Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
ISO 27005StandardInternationalVoluntary

ISO 27005

Authority : ISO/IEC
12 clauses
Overview

What is ISO 27005 ?

ISO/IEC 27005 provides guidelines for information security risk management. It supports the risk assessment and treatment requirements of ISO 27001. The standard describes an iterative process including context establishment, risk identification, risk analysis, risk evaluation, and risk treatment, along with communication and monitoring. It is compatible with other methodologies such as EBIOS RM or NIST SP 800-30.

Key Points

  • Iterative process: context establishment, identification, analysis, evaluation, and risk treatment
  • Compatible with ISO 27001: addresses the risk assessment requirements of clauses 6.1.2 and 8.2
  • Approach based on assets, threats, vulnerabilities, and consequences
  • Four treatment options: risk reduction, acceptance, avoidance, and transfer
  • Continuous monitoring and review of the risk management process

Why Zaxyr

Zaxyr integrates a risk analysis engine compliant with ISO 27005. The platform automates asset inventory, threat and vulnerability identification, risk level calculation, and treatment plan generation. Results directly feed the ISO 27001 SoA and are tracked in an auditable risk register.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.