top of page

Today’s enterprises rely on increasingly complex digital platforms to deliver the essential services that businesses require. Whether it is converged communications platforms, client and sales systems or business critical operational platforms this digitally enabled infrastructure is at the core of delivering key business services.

The challenge this presents to businesses is not to just offer better availability and greater accessibility to stakeholders, but also to do this securely. However, with complexity and availability comes the threat of compromise and, regardless of the organisation, there will always be the potential for an organised crime gang or a disaffected/compromised employee to disrupt business operations.

Alongside that is the possibility of accidental (via phishing or malicious software) or mischievous damage to systems if the vulnerabilities that inevitably exist in the systems, and the way they are integrated, are not addressed.


In order to effectively target security activities, it is important to understand the holistic risks to any business and assess the interaction between people, process, and technology in the workplace. The Fortis Cyber Vulnerability Risk Assessment (CVRA) is an enterprise-wide risk assessment of an organisation’s current cyber security posture and awareness which highlights key threats and vulnerabilities so security activities can be effectively targeted and prioritised to mitigate risk.

Cyber Vulnerability Risk Assessment

Table Overall-01.png
Full Table.png

Understand your current cyber security posture

Identify gaps, blind spots and potential threats

IASME Governance Certificate

ISO/IEC 27001

Picture 1.png
IASMElogo-GOLDcertified-2017-FINAL-1024x635 white.png

Optimise cyber resilience

Prioritise remediation activity

NIST Cyber Security Framework

US Department of Defense Cybersecurity Maturity Model Certification (CMMC)

Picture 2.png
Picture 1.png
Table only-01.png

The key benefits of undertaking a CVRA are to review existing security controls, understand the potential impact of

threats and vulnerabilities on business critical systems and assets and enable the organisation to take appropriate

action to adequately address any identified vulnerabilities.

Risk assessments are also a common compliance requirement for international security standards and security frameworks such as:

Address vulnerabilities and mitigate risk

Fortis has a proven pedigree in producing successful CVRAs that deliver significant and measurable business benefits. Our consultants are experts in their field and are National Cyber Security Centre (NCSC) Certified Cyber Professionals (CCP) and Security and Information Risk Advisor (SIRA) certified. They will work with you to tailor the CVRA to your organisation’s specific requirements and ensure it gets to the root of any identified risks, threats and vulnerabilities.


Our consultants gather vital information about the business and gain insight into current policies and procedures, analysing them against industry best practice, identifying gaps and highlighting areas to improve, resulting in a comprehensive and actionable risk assessment report and a recommended roadmap to remediate the outcomes.



People, process, technology and how staff securely interact with technology


Risk assessment analysis process


Our consultant will gather information about the organisation through documentation reviews and meetings and collate it into a set of preliminary models covering people, process, and technology. A vulnerability assessment will be undertaken to provide detailed evaluation of systems, and the threats and vulnerabilities against these systems.


This is the analysis stage which will look at the physical, human, technical and social factors and their associated risks gathered from the identify stage.


Mitigation plan and roadmap to de-risk in final CVRA report


Fortis will deliver a comprehensive security assessment covering security culture, technical and organisational security to identify common attack vectors and map against these discovered vulnerabilities.


Our consultant will produce a final report including a set of prioritised risks and recommended remediation activities and a summary visual maturity model that details the status of each risk.

Table Only-01.png


Comprehensive security assessment of earlier phase outcomes

bottom of page