• Overview|
• Capabilities|
• Downloads|
• Contact us|
• Events|
• Support

• Home|
• Site map|
• Help

[Advanced]

• History
• How it works
• Scope
• Profiles
• Users
• CRAMM Expert
• CRAMM Express

The history of CRAMM

1985

The UK Government's Cabinet Office tasked the Central Computer and Telecommunications Agency with investigating the risk analysis and management methods currently in existence within Central Government for information security. Following this investigation, a new manual method was developed by CCTA which drew upon all of the existing best practices under the title of the CCTA Risk Analysis and Management Method (CRAMM).

1987

The launch of a software tool that automated the CRAMM process. Due to its success within Government, a commercial version of CRAMM soon followed in 1988 that was tailored specifically to the needs of commerce. At the same time, an independent users group was formed which continues to provide a valuable forum for users to meet and help shape the development of the method.

1987 - 2000

CRAMM continued to evolve and maintained its position as a leader in the field of risk assessment with fully updated versions released in both 1992 and 1996. In 1996, the ownership of CRAMM passed from the CCTA to the UK Government's Security Service who took on the role of both manager and owner.

2001

2001 saw the release of Version 4 of CRAMM which has been solely funded by Insight Consulting Limited in our new role as CRAMM Manager. Since it's original development in 1985, Insight Consulting has been heavily instrumental in increasing the use of CRAMM throughout the world.

Insight has incorporated its experience and knowledge base from hundreds of client consultancy assignments into this new version. CRAMM also now includes Insight's successful methodology for gaining compliance with BS7799.

2003

CRAMM Version 5.0 is launched containing CRAMM Express functionality and the updated BS7799 Part II. See the CRAMM Version 5 page for more information. CCTA, now part of the Office for Government Commerce, remains closely involved in the development of best practice methods for use in the common good. CRAMM was one of the earliest of these and remains consistent with OJEC guidance on the Monitoring of Risk (MOR).

2005

Version 5.1 of CRAMM to be released to coincide with the new version of BS7799.

Find out what's in 5.1

Register now for one of our CRAMM Open Days to hear - and see - what's going to be included in CRAMM Version 5.1.

• Open Days