ARAT is great for your company if you are short on manpower and really need to be sure you have covered all aspects of risk assessment process. We have worked hard to present you with an easy–to-use service which pushes you to focus on your final goal – management confirmed and ISO 27001 compliant report.



Intuitive interface

ARAT’s intuitive and slick user interface naturally guides you through risk assessment process, yet enables you to select your own workflow.

You will not have any tab hassle, redundant actions or long trainings and support for complicated tools which you or process owners do not want to use.

As a result, you need only a day of work to get your first ISO 27001 compliant report.

intuitive interface risk assessment tool

risk assessment tool catalogue

Rich, interrelated catalogue of items

ARAT's most prominent advantage is a rich, interrelated catalogue of assets, threats and vulnerabilities which enables you to reproduce the typical information security situation super-fast.Simply by selecting the information asset, its typical threats and vulnerabilities are used to auto generate the potential risk incidents.

Information assets are also predefined into manageable groups. This simplifies the risk assessment procedure and improves results overview. You can also copy & paste various items and save your time. Sure, you can modify andcustomize the ARAT catalogue to suit your own needs by simply defining your scope. 


Top level or detailed risk assessment

Risk Assessment can be done in a way that suits your current situation. You can choose between top level risk and detailed risk assessment.

The first one is used when a quick and coarse risk status is required. Within this approach, you define the scope in terms of asset groups, and do not specify particular information assets. The risks are then estimated on the asset group level. This approachsignificantly reduces the workload to get the first impression of risk situation.

The second, detailed risk assessment enables the assessor to focus on a single information asset only. This approach allows you to assess risk in detail as much as you need to.


risk assessment tool action management

Action management

A very important step after risk assessment is action management.

This is the reason why the management screen and report in ARAT includes actions, action costs, action due date, action status, responsible person - all viewed at a single screen.

We also included time saving filters which allow you to only see the items of your interest and focus on the task at hand. In this way, sound business decisions can be made much more easily.



With Insightful dashboard and Standardized management report, the management will have a quick overview where the most problematic areas are!


Insightful dashboard

The dashboard gives you and management a quick overview and detailed insight into problematic business processes, most effective actions, threat level and most risky assets.

This insightful reporting, pointing to key areas enables you to focus on the most risky areas.

Insightful dashboard risk assessment tool

Action plan table

Standardized management report

The final report of risk assessment, also named »Risk Treatment Plan« or “Statement of Applicability«, contains information about security measures, information assets, threats, risks, costs, responsible personnel and due dates to conduct the security measures.

The report is available as a DOC format, so you can adjust it to your company standards. 

Multi-user environment

The application can be used by all employees involved in the risk assessment process.

Different groups have different access rights, e. g. Administrator (Chief Security Officer), Writer (Process owner, CEO), Reader (Auditor), or any group with customized rights.

For example, management is restricted to reading and confirming of risk assessments.

Multi-user environment

ISO/IEC 27005:2008 compliant methodology

Proven, ISO/IEC 27005:2008 compliant methodology

ARAT is compliant with requirements from ISO/IEC 27005:2008 standard for security risk management.

The methodology is extended with numerous years of experience and proven in many real cases.

Its modular structure allows you to adapt other risk assessment methodologies as well. ARAT was built by Astec team, an ISO/IEC 27001:2005 certified organization.


Bank-Grade, 256-bit SSL Encryption

As an ISO/IEC 27001:2005 certified organization, we take your security very seriously and present you with a secured service with 256-bit SSL encryption.

This is even more secure than most Internet banking websites which usually have only 128 bit SSL encryption.

Furthermore, the identity service website is verified by Go Daddy Certification Authority.

Bank-Grade 256-bit SSL Encryption