Risk analysis
Carrying out risk analysis - methods and process
secunet can draw on various standardised procedures/methods for carrying out risk analyses. Here, the requirements of the ISO/IEC 27001, ISO 31000/ISO 9001 standards are taken into account as required, as well as sector-specific requirements where necessary (e.g. ISO 27019 - electricity network operators, DIN VDE V 0832-700 - road traffic signalling systems).
In addition to defining the methodology, it is necessary to establish a risk management process. For this purpose, persons responsible for the assessment, the performance of the analyses and the selection of measures are defined. Furthermore, it must be ensured that risk analyses are repeated regularly and must also be implemented again in the event of significant changes within or in the environment of the organisation (e.g. due to projects, change of service provider, adjustments to the IT infrastructure).
With regard to data protection, additional requirements arise due to the GDPR, e.g. through the inclusion of the processing directory and the assessment from the perspective of the private individual.
Risk analyses in business continuity management are characterised by the link to a time factor. The focus here is on identifying the measures that lead to the rapid (depending on the requirements) elimination of impairments (keyword: emergency).
In addition, secunet cooperates with various GRC tool manufacturers that enable tool-based risk management.
Support and advice on risk analyses
Even if the method and process have already been defined, secunet is happy to support you in carrying out risk analyses, e.g. by means of moderation, imparting specialist knowledge and providing advice tailored to your company, in order to provide the experts with the necessary basis to be able to correctly assess hazards or also to define/work out countermeasures. In addition, we are happy to review your established processes in order to uncover optimisation potential and thus further increase the efficiency of the risk analysis.
Send us an inquiry via the contact form. We are happy to help.