Information Security Risk Assessments
Cost: Based on Scope
- In-person assessment interviews
- Travel within Gauteng
- Post-assessment report
What it’s about
The In-Depth IT Security Risk Assessment also covers 14-areas of the business, from security to infrastructure, to assess the level of risk posed to the business. The assessment is based on the ISO27001 (Information Security) Standard and aligns with the Protection of Personal Information Act no.4 of 2013 (also known as POPIA). It provides a good indication of the level of alignment between the company’s strategic and operational levels.
One of our divisional managers has a series of onsite meetings with various stakeholders in the company’s, such as the CIO (or someone from management who knows the companies’ policies and governance in general) to go through the 20-sections of the assessment in 3-5 questions per section and compiles feedback on the rating scored within each section. During these meetings, we also score the quality of the organisation's policies against the ISO27001:2013 standard's controls.
The ratings are based on the organisation's knowledge, known practices and alignment of the respective controls to existing company policies.
What to expect
After we have scheduled and conducted the interview with your CIO or another managerial representative, we provide you with a written assessment report within 5-working days of the assessment. The report shows your company’s rating scored against each security control. We also include general feedback on the report’s findings and discuss it with you so that you can decide on an appropriate way forward.
The information security assessment report includes:
- A compliance checklist,
- Compliance results per ISO 27001:2013 section,
- Compliance results per control in the ISO 27001:2013 standard, and
- A consolidated results dashboard.
Risk Assessments Frameworks
Sample Risk Assessments Report Results
Request a Quote