Business & Technology Risk Partners - ISO27001
Free Information Security Risk Assessment Template.

Free ISO27001 Information Security Risk Assessment Template

I am offering you a simple Information Security Risk Assessment template. Completely free.

I have been using this template for about 15 years. I have taught it on courses for many years and have used it to implement hundreds of Information Security Management Systems. All my clients have successfully obtained certification at the first attempt.

If used with care it will help create a risk assessment that meets the requirements of ISO27001 but more importantly should help you make good decisions about the management of your information security risks.

This template is copyright to Chris Hall, 2022. You have permission to use it only if you are an end user organisation that is implementing or using ISO27001.

You do not have permission to use this template for any other purpose. Specifically, you are not allowed to use this template if you are an organisation or individual providing free or paid for ISO27001 implementation or support services of any kind - e.g. consultants, contractors, professional services firms, certification bodies.

It does not have any macros or active code. Just some formulas.

Row 5 is some notes on how to complete the columns and can be deleted or hidden if you do not need the notes. They are also in the tab about how to use the template.

Column I can also be deleted or hidden if you don't find it helpful.

Note that the example risks and controls in the template are not intended to be real or meaningful. They are just to give you a very rough idea of how it might be done.

Because this template is only for use by end user organisations please request this using an email from an end user organisation email account.

We will not use your email address for any other purpose other than sending you the spreadsheet.

Click here to send an email to request the Risk Assessment Template

Or send an email to "chris@btrp.co.uk"

- Why BTRP?

• We have a proven and extensive track record in short timescales ISO27001 implementations leading to successful certification.
• We have consultants specialising in Information Security and ISO27001.
• All of our ISO27001 consultants have at least 25 years in Industry, typically in IT related activities.
• All of our ISO27001 consultants have at least 10 years’ experience of ISO27001.
• We have consultants that are ISO27001 Lead Auditors and Trainers.
• Chris Hall, our lead ISO27001 consultant is a recognised world expert on ISO27001 with a blog, numerous linkedin articles, etc.
• Chris also previously managed a global UKAS accredited certification business with clients all across the world.
• Chris has trained hundreds of ISO27001 Lead auditors around the world.
• Chris is also a committee member on the UK and international ISO committees that helps manage and develop the ISO27K series of standards.
• Chris is also an invited conference speaker on the topic at national and international conferences.