Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
GLOSSARY
ISO 27001
ISO 27001 Risk Assessment

What is an ISO 27001 risk assessment?

An ISO 27001 risk assessment intends to help an organization identify, analyze, and evaluate weaknesses in its information security processes and procedures. 


A successful risk assessment process will help organizations:

  • Identify and understand specific scenarios in which information, systems, or services could be compromised or affected
  • Determine the likelihood or probable frequency with which these scenarios could occur
  • Evaluate the impact each scenario could cause to the confidentiality, integrity, or availability of the information, systems, and services
  • Rank risk scenarios based on overall risk to the organization’s objectives


To ensure an effective risk assessment, an organization will need to establish a risk management framework. This framework should be documented as a policy or procedure to ensure a consistent methodology when analyzing, communicating, and treating risks.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.