ISO 27005 Information Security Risk Management

Risk Management solution in compliance with ISO 27005


Intex IT can handle all aspects of your risk management program following the ISO 27005:2011 framework.

Context Establishment

Your consultant will work with you and your stakeholders to gather information on the purpose, criteria, and scope of the risk management activities including defining the risk acceptance criteria based on the risk appetite of the organization.

 Risk Assessment

We will identify all organizational primary and supporting assets within the scope defined in the context establishment phase of the project. A qualitative risk assessment will be performed on the assets by valuing the loss of confidentiality, integrity, and availability.

Risk Treatment

Working with you and your stakeholders, your consultant will help with selecting appropriate controls in order to mitigate the risks using measures to reduce, retain, avoid, or transfer the risk.

Risk Acceptance

Each risk will be evaluated against the risk acceptance criteria to prioritize the risk list with treatment options.

Risk Communication

We will provide you with an executive summary for your stakeholders, and a detailed risk register report for you.

Risk Monitoring and Review

We can come and monitor our implemented mitigating controls and review to ensure that they are working as planned, and that the calculated residual risk level is accurate.

  1. Understanding an organization and its context
  2. Defining a risk management approach
  3. Selecting of risk analysis methodologies
  4. Defining risk evaluation criteria
  5. Identification of assets, threats, existing controls, vulnerabilities and consequences (impacts)
  6. Assessing of consequences and incident likelihood
  7. Determining the level of risk
  8. Evaluating risk scenarios
  9. Evaluating risk treatment options
  10. Selecting and implementing information security controls
  11. Performing a risk management review

To contact an adviser call 01634 566 555