IT Risk management According TO ISO/IEC 27005

A growing threat landscape, technological change as well as legal requirements demand a sound and structured approach for handling IT risks in the company. A corresponding, process-based risk management approach will help you identify your IT-related risks, evaluate them comprehensibly and combat them with the required countermeasures. The ISO/IEC 27005 norm thereby provides an important foundation. Based on our long-term experience and expertise in risk management we can help you establish and optimize your IT risk management.
High IT dependency and numerous IT-related threats challenge companies to identify and minimize their individual IT risks in time. Ultimately, this is only possible by establishing a corresponding management process, the so-called IT risk management. Thereby not only the company's IT environment is being assessed; the staring point is rather the company's business processes and their interaction with information technologies. Once the IT assets and business process requirements have been identified, a comprehensive analysis, evaluation and mitigation of IT risks can be initiated. The well-established ISO/IEC 27001 norm thereby offers suitable instructions and process steps, particularly regarding context establishment, risk assessment, risk treatment, risk acceptance, risk reporting and risk monitoring. A process-based handling of IT risks also allows for the derivation of performance indicators and comprehensible reporting.
Based on our proven, long-term practical experience we can support you with the establishment of all required process steps as well as with the assessment of IT risks and the compilation of meaningful risk reporting.


If required, SCHUTZWERK also carries out targeted IT risk assessments for individual IT applications and defined IT environments which do not require a comprehensive risk management approach on behalf of the client.