Lausanne, 8.1.2010. It is undisputed that the effectiveness of a risk treatment depends on how the specific risk assessment has been conducted. Being the goal of the risk treatment to have the lowest possible value on the residual risk, it is extremely important to be able to implement a fully functional “Information Security Risk Management Process” (ISRM). The easiest way is to organize it, according the well-known Deming wheel (btw a fundament of ISO 9001). An ISRM process according the four phases plan-do-check-act would be organized as follow:

• PLAN: Establishing the context, Risk Assessment, Developing a risk treatment plan, risk acceptance.
• DO: Implementation of Risk Treatment plan.
• CHECK: Continual Monitoring and review of Risks.
• ACT: Maintain and Improve the Information Security Risk Management Process

It is only by organizing efficiently your Risk Management process that a company will be able to turn proactively risks into opportunities. MinimaRisk helps you to effectively introduce such Risk Management processes diminishing your exposure the Operational Risks, and levaraging the downside of a risk.