Cyber Security Risk Assessment Template



Consulting package for Cybersecurity Risk Assessment (CRAT)

Need to perform an information security risk assessment? This is a pretty common requirement that can seem like an insurmountable obstacle, since most people are not trained on how to perform a risk assessment or they lack a simple tool that is comprehensive enough to meet their needs. This is where our Information Security Risk Assessment Template (CRAT) comes into play – we developed a simple Microsoft Excel template to walk you through calculating risk and a corresponding Word template to report on that risk. If you can use Word and Excel, you can successfully use our templates to perform a risk assessment. We even give you a completely filled-out example risk assessment, so that you can use that as a reference.

The CRAT supports the Risk Management Program (RMP) product in answering the how questions for how your company manages risk.

This contains both an editable Microsoft Word document and Microsoft Excel spreadsheet that allows for professional-quality risk assessments.

The CRAT directly supports the RMP, as well as the Written Information Security Program (WISP) and Digital Security Program (DSP) policies and standards, for managing cybersecurity risk. It does this by enabling your company to produce risk assessment reports.


Lack of In-House Risk Experience – Many organizations lack internal staff who can come up with quality risk assessments. The CRAT is an affordable solution for managers or IT staff to conduct quality risk assessments.

Audit Failures – Most organizations run into trouble in audits when asked to provide evidence of risk assessments being performed. The CRAT provides a template to conduct repeatable risk assessments in a very professional format. The CRAT provides this evidence!

Vendor Requirements – It is very common for clients and partners to request evidence of a risk assessments. Clients and partners often ask to see evidence of risk assessments so they can also understand your risks. The CRAT provides this evidence!

Compliance Requirements – Requirements such as PCI DSS, HIPAA, MA 201 CMR 17.00 and NIST 800-171 establish a mandate to conduct risk assessments. The CRAT addresses these compliance requirements!