COMPLIANCE · SECURITY

ISMS Risk Assessment

Identify threats, qualify risks and define a treatment plan aligned with ISO 27001.

Request an assessment Learn more

What is an ISMS risk assessment?

An ISMS risk assessment provides a structured evaluation of threats to your organisation's information assets. By identifying vulnerabilities, qualifying risks and defining a treatment plan, it forms the foundation of any information security management system (ISMS).

Implementing the recommendations from the assessment enables effective management of security measures and year-on-year improvement of cybersecurity within the organisation. This iterative approach is at the heart of the continual improvement required by ISO 27001.

ISO 27001

international reference standard

MONARC

risk analysis platform

4

structured engagement phases

METHODOLOGY

How do we proceed?

The engagement follows a structured, pragmatic approach in four phases, based on the MONARC method.

Information gathering

Analysis of existing documentation, interviews with key stakeholders, identification of critical business processes and understanding of information flows.

Risk analysis

Risk assessment via MONARC: each asset is analysed against threats and vulnerabilities, then ranked by probability and impact.

Deliverables & presentation

Analysis report, risk register with criticality levels, prioritised treatment plan. Presentation to management during a formal handover session.

Remediation

Support during implementation: policy drafting, technical or organisational controls, team awareness training.

Prerequisites

Existing documentation (security policies, procedures, asset inventory, supplier contracts), access to key personnel (business managers, IT and security teams), mapping of main business processes and information flows, a dedicated client contact for engagement management.

CASE STUDY

Public administration

NIS2 compliance preparation through a comprehensive MONARC risk assessment

Public sector

A Luxembourg public administration wanted to prepare for compliance with the European NIS2 directive and anticipate the requirements of the forthcoming national transposition law.

Tomeris conducted a comprehensive risk assessment using the MONARC platform, covering all of the administration's information assets. The evaluation identified existing vulnerabilities and produced a risk register aligned with the directive's requirements.

The recommendations were formalised in a prioritised treatment plan. Management now drives the implementation themselves — a sign of successful knowledge transfer.

A risk assessment update is already planned to measure progress and adapt the register to regulatory changes.

Results

NIS2 MONARC ISO 27001

Ready to master your risks?

Request an ISMS risk assessment and get a comprehensive evaluation of your information assets with an ISO 27001-aligned treatment plan.

Contact us View our other services