Information Technology Risk Assessment

Information Technology Risk Assessment Tool

What is the Information Technology Risk Assessment Tool?

The Information Technology Risk Assessment Tool is the world’s first software-as-a-service (SaaS) cloud-based information technology risk assessment tool that helps organisations to identify, assess, mitigate and manage information technology risks across the following dimensions and over 650 different risk factors.

The Information Technology Risk Assessment Tool provides a standardised process for performing risk assessments on the core requirements of an IT risk management framework to assist organisations in designing, implementing and maintaining robust policies, procedures, systems and controls to reduce risk.

To find out more about the key features and benefits of the Information Technology Risk Assessment Tool, click here to learn more.

Solution Overview

The Information Technology Risk Assessment Tool contains over 650 different risk factors which are organised across the following risk categories:

Internal Risks

    • Risk Management – IT Risk Management Framework, IT Risk Strategy, Governance and Oversight, Organisational Management of IT, IT Policies and Procedures, IT Risk Reporting, Change Management, Developing an Information Asset Profile, Data Quality Framework, Business Continuity Planning, Disaster Recovery, IT Program and Project Management, IT Training, Employee Risks and Third Party Relationship Risks
    • Systems Development Lifecycle – Project Initiation and Scoping, Proof of Concept, Design, Development, Testing and Integration, Implementation and Deployment, Post Implementation Reviews, Business and IT Operational Management, Maintenance and Disposal
    • Threat Assessment – Threat Type (Organisational, Business Process, Data and Systems), Technical Threats (Hardware and Software, Accidental or Deliberate Damage, Destruction or Misuse of Data, Interception and Impersonation), Physical Threats (Loss from theft, vandalism or sabotage or accidental damage), Environmental Threats and Support Infrastructure Threats (Power Supply, Telecommunications, Support Environment).

External Risks

    • Risk Management – includes the same risk categories as above for internal risks but this dimension is used for assessing the risks of dealing with external vendors and other third party suppliers, using the same criterion
    • Threat Assessment – includes the same risk categories as above for internal risks but is used for considering when threats arise from outside your organisation.

Click here to enlarge diagram.

How it works – Get started in 4 easy steps

Configure Model

Use out-of-the-box or tailor to suit your requirements – adding risk factors, changing scores or weightings between categories is easy!

Learn more

Create Assessment

Assess the inherent risk (likelihood x impact) and assess effectiveness of any mitigating controls across 650+ different risk factors

Learn more

Generate Report

Generate a PDF snapshot report for audit purposes containing data analytics, observations and recommended actions.

Learn more


We offer flexible pricing options based on your organisation’s needs.

You can choose from a subscription-based pricing model for cloud-deployments (multi or single tenanted) or on-premise deployments.

Please contact us to discuss your requirements.

Want more info?

Download brochure.

Want a free trial?

30 day free trial.

Companies we have worked with

In the media

Our subject matter experts are recognised as thought leaders in financial crime prevention and are regularly featured in leading GRC publications showcasing our knowledge and experience. We often present at conferences and have done our share of webinars too!