Starting a risk assessment

CyberComply can help you create and manage risk assessments. You can create a risk assessment as follows:

1. Click the Menu **button and select **Risks.
2. Click Create new and Create new risk assessment.
3. Give your new risk assessment a name.
4. Choose from the drop-down menu whether the risk assessment is asset-based, scenario-based or mixed. You will generally be choosing asset-based for ISO 27001 risk assessments.
5. Choose a set of controls for the risk assessment. You should choose whichever version of ISO 27001 you are using.
6. The default scale for the likelihood of risks happening is five categories, from highly unlikely to highly likely. Move the bar if you want more or fewer categories. If you want to change the labels of the categories, click Edit.
7. Click Next.
8. For risk impact, as with likelihood, the default number of categories is five. You can alter the number of categories or the category labels in the same way as step six.
9. If you want to alter the labels for the impacts on confidentiality, integrity or availability, click the **Edit **button next to each one.
10. CyberComply has default values for which combinations of likelihood and impact count as broadly acceptable, tolerable or intolerable. If you want to change these values, the tolerance labels or the colours used to display them, click the **Edit **button next to each of the categories.
11. Click Next.
12. If you want to make the impact scale or tolerance criteria different for the rights and freedoms of data subjects, edit the appropriate areas and click Next.
13. Click Save.

Updated on: 17/06/2024