verinice Risk Catalog (ISO 27001)

€499.80 *

Prices incl. VAT

Net price: €420.00

Free of shipping costs!

Available as download


  • VRC-EN.1
The verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for download in... more
Product information "verinice Risk Catalog (ISO 27001)"

The verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for download in the verinice.SHOP or in the update repository for use in verinice version 1.26 and higher.

This new verinice Risk Catalog (ISO/IEC 27001:2022) contains file that can be imported directly into verinice and provides an extensive, detailed catalog of generic threats, vulnerabilities and risk scenarios, which speeds up ISO/IEC 27005:2022 risk analysis. A list of sample assets and processes is also included, which can serve as a basis for particular risk assessments.

verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition

This catalog contains original content from standards ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022, licenced from ISO via Beuth Verlag. Please refer to the copyright notice at the end of this text. The price of the single user license sold here in the shop is calculated according to the duration in years and number of users. For the "verinice.PRO "verinice.PRO" version please contact SerNet sales SerNet-Vertrieb for a graduated offer. Please note that due to Beuth Verlag’s licensing requirements, the contents of the original standards can only be read in the program and cannot be exported (PDF, Word, Excel, etc). See this catalog in action in our screencast (!

Your benefits at a glance

  • The new verinice Risk Catalog - ISM Edition is a file that can be imported directly into verinice, providing a comprehensive catalog of generic yet detailed threats, vulnerabilities and risk scenarios. Of course, the catalog includes both the management requirements from Chapters 4 to 10 and the controls from Annex A of ISO/IEC 27001:2002. In addition, you will also find placeholders for required documents that may be necessary for an ISMS.

  • verinice enables the collection of all information assets that are mandatory for certification and risk analysis. Assets are already predefined in this catalog.

  • Also included is a list of processes that can be used as a basis for your own risk analysis. The application of the PDCA cycle for all processes of the ISMS can be consistently implemented and verified with verinice.

The technical rules (DIN, EN, ISO and ISO/IEC standards) reproduced in this software are protected by copyright and licensed for use within the scope of this software by Beuth Verlag GmbH, Berlin. Any reproduction of the technical rules outside this software, for example by printing or saving, is prohibited. The technical rules can be purchased from Beuth Verlag GmbH (

scope of delivery / product content

The risk catalog is provided as an encrypted, ZIP-compressed verinice archive (.lic.vna) that you can unzip to a location of your choice and then import. In the unpacked folder you will find

  • The sample organization (verinice_Risk_Catalogue_according_to_ISO_IEC_270012022_EN.lic.vna) based on ISO/IEC 27001:2022 for use in the ISM/ISO perspective.

  • A manual in PDF format.

For the implementation of the requirements in verinice, you must work within the ISM perspective and can therefore also use the standard functions of verinice. Please note that for the concrete work with the module you might also need the verinice manual as well as the original standards of ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022.

180 generic risk scenarios, applicable to any organization, in the following categories:

  • Physical Damage

  • Inadequate Maintenance or Replacement

  • Unstable Power Grid and Other Electrical Issues

  • Staffing and Operational Issues

  • Telecommunication Failures

  • Cyber Attacks and Exploits

  • Information Theft and Disclosure

  • Tampering and Unauthorized Usage

  • Legal Violations and Insufficient Security Measures

  • Resource and Service Provider Failures

  • Violation of compliance requirements

Over 1000 relations between the above risk scenarios and the ISO/IEC 27001:2022 (Appendix A) controls designed to address those risks. All you need to do is complete the implementation status of your organization’s controls and adjust the relations as needed!

60 fundamental threats in the following categories

  • Compromise of functions or services

  • Human actions

  • Infrastructure failures

  • Natural threats

  • Organizational threats

  • Physical threats

  • Technical failures

  • Compliance infringements

84 inherent information processing vulnerabilities in the following categories

  • Hardware

  • Network

  • Organization

  • Personel

  • Site

  • Software

  • Compliance vulnerabilities

147 sample assets (linked to seven basic business processes) in the following categories

  • Hardware

  • Information

  • Network

  • Organization

  • Personnel

  • Software

  • Location

Support for the implementation of ISO/IEC 27001:2022, Annex A: Explanations and assistance for all 93 controls from ISO/IEC 27002:2022 with their purpose, guidance and other information.

List of 60 documents and records mandatory for ISO/IEC 27001:2022 certification. This includes placeholders as a checklist for guidelines, policies, and related documents required by chapters 4 through 10 of the standard or by the controls in Annex A.

Template catalog for an internal audit according to the ISA standard (Information Security Assessment). This facilitates a maturity level-oriented quick audit based on ISO/IEC 27001:2015 even without prior knowledge of the standards.

The VDA ISA standard in version 5.1 still references the old version of ISO 27001:2015. As soon as the VDA has revised the ISA standard, it will also be updated in the verinice Risk Catalog.

German mandatory copyright notice by Beuth Verlag: "Die in dieser Software wiedergegebenen technischen Regeln (DIN-, EN-, ISO- und ISO/IEC-Normen) sind urheberrechtlich geschützt und zur Nutzung im Rahmen dieser Software von der Beuth Verlag GmbH, Berlin, lizenziert. Jede Vervielfältigung der technischen Regeln außerhalb dieser Software, zum Beispiel durch Ausdruck oder Abspeichern, ist untersagt. Die technischen Regeln können bei der Beuth Verlag GmbH ( erworben werden."

Further information

Discussion in the verinice.FORUM:


Beuth Verlag GmbH
Saatwinkler Damm 42/43
13627 Berlin

SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen

© 2022
DIN Deutsches Institut für Normung e. V.
Saatwinkler Damm 42/43
13627 Berlin

© 2023
SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen

Related links to "verinice Risk Catalog (ISO 27001)"