Risk Management

Risk Management Consulting

In the past, risk management was primarily used in finance. Today, risk management has evolved and applies to all aspects of an organization operations. Managing your operational and IT risk gives you an advantage over your competitors, allowing you to be ready to make rational decisions when faced with uncertainty. No matter what your driver, whether you are looking to implement an ISMS (Information Security Management System) and ultimately become ISO 27001 certified, or whether you just want to be ready, Fireloft can help.

Fireloft can handle all aspects of your risk management program following the ISO 27005 or NIST 800 framework.

Our Risk Management Process

Context Establishment

Your consultant will work with you and your stakeholders to gather information on the purpose, criteria, and scope of the risk management activities including defining the risk acceptance criteria based on the risk appetite of the organization.

Risk Assessment

We will identify all organizational primary and supporting assets within the scope defined in the context establishment phase of the project. A qualitative risk assessment will be performed on the assets by valuing the loss of confidentiality, integrity, and availability.

Risk Treatment

Working with you and your stakeholders, your consultant will help with selecting appropriate controls in order to mitigate the risks using measures to reduce, retain, avoid, or transfer the risk.

Risk Acceptance

Each risk will be evaluated against the risk acceptance criteria to prioritize the risk list with treatment options.

Risk Communication

We will provide you with an executive summary for your C-level stakeholders, and a detailed risk register report for you.

Risk Monitoring and Review

We can come and monitor our implemented mitigating controls and review to ensure that they are working as planned, and that the calculated residual risk level is accurate.

ISO 27001

Consulting, Gap Analysis, and Risk Management

ISO 27001 is an internationally recognized standard for providing the requirements for implementing and maintaining an Information Security Management System (ISMS). Your ISMS is your systematic framework for managing your organizations confidential information so that it remains available and secure. The ISMS includes people, processes and IT systems applied by the ISO 27005 Risk Management framework.

Whether you are a certified ISO 27001 organization, or just thinking about becoming certified, Fireloft can help you with one of our many service offerings:

ISO 27001:2005 to 27001:2013 Transitions

We can take your organization from certification in ISO 27001:2005 to the latest 2013 version of the standard.

Gap Analysis

As part of this service, we will analyze your organization's ISMS (Information Security Management System) and identify any gaps which may prevent you from certification.

Risk Management

Our services range from a simple one-time risk assessment, all the way to implementing and managing your organizations Risk Management Program.

Internal Audits

Another mandatory requirement of ISO 27001, we can perform an internal audit on your already established Information Security Management System (ISMS).

Network Security Assessment

Regularly scheduled network vulnerability scans of your internal network can help identify weaknesses in your networks.

Security Awareness Training

Our training courses are designed to teach your employees on appropriate system use, security requirements, and user responsibilities when it comes to handling confidential data. We can also customize a training course just for you, on the security topic of your choosing.

SSAE16 - SOC1 / SOC2

Consulting and Readiness Assessments

Whether you are trying to build trust with your clients, or trying to stand out from your competition, having a SOC report available is a vital tool within your compliance arsenal.

Fireloft can help you successfully complete your SOC1 or SOC2 audit without any identified weakness of your controls.

Our SOC Readiness Process



We will spend time with you discuss your requirements and draw out the appropriate scope of your audit.


Project Plan

We will provide you with our system description questionnaire and contact request list for your business processes.


Readiness Assessment

We will work with your identified asset and process owners to gather the required information regarding your system's control, and evaluate the effectiveness against the control objectives.



We will provide you with a complete readiness assessment report containing a list of all identified gaps and weaknesses within your service organizations system, along with recommendations on how to best implement controls to fill the gaps.

Get Started