08 COMPANY CONFIDENTIAL page 2 of 1