We listened to our customers and we delivered - a simple, professional solution that will allow risk assessments to be performed without having to buy specialized tools or hiring expensive consultants. What we did was modify templates that we use for our own risk assessment consulting, so that if you can use Microsoft Word and Excel, then you can perform a risk assessment by simply following the instructions and editing the template to suit your specific requirements. While this is a template, we did the hard work of creating the formatting, bringing together the correct scope of information that needs to be assessed, and we built the calculations to make your work as simple as selecting from a few drop-down answers!
Most companies have requirements to perform risk assessments, but they lack the knowledge and experience to undertake such assessments. That means businesses are faced to either outsource the work to expensive consultants or they ignore the requirement and hope they do not get in trouble for being non-compliant with a compliance requirement. In either situation, it is not a good place to be. The good news is that we created an affordable solution for businesses to conduct their own information security risk assessments.
Given that we designed this risk assessment template based on industry-recognized best practices, you can use our template to address requirements for performing information security risk assessments. The authoritative sources we used are based on National Institute for Standards and Technology (NIST) frameworks - NIST 800-30 (Risk Management Guide for Information Technology Systems), NIST 800-37 (Guide for Applying the Risk Management Framework to Federal Information Systems) & NIST 800-39 (Managing Information Security Risk).
If you fall in scope for any of these compliance requirements, you have to perform risk assessments and you need this template:
