Optimum Web
Risk Management & Incident Response

Risk Assessment

Risk registers, treatment plans, information security policies.

3 services · Fixed price · 14-day warranty · Senior engineers only

NIS2CR-NIS2-03

Risk Analysis & Information Security Policy

Risk analysis + Information Security Policy covering 5 frameworks at once. Threat identification, risk scoring, treatment plan, formal policy document. $490, 5-7 days.

$490 5–7 business days
14-day warranty
ISO 27001CR-ISO-04

Risk Assessment & Treatment Plan

Formal ISO 27005 risk assessment with treatment plan and Statement of Applicability. Ready for ISO 27001 Stage 1 audit. Also covers NIS2, SOC 2, DORA. $490.

$490 5–7 business days
14-day warranty
DORACR-DORA-01

DORA ICT Risk Assessment

DORA-specific ICT risk assessment for financial sector. ICT asset inventory, risk framework, third-party dependencies, resilience strategy. Ready for financial regulator review. $590.

$590 5–7 business days
14-day warranty

Compare Services

ServicePrice
NIS2
Risk Analysis & Information Security Policy		$490Details →
ISO 27001
Risk Assessment & Treatment Plan		$490Details →
DORA
DORA ICT Risk Assessment		$590Details →

Frequently Asked Questions

How is this different from a penetration test?+
A penetration test finds specific technical vulnerabilities. This risk analysis takes a broader view: business risks, process risks, people risks, not just technical weaknesses. The pen test is one input to the risk analysis, but not the whole picture.
Do we need this for NIS2 compliance?+
Yes. NIS2 Article 21(2)(a) explicitly requires 'policies on risk analysis and information system security.' This service produces exactly those artifacts.
What risk methodology do you use?+
ISO 27005 risk assessment methodology, which is the standard for ISO 27001. Risk scores are calculated as Likelihood × Impact with a 5×5 matrix. The methodology is documented in the deliverables.
Can the Information Security Policy be used for multiple frameworks?+
Yes. We write the policy to satisfy NIS2, ISO 27001, SOC 2, and DORA simultaneously. Each section includes cross-references to the relevant framework requirements.
How often should the risk assessment be updated?+
Annually, or when significant changes occur (new systems, new threats, business changes). We recommend our Quarterly Compliance Review (CR-GDPR-16) to track risk changes between annual assessments.

Also in Risk Management & Incident Response

Incident Response

Response plans, reporting workflows, 24-hour NIS2 alerts.

3 services

Business Continuity

BCP/DRP, disaster recovery, digital resilience testing.

2 services

Vulnerability Management

Scanning, penetration testing, phishing simulation.

3 services

Security Monitoring (SIEM)

Centralized logs, anomaly detection, alerting dashboards.

2 services
$5

Not Sure Where to Start?

Our IT Health Check finds every compliance gap in your infrastructure. 1 business day. You get a prioritized list of what to fix.

IT Health Check — $5

Not sure which service you need?

Free Consultation ← Back to Risk Management & Incident Response