Capability domain
Risk, Impact & Harm Analysis
Identify exposures and prioritise risks using structured and defensible analysis
Overview
The Halderstone Capability Framework defines six core capabilities required to design, operate, and improve management systems.
Overview
The Halderstone Capability Framework defines six core capabilities required to design, operate, and improve management systems.
This capability domain focuses on identifying exposures, analysing impact pathways, and prioritising risks using structured and defensible methods.
It covers the practices used to understand how organisational activities, technologies, and external conditions can create harm, disruption, or loss, and how those exposures should be evaluated and prioritised.
Topics in this domain include risk identification, impact and harm reasoning, significance assessment, and practical approaches to uncertainty and trade-offs. The goal is to support clear prioritisation and decision-ready risk information that informs governance, control design, and strategic planning.
Halderstone Advisory
Advisory services in risk analysis
Halderstone Advisory
Advisory services in risk analysis
Halderstone Academy
Training modules about risk analysis
Halderstone Academy
Training modules about risk analysis
Risk Management
Systematically identify, evaluate, treat & monitor risks and opportunities across management systems
Duration
7 h
List price
CHF 550
View module
Supplier Management
Select, qualify & control suppliers and outsourced processes across their lifecycle
Duration
7 h
List price
CHF 550
View module
Mechanisms of Preventive Security Controls
Core concepts in preventive controls, including access management, cryptography, secure configuration & protective design
Duration
7 h
List price
CHF 750
View module
Mechanisms of Detective & Corrective Security Controls
Core concepts in detective & corrective controls, including logging, monitoring, incident response, backup & recovery
Duration
7 h
List price
CHF 750
View module
ISMS Scope & Statement of Applicability
Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Systematically assess, treat & document information security risks with traceable decisions in line with ISO/IEC 27001
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Plan, implement & operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001
Duration
7 h
List price
CHF 550
View module
AI Limitations & Failure Modes
AI uncertainty, limitations & common failure modes across predictive and generative AI systems
Duration
7 h
List price
CHF 550
View module
AI Risk, Impact & Harm Assessment
Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system
Duration
7 h
List price
CHF 550
View module
Operational Control of AI Systems
Define, implement & maintain operational controls for AI systems across deployment, change and monitoring
Duration
7 h
List price
CHF 550
View module
Business Impact Analysis
Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements
Duration
7 h
List price
CHF 550
View module
Data Protection Principles
Privacy roles, obligations & controls in organisations, aligned with common national and international data protection requirements
Duration
7 h
List price
CHF 550
View module
Privacy Risk & Impact Assessment (DPIA)
Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS
Duration
7 h
List price
CHF 550
View module
Operational Privacy Controls
Implement role-based privacy controls & data subject rights handling within an ISO/IEC 27701-aligned PIMS
Duration
7 h
List price
CHF 550
View module
Environmental Aspects & Impacts Assessment
Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context
Duration
7 h
List price
CHF 550
View module
Environmental Operational Control
Control operations in an environmentally sound and compliant manner in line with ISO 14001
Duration
7 h
List price
CHF 550
View module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
7 h
List price
CHF 550
View module
Auditing AI Risk & Impact Management
Evaluate harm, impact & risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Duration
7 h
List price
CHF 550
View module
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Duration
7 h
List price
CHF 550
View module
Risk Management
Systematically identify, evaluate, treat & monitor risks and opportunities across management systems
Duration
7 h
List price
CHF 550
View module
Supplier Management
Select, qualify & control suppliers and outsourced processes across their lifecycle
Duration
7 h
List price
CHF 550
View module
Mechanisms of Preventive Security Controls
Core concepts in preventive controls, including access management, cryptography, secure configuration & protective design
Duration
7 h
List price
CHF 750
View module
Mechanisms of Detective & Corrective Security Controls
Core concepts in detective & corrective controls, including logging, monitoring, incident response, backup & recovery
Duration
7 h
List price
CHF 750
View module
ISMS Scope & Statement of Applicability
Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Systematically assess, treat & document information security risks with traceable decisions in line with ISO/IEC 27001
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Plan, implement & operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001
Duration
7 h
List price
CHF 550
View module
AI Limitations & Failure Modes
AI uncertainty, limitations & common failure modes across predictive and generative AI systems
Duration
7 h
List price
CHF 550
View module
AI Risk, Impact & Harm Assessment
Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system
Duration
7 h
List price
CHF 550
View module
Operational Control of AI Systems
Define, implement & maintain operational controls for AI systems across deployment, change and monitoring
Duration
7 h
List price
CHF 550
View module
Business Impact Analysis
Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements
Duration
7 h
List price
CHF 550
View module
Data Protection Principles
Privacy roles, obligations & controls in organisations, aligned with common national and international data protection requirements
Duration
7 h
List price
CHF 550
View module
Privacy Risk & Impact Assessment (DPIA)
Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS
Duration
7 h
List price
CHF 550
View module
Operational Privacy Controls
Implement role-based privacy controls & data subject rights handling within an ISO/IEC 27701-aligned PIMS
Duration
7 h
List price
CHF 550
View module
Environmental Aspects & Impacts Assessment
Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context
Duration
7 h
List price
CHF 550
View module
Environmental Operational Control
Control operations in an environmentally sound and compliant manner in line with ISO 14001
Duration
7 h
List price
CHF 550
View module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
7 h
List price
CHF 550
View module
Auditing AI Risk & Impact Management
Evaluate harm, impact & risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Duration
7 h
List price
CHF 550
View module
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Duration
7 h
List price
CHF 550
View module
Risk Management
Systematically identify, evaluate, treat & monitor risks and opportunities across management systems
Duration
7 h
List price
CHF 550
View module
Supplier Management
Select, qualify & control suppliers and outsourced processes across their lifecycle
Duration
7 h
List price
CHF 550
View module
Mechanisms of Preventive Security Controls
Core concepts in preventive controls, including access management, cryptography, secure configuration & protective design
Duration
7 h
List price
CHF 750
View module
Mechanisms of Detective & Corrective Security Controls
Core concepts in detective & corrective controls, including logging, monitoring, incident response, backup & recovery
Duration
7 h
List price
CHF 750
View module
ISMS Scope & Statement of Applicability
Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Systematically assess, treat & document information security risks with traceable decisions in line with ISO/IEC 27001
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Plan, implement & operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001
Duration
7 h
List price
CHF 550
View module
AI Limitations & Failure Modes
AI uncertainty, limitations & common failure modes across predictive and generative AI systems
Duration
7 h
List price
CHF 550
View module
AI Risk, Impact & Harm Assessment
Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system
Duration
7 h
List price
CHF 550
View module
Operational Control of AI Systems
Define, implement & maintain operational controls for AI systems across deployment, change and monitoring
Duration
7 h
List price
CHF 550
View module
Business Impact Analysis
Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements
Duration
7 h
List price
CHF 550
View module
Data Protection Principles
Privacy roles, obligations & controls in organisations, aligned with common national and international data protection requirements
Duration
7 h
List price
CHF 550
View module
Privacy Risk & Impact Assessment (DPIA)
Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS
Duration
7 h
List price
CHF 550
View module
Operational Privacy Controls
Implement role-based privacy controls & data subject rights handling within an ISO/IEC 27701-aligned PIMS
Duration
7 h
List price
CHF 550
View module
Environmental Aspects & Impacts Assessment
Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context
Duration
7 h
List price
CHF 550
View module
Environmental Operational Control
Control operations in an environmentally sound and compliant manner in line with ISO 14001
Duration
7 h
List price
CHF 550
View module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
7 h
List price
CHF 550
View module
Auditing AI Risk & Impact Management
Evaluate harm, impact & risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Duration
7 h
List price
CHF 550
View module
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Duration
7 h
List price
CHF 550
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.