Conducting ISO 27001 Risk Assessments – A five-step compliance guide

Section 6.1.2 of ISO 27001 explicitly requires compliant organisations to carry out risk assessments based on agreed risk acceptance criteria. Conducting the risk assessment is often a tricky and complicated task, especially if it is your first time doing so.

Receive risk assessment tips from the ISO 27001 experts in this free paper:

• Understand the relationship between ISO 27001 and ISO 31000;
• Discover how to produce reliable and robust results in five simple steps;
• Identify the challenges you may face during the risk assessment process; and
• Recognise the importance of the risk assessment to the ISO 27001 SoA (Statement of Applicability).

Published: February 2026
Keywords: Risk management, ISO 27001, information security, management systems