URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

Events

About Us

About URM

Overview

URM Core Values

Certifications

CSR

Testimonials

Partners

Our Partners

Become Partner

Subscribe to our mailing list

Abriska 27001

Frequently Asked Questions

What is information security risk management?

Information security risk management is the process of identifying, analysing, evaluating, and treating risks associated with the loss of confidentiality, integrity and availability of the organisation’s information assets.

What are the risk management requirements of ISO 27001?

ISO/IEC 27001:2013 (ISO 27001) is the leading international information security management system standard and one of its key features is that it is risk-based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account the organisation’s risk appetite and the information it is seeking to protect.

ISO 27001 clearly states in Clauses 6.1 what actions it expects an organisation to take in addressing risks. These actions include defining and applying processes for both assessing and treating information security risks. Further requirements around the operation of risk assessment and treatment are also specified in Clauses 8.2 and 8.3.

What is information security risk management software?

Information risk management software supports organisations by automating some of the processes involved and helping to identify, analyse and evaluate risks to an organisation’s information assets in a uniform, predetermined approach. The end result is that the process for assessing and managing all information risks is identical and risks can be treated based on the organisation’s risk appetite.

Download Abriska 27001 Product Sheet

We have been running with the Abriska risk management system for just over a year and are very pleased with how it has facilitated the management of risk within our organisation. It provides a consistent and objective mechanism for identifying and treating risks and for following up and controlling actions put in place to mitigate them. It is easy to use and thus encourages engagement by all users so that risk is managed on a “real time” basis. The system of alerts and reminders ensures that actions are completed in a timely manner. Abriska scores very highly on availability and responsiveness. A very good product with excellent customer support when needed.

Masonic Charitable Foundation