Introducing Abriska

What is Abriska?

Abriska is a web-based tool (think software as a service) with a number of modules all focused on helping organisations implement a best practice approach to managing risk.

The first module we developed addressed information security risk and was followed
with others looking at business continuity, supplier risk, operational risk, and action management.

When should an organisation adopt Abriska?

Abriska is a purpose-designed risk management product that is configured for ease of use and is web based for easy distribution and access, making it the idea tool for organisations looking to manage their risks in one place, or more typically, when looking to certify or comply with an International Standard (e.g. ISO 27001 and ISO 22301).

URM has worked with organisations starting their risk management journey as well as those who have outgrown their manual risk assessment methodologies and supports clients in an array of industry sectors and countries.

Why did URM develop Abriska?

At its core, URM provides consultancy and training services to assist organisations implement best-practice information security and business continuity management systems.

With information security, a major focus of ours over the last 15 years has been to assist businesses to either align with or certify to ISO 27001, the International Standard for implementing information security management systems (ISMS). From the outset, a key priority for us was to develop a robust and consistent risk assessment methodology that would not only meet the requirements of the Standard but was flexible enough to be used with organisations of any size and from any sector, irrespective of which consultant was leading the project!

With this goal in mind, we developed an internal tool to allow consultants to capture the necessary information to conduct a thorough risk assessment. In developing the tool, we involved all of our consultants, certification bodies and other interested parties to ensure our tool was ‘best of breed’ and met all requirements. We decided to adopt a web-based platform to enable consultants to collaborate more effectively and peer review each other’s work.

The focus of the early development was to ensure that a robust, repeatable risk assessment could be completed quickly and that the tool would generate reports and graphical outputs that would satisfy two requirements.

Naturally, the reports needed to meet the requirements of the ISO 27001 Standard and the certification bodies but, just as important, Abriska needed to present risks in a clear and ´easy to understand´ format to support senior management in making risk treatment decisions.

Whilst these factors were initially URM’s consultant requirements they also aligned with what our client requirements wanted and expected. As we started to utilize the tool on consultancy engagements, the benefits of Abriska quickly became apparent to clients who asked whether they could access it on an ongoing basis.

This became the point when we started to market Abriska as an independent risk management product. It is important to note that it still remains an integral and core part of all our consultancy engagements.

Abriska has been successfully used in every ISO 27001 certification project our consultants have been involved in, and that´s over 400 at the last count! Continuous improvement is very much the name of the game with Abriska.

We continue to develop and enhance Abriska in line with updates and revisions to the ISO 27001 Standard and, most importantly, following feedback from clients and consultants alike. Each Abriska client has helped to shape the Abriska product suite into what it is today.

Since introducing Abriska 27001, URM has introduced additional modules aligned with other risk-based international standards:

  • Abriska 22301 – enables an organisation to undertake a business continuity business impact analysis
  • Abriska 31000 – help manage enterprise risk management
  • Abriska 19011 – audit and action management
  • Abriska 27036 – supplier risk management focusing on information security risk

What technologies have we utilised in developing Abriska?

URM is a Microsoft partner and, as you would naturally expect, Abriska has been developed utilising standard Microsoft technologies (e.g. .net core, SQL server). Abriska is, also, hosted within Microsoft’s cloud computing environment, Azure.

Book a Tailored Demo Now
We have been using Abriska to support us in carrying out the risk assessment that underpins our ISO27001 certification for some years now. It helps us to easily group and organise our assets, identify threats and vulnerabilities and determine justifiable risk scores. It centralises all of our risk assessment documentation and offers a range of useful extracts such as a statement of applicability and risk register that take much of the work out of the risk assessment process and allow us to focus on remediation.
Economic Consultancy