Template of Risk Management - Risk Assesment Tools

Published under Risk Management

[ tool name ]

Tool Identity Card

General information
Basic information to identify the product. The information provided here contains the name of the product, the company or cross-frontier organization that provides the product and the country of origin in case the product originated from a company or national organization.

Tool name
Vendor name
Country of origin

Level of reference of the tool
Details about the type of initiator of the product:
• World-wide (state oriented) • World-wide (sector oriented) • Regional • Local • Sustained by organization, club

Supported by organization, club,... (e.g. as sponsor)

Brief description of the product
Give a brief description of the product containing general information, overview of functions.


Supported functionality
Specifies the functionality this tool provides.
R.A. Method activities supported: Does the tool provide Risk assessment functionality? If yes, specify the activities included and how they are supported.
R.M. Method processes supported:
Does the tool provide Risk Management functionality? If yes, specify the processes included and how they are supported.
Other functionality: Does the tool provide any further functionality not included in the previous? If yes, specify and describe it.
Information Processed: Specify what kind of results/output this tool generates in each phase.

R.A. Method phases supported

  • Risk identification : 
  • Risk analysis : 
  • Risk evaluation : 

Other phases


R.M. Method phases supported

  • Risk assessment : 
  • Risk treatment : 
  • Risk communication : 

Other phases


Other functionality


Information processed



Date of the first edition, date and number of actual version.

Date of first release
Date and identification of the last version

Useful links
Official web site: hyperlink to the site of the originator/provider of the product, where to download the product or order it.
Related user group web site: hyperlink to the web site of the user group (if any) for the product.
Main relevant web site:
web site that offers relevant and neutral information concerning the product.

Official web site
user group web site
Relevant web site

List the available languages that the tool supports

Languages available

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005).
Free: the solution is free (“freeware”).
Not free:
specify the price for the different licensing models.
Maintenance fee: the yearly fee for maintenance.
Sectors with free availability or discounted price:
if the tool is not free, specify kind of organizations that it may be provided as free or have a price discount.


Sectors with free availability or discounted price

Trial before purchase
Details regarding the evaluation period of the tool (if it does exist).

CD or download available
Identification required
Trial period

Tool architecture
Specify the technologies used in this tool as well as how it is deployed (stand alone application, web application, database used…)

  • Database : 
  • Web server : 
  • Application server : 
  • Client : 



Target public
Defines the most appropriate type of organizations the product aims at:
Governments, agencies: the product is developed for organizations working for a state (e.g. the NSA in USA).
Large companies: the product is useful for companies with more than 250 employees. •
SME: the product is useful for small and medium size companies that cannot afford dedicated Risk Management personnel or complete segregation of duties.
Commercial companies: the product is targeted to companies that have to implement it due to commercial demands from stakeholders, financial regulators, etc.
Non-profit: companies where commercial benefits are not essential like the NGO’s health sector, public services, etc.
Specific sector: the product is dedicated to a very specific sector (e.g. nuclear) and usually cannot be used in other sectors.


Specific sector

General information about the spread of the product including:
Used in European countries: list of EU member states in which implementation is known by working group members. This includes organization as: • European institutions (e.g. European Commission, European Union Council, European agencies). • International organizations situated in Europe (e.g. NATO, UNO, OECD, UNESCO).
Used in non-European countries: used within potential new member states of the European Union or outside the EU in other countries such as Switzerland or USA.

General information
Used inside EU countries
Used outside EU countries

Level of detail
The targeted kind of users is:
Management level: generic guidelines.
Operational level: guidelines for implementation planning, with a low level of detail.
Technical level: specific guidelines, concerning technical, organisational, physical and human aspects of IT Security with a high level of detail.


Compliance to IT Standards
List the national or international standard this tool is compliant with.



Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard.



Information about possible training courses for this tool


Users viewpoint

Skills needed
The level of skills needed to implement and maintain the product (method or standard):
Basic level: common sense and experience.
Standard level: some days or weeks of training are sufficient.
Specialist level: thorough knowledge and experience is required.
To install: the skills needed to install the necessary products.
To use: the specific qualifications needed in order to perform current work (documentation easy to understand, user-friendly interface, etc).
To maintain: is the product stable or are there regular updates that require specific education or regular training. (on a technical side: is it necessary to hire a specialist to perform the actions?)

  • To install : 
  • To use : 
  • To maintain : 


Tool Support
Specify the kind of support the company provides for this product

Support (telephone, email)

Organization processes integration
Tool foresees different roles of users: Specify and explain if the tool supports roles of users.
Tool delivers results that can be used by other processes/activities: Is it able for someone to use the results of this tool in another organization’s activity?

Supported Roles


Intergration in Organization activities


Interoperability with other tools
Specify available interfaces or other ways of integration with other tools



Sector adapted knowledge databases supported
Specify whether the tool provides a knowledge database specific for a sector



Flexibility of tool's database
Specify whether it is possible to customize the tool’s knowledge database to client requirements.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies