Standard-based risk assessment

Your roadmap to a secure, resilient organisation.

Security gaps matter, but how much? The standard-based risk assessment give you clarity and direction. Our consultants help you move from reacting to threats to building a mature, evidence-driven security posture.

Talk to an expert
Solutions
Pauwels logo
Club Brugge logo
Easi logo
Hoplr logo
Cimpro logo
Cordeel logo
Responsum logo
Imelda ziekenhuis logo
Citymesh logo
Horafrost logo
Ipsos logo
Pionira logo
Wit Gele Kruis logo

We translate gaps into actionable security priorities

Whether you’re working toward certification or just want to improve your security posture, Cingulum helps you bridge the gap between awareness and action.

Our approach is simple and effective:

  • We analyse the available documentation you already have
  • We identify what’s valuable, vulnerable and at risk
  • We describe realistic, practical mitigations
  • We bundle those into prioritised security projects
  • You get a clear timeline, ownership and focus
Two colleagues working together on laptop

You won’t get a theoretical audit or a 100 page PDF no one will read. Instead, you’ll get a practical security roadmap based on your reality, on which you can start to build your security implementation.

Talk to an expert

3-phase Risk Assessment Method

1. Documentation Review

We start with a structured analysis of all relevant materials:
Policies, contracts, audit reports, asset lists… you name it.
We identify gaps, flag missing documents, and make sure we’re working with complete and accurate information.

The faster this phase is completed, the faster we move to results.

2. Risk Analysis

Using input from the gap analysis and documentation review, we assess:

  • Which company assets are most critical
  • Which threats and vulnerabilities affect them
  • What the realistic risk levels are (likelihood × impact)

Based on this, we build a detailed risk register with:

  • Risk descriptions
  • Vulnerabilities & threats
  • Risk levels (low to very high)
  • Suggested risk owners

3. Mitigation & Roadmap

Here’s where we turn insight into a roadmap for action. For each medium, high or very high risk, we describe:

  • Necessary mitigation actions
  • Dependencies or overlaps
  • Integration with your compliance strategy (e.g. ISO 27001 SoA)

We group related risks into 4 or 5 targeted projects. Each project includes:

  • Objective
  • Responsible team or owner
  • Timelines
  • Prioritisation

Everything comes together in a presentation-ready roadmap and timeline.

Want a sneak peek at what your roadmap could look like?

Get personalised insights and a tailored roadmap for your goals. On our call, we’ll walk you through what’s possible.

Book a call

What you get from us

Cyber- and information security can be overwhelming. We’re here to help you take control and stay on top of it. Trusted by Belgian and European organisations in sectors including finance, healthcare, logistics, and public institutions, we bring structure, clarity, and focus to your security challenges.

Here’s what you can expect after finishing the standard based risk assessment:

  • Statement of Applicability (SoA) – ISO 27001 aligned
  • Prioritised Risk Register – with all critical risks documented
  • Mitigation Descriptions – practical, relevant, not generic
  • Project Folders – structured by grouped risks
  • Timeline & Roadmap Presentation – ready for internal presentation
  • Consultant Presentation – where we walk you through the strategy, step by step

All tailored to your organisation’s context and readiness.

“Cingulum gave us a practical risk register and a roadmap we could actually use. We didn’t expect to get so much clarity in such a short time.”
CISO
Financial Services Client

Why work with Cingulum?

We’ve helped companies across Belgium and Europe build smarter, safer security strategies, without overcomplicating things. Here’s what makes us a trusted partner:

  • We’re clear: no fluff, no vague theory, but trustworthy and transparent communication
  • We’re local: Belgium-based, with EU-wide compliance expertise
  • We’re experts: cybersecurity, privacy and risk; we have it all under one roof, backed by a big group with relevant knowledge.
  • We’re practical: we focus on what matters within the set scope and what works

Our goal is simple: to help you secure your organisation without slowing it down or disrupting the operations.

Talk to an expert
Two colleagues working together

Curious who you’ll be working with?

Jorien Aerts

Jorien Aerts

Privacy & Information Security Consultant

Sarah Smolders

Sarah Smolders

Senior Privacy & Information Security Consultant

Bart van Deursen

Bart Van Deursen

Senior Information Security Consultant

Meet the whole team

Frequently Asked Questions

Not fully,  but the more you can provide early, the faster we can get you results. We’ll help identify missing pieces as we go.

Most clients complete the full process in 2–4 weeks, depending on how quickly we can gather documents and feedback.

Absolutely. Our deliverables align with ISO 27001 expectations, including a Statement of Applicability and a project-based roadmap.

Yes, we can. While this phase focuses on defining the strategy, Cingulum also offers implementation support if you need it.

It’s advised to do the Maturity Assessment prior to the Standard Based Risk Assessment, as this helps us get the whole picture. For more information, visit our Maturity Assessment here.

Let's discover your security risks and prioritise what matters

Ready to turn risks into results? Request your standard based risk assessment here.

Let’s schedule a short discovery call to understand your context and see how we can help.

Cingulum does everything possible to protect and respect your privacy. You can unsubscribe from our mailings at any time. For more information about how we process your data, please read our privacy statement.
Contact