The CRAMMmethod (CCTA Risk Analysis and Management Method) is a methodology intended for use in Risk Management. CRAMM, which today belongs among methodologies with the widest application in the analysis and management of risks was developed based on the needs of the British governmental agency CCTA in 1985.
The application of CRAMM in practice: The CRAMM methodology complexly covers all phases of risk management, from the actual analysis of risks all the way to the proposal of countermeasures, including the generation of outputs for security documentation (emergency and continuity assurance planning). CRAMM is concurrently supported by application of the same name which helps in the collection of data as well as in the calculation and processing of risk management report. The CRAMM tool makes three types of analysis possible:
- CRAMM Expert Analysis
- CRAMM Express Analysis
- Analysis BS7799 (ISO 27001)
CRAMM also helps to prove the efficiency of the cost expended on risk management, security and emergency planning. It contains a unique broad library of security countermeasures. The application of the CRAMM methodology enables organisations to prepare for their certification according to ISO 27001. It is also in accord with other ISO norms ( ISO 9001 and ISO 14001).
- CRAMM 5