How long does an ISO 27001 risk assessment take?

Completing a risk assessment is often the most challenging and difficult aspect of an ISO 27001 project.

Regardless of the tools you use, the risk assessment must take into account many elements, such as assets, threats, vulnerabilities, and controls, and the likelihood and impact values of those threats and vulnerabilities, as well as reporting and analysis.

Risk assessment software vs spreadsheets

Many organizations resort to using spreadsheets when tackling an ISO 27001 risk assessment. They see them as a cost-effective way to help them get the results they need. But for a number of reasons, spreadsheets are not the best option. View our infographic that compares spreadsheets and risk assessment software >>

The risk assessment software tool vsRisk is fully compliant with ISO 27001 and helps you produce consistent, robust, and reliable risk assessments year after year.

Who is vsRisk for?

vsRisk is suitable for organizations of all types and sizes that need to conduct information security risk assessments, usually performed by IT managers, IT risk managers, security analysts, CIO/CISOs, or heads/directors of IT. 

The below table demonstrates how much time and money vsRisk Cloud can save you in your ISO 27001 risk assessment compared to using spreadsheets.

   Spreadsheet vsRisk Cloud     Total time saved Typical cost savings*
Planning stage 1 week 1 day 4 days $1,219
Risk owner/asset owner input* 1 day/owner 1 day 1 day/owner $304 per person
Risk assessment stage 1 week 1 day 4 days $1,219
Review 4 weeks 1 week 15 days $4,574
Total time with 10 asset/risk owners 40 days 8 days 32 days $10,063

* Based on an average lead risk assessor salary of $66,295 per annum ($304 per day), excluding the cost of overheads.

What does vsRisk cover?

Fully aligned with ISO/IEC 27001:2013, vsRisk streamlines the information security risk assessment process and helps you produce reliable risk assessments. The software includes control sets from:

  • ISO/IEC 27001:2005
  • ISO/IEC 27001:2013
  • ISO/IEC 27032:2012
  • NIST SP 800-53
  • CPRA (California Privacy Rights Act)
  • CSA CCM v3

Save 80% of your time with vsRisk

As demonstrated in the table above, vsRisk can save you 80% of your time, cutting the risk assessment to just eight days. It ensures return on investment and delivers simple, fast, accurate, and hassle-free risk assessments.