ARAT – Astec Risk Assessment Tool is a web application tool for information risk assessment with a user-friendly interface for simple risk quantification and support for action management

ARAT application facilitates risk assessment and tracking of actions approved by management to reduce the risks to acceptable level.

The application includes built-in threat, vulnerability and action catalogues from Annex A of ISO/IEC 27001:2005 standard that can be edited through administrator interface.

• Possibility to use any risk matrix
• Databases of threats, vulnerabilities and security controls from Annex A of ISO/IEC 27001/2005 standard
• Tracking the actions taken to reduce the risks
• Reports of estimated risks, actions, due dates, responsible persons and expected costs of actions implementation
• Possibility to export results to XLS, DOC format
• Role-based access rights
• Audit log

ARAT Advantages

• Proven international methodology (presentation)
• Simple and fast risk assessment per business processes or organization
• Transparent overview of actions for risk reduction
• Possibility to adapt to organizational risk management process
• User-friendly

Astec Advantages

• Certified experts
• Experienced team
• Rich experience in consulting and implementing ISO/IEC 27001:2005 standard
• Astec is ISO/IEC 27001:2005 certified organization

»The Agency was looking for risk assessment tool that would provide understandable methodology and transparent results. The ARAT tool turned out to be beneficial in coping with large amount of data and complexity of results.« - Polonca Blaznik, Ph.D., Chief information officer, Environmental Agency of the Republic of Slovenia