As a CISO, CIO, or compliance officer, you know that a poorly structured risk analysis can undermine your ISO 27001 project... even if your security measures are relevant.
Methodological errors (fixed analyses, scenarios disconnected from context, inconsistent DdA, non-formalized acceptances) are a frequent cause of non-compliance during audits.
Our exclusive guide provides you with concrete methods for building a risk analysis that is actionable, defensible in an audit, and truly useful for managing your ISMS.
✅ The essential basics of ISO 27001 risk analysis: normative requirements, role of ISO 27005, fundamental concepts (risk, threat, vulnerability)
✅ Governance and responsibilities: key roles (management, CISO, risk owners), expected approvals, and decision traceability
✅ Comprehensive risk management process: establishing context, identification, assessment, treatment, acceptance, monitoring
✅ Link to the Statement of Applicability (SoA): consistency between risks, controls in Appendix A, and treatment plan
✅ Project phase management and maintenance: risk-by-risk approach, update triggers, pragmatic annual review
✅ Practical examples and document templates: typical scenarios, risk matrices, impact and likelihood scales
2025 FeelAgile