• Overview|
• Capabilities|
• Downloads|
• Contact us|
• Training|
• Support

• Home|
• Site map|
• Help

• Latest news
• Risk assessment
• Business continuity
• ISO 27001 compliance
• GLBA/HIPAA compliance
• Controls database
• Documentation
• Consultancy

CRAMM controls database

The CRAMM controls database is an extremely valuable resource in its own right. It covers all aspects of information security including technical, physical, personnel, documentation and procedural measures.

The controls have been drawn from a wide variety of authoritative sources and recognised standards including the UK Government's Security Authorities, ISO 27001, the Information Technology Security Evaluation Criteria (ITSEC) and our own consultants. Each control is referenced by:

• The assets for which it is appropriate
• The type of control, eg. whether it reduces the threat of - or vulnerability to - security breaches, reduces the impact from these breaches, detects failures or facilitates recovery
• The risks for which the control is appropriate
• The effectiveness of the control
• The cost of the control
• The ISO 27001 control objectives that the control supports.

Users can browse the controls database to identify controls that may be relevant to their business and applications and then explore these in increasing levels of detail. In addition, CRAMM's risk assessment tools can be used to determine whether controls are required, and can be justified, on the basis of the assessed risks.
The CRAMM controls database is regularly updated to keep it in line with developments in information security processes, standards and technology.

Need more details?

The CRAMM Development Team have produced a document that describes how the countermeasures in CRAMM are determined and calculated.

• Download report