Capability domain
Risk, Impact & Harm Analysis
Identify exposures and prioritise risks using structured and defensible analysis
Overview
The Halderstone Capability Framework defines six core capabilities required to design, operate, and improve management systems.
Overview
The Halderstone Capability Framework defines six core capabilities required to design, operate, and improve management systems.
This capability domain focuses on identifying exposures, analysing impact pathways, and prioritising risks using structured and defensible methods.
It covers the practices used to understand how organisational activities, technologies, and external conditions can create harm, disruption, or loss, and how those exposures should be evaluated and prioritised.
Topics in this domain include risk identification, impact and harm reasoning, significance assessment, and practical approaches to uncertainty and trade-offs. The goal is to support clear prioritisation and decision-ready risk information that informs governance, control design, and strategic planning.
Halderstone Advisory
Advisory services in risk analysis
Halderstone Advisory
Advisory services in risk analysis
Halderstone Academy
Training modules about risk analysis
Halderstone Academy
Training modules about risk analysis
HAM-AG-C-07
Risk Management
Build the capability to surface, structure and act on risk while action is still possible
Live virtual
16 hours
CHF
1,450
View module
HAM-AG-C-12
Supplier Management
Manage suppliers and outsourced processes across requirements, selection, onboarding, oversight, change and exit
Live virtual
10 hours
CHF
900
View module
HAM-IS-DF-01
Mechanisms of Information Security Controls
Understand how preventive, detective and corrective controls work together across access, cryptography, monitoring, incident response, backup and recovery
Live virtual
16 hours
CHF
1,450
View module
HAM-IS-S-01
ISMS Scope & Statement of Applicability
Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)
Live virtual
7 hours
CHF
550
View module
HAM-IS-S-02
Information Security Risk Management
Systematically assess, treat and document information security risks with traceable decisions in line with ISO/IEC 27001
Live virtual
7 hours
CHF
550
View module
HAM-IS-S-03
Operational Control in Information Security
Plan, implement and operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001
Live virtual
7 hours
CHF
550
View module
HAM-AI-DF-02
AI Limitations & Failure Modes
AI uncertainty, limitations and common failure modes across predictive and generative AI systems
Live virtual
7 hours
CHF
550
View module
HAM-AI-S-02
AI Risk, Impact & Harm Assessment
Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system
Live virtual
7 hours
CHF
550
View module
HAM-AI-S-03
Operational Control of AI Systems
Define, implement and maintain operational controls for AI systems across deployment, change and monitoring
Live virtual
7 hours
CHF
550
View module
HAM-BC-S-01
Business Impact Analysis
Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements
Live virtual
7 hours
CHF
550
View module
HAM-DP-DF-01
Data Protection Principles
Privacy roles, obligations and controls in organisations, aligned with common national and international data protection requirements
Live virtual
7 hours
CHF
550
View module
HAM-DP-S-02
Privacy Risk & Impact Assessment (DPIA)
Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS
Live virtual
7 hours
CHF
550
View module
HAM-DP-S-03
Operational Privacy Controls
Implement role-based privacy controls and data subject rights handling within an ISO/IEC 27701-aligned PIMS
Live virtual
7 hours
CHF
550
View module
HAM-EM-S-01
Environmental Aspects & Impacts Assessment
Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context
Live virtual
7 hours
CHF
550
View module
HAM-EM-S-02
Environmental Operational Control
Control operations in an environmentally sound and compliant manner in line with ISO 14001
Live virtual
7 hours
CHF
550
View module
HAM-AG-A-03
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Live virtual
7 hours
CHF
550
View module
HAM-IS-A-01
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Live virtual
7 hours
CHF
550
View module
HAM-AI-A-01
Auditing AI Risk & Impact Management
Evaluate harm, impact and risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Live virtual
7 hours
CHF
550
View module
HAM-EM-A-01
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Live virtual
7 hours
CHF
550
View module
HAM-BC-A-01
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Live virtual
7 hours
CHF
550
View module
HAM-DP-A-01
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Live virtual
7 hours
CHF
550
View module
HAM-AG-C-07
Risk Management
Build the capability to surface, structure and act on risk while action is still possible
Live virtual
16 hours
CHF
1,450
View module
HAM-AG-C-12
Supplier Management
Manage suppliers and outsourced processes across requirements, selection, onboarding, oversight, change and exit
Live virtual
10 hours
CHF
900
View module
HAM-IS-DF-01
Mechanisms of Information Security Controls
Understand how preventive, detective and corrective controls work together across access, cryptography, monitoring, incident response, backup and recovery
Live virtual
16 hours
CHF
1,450
View module
HAM-IS-S-01
ISMS Scope & Statement of Applicability
Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)
Live virtual
7 hours
CHF
550
View module
HAM-IS-S-02
Information Security Risk Management
Systematically assess, treat and document information security risks with traceable decisions in line with ISO/IEC 27001
Live virtual
7 hours
CHF
550
View module
HAM-IS-S-03
Operational Control in Information Security
Plan, implement and operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001
Live virtual
7 hours
CHF
550
View module
HAM-AI-DF-02
AI Limitations & Failure Modes
AI uncertainty, limitations and common failure modes across predictive and generative AI systems
Live virtual
7 hours
CHF
550
View module
HAM-AI-S-02
AI Risk, Impact & Harm Assessment
Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system
Live virtual
7 hours
CHF
550
View module
HAM-AI-S-03
Operational Control of AI Systems
Define, implement and maintain operational controls for AI systems across deployment, change and monitoring
Live virtual
7 hours
CHF
550
View module
HAM-BC-S-01
Business Impact Analysis
Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements
Live virtual
7 hours
CHF
550
View module
HAM-DP-DF-01
Data Protection Principles
Privacy roles, obligations and controls in organisations, aligned with common national and international data protection requirements
Live virtual
7 hours
CHF
550
View module
HAM-DP-S-02
Privacy Risk & Impact Assessment (DPIA)
Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS
Live virtual
7 hours
CHF
550
View module
HAM-DP-S-03
Operational Privacy Controls
Implement role-based privacy controls and data subject rights handling within an ISO/IEC 27701-aligned PIMS
Live virtual
7 hours
CHF
550
View module
HAM-EM-S-01
Environmental Aspects & Impacts Assessment
Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context
Live virtual
7 hours
CHF
550
View module
HAM-EM-S-02
Environmental Operational Control
Control operations in an environmentally sound and compliant manner in line with ISO 14001
Live virtual
7 hours
CHF
550
View module
HAM-AG-A-03
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Live virtual
7 hours
CHF
550
View module
HAM-IS-A-01
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Live virtual
7 hours
CHF
550
View module
HAM-AI-A-01
Auditing AI Risk & Impact Management
Evaluate harm, impact and risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Live virtual
7 hours
CHF
550
View module
HAM-EM-A-01
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Live virtual
7 hours
CHF
550
View module
HAM-BC-A-01
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Live virtual
7 hours
CHF
550
View module
HAM-DP-A-01
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Live virtual
7 hours
CHF
550
View module
HAM-AG-C-07
Risk Management
Build the capability to surface, structure and act on risk while action is still possible
Live virtual
CHF
1,450
16 hours
View module
HAM-AG-C-12
Supplier Management
Manage suppliers and outsourced processes across requirements, selection, onboarding, oversight, change and exit
Live virtual
CHF
900
10 hours
View module
HAM-IS-DF-01
Mechanisms of Information Security Controls
Understand how preventive, detective and corrective controls work together across access, cryptography, monitoring, incident response, backup and recovery
Live virtual
CHF
1,450
16 hours
View module
HAM-IS-S-01
ISMS Scope & Statement of Applicability
Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)
Live virtual
CHF
550
7 hours
View module
HAM-IS-S-02
Information Security Risk Management
Systematically assess, treat and document information security risks with traceable decisions in line with ISO/IEC 27001
Live virtual
CHF
550
7 hours
View module
HAM-IS-S-03
Operational Control in Information Security
Plan, implement and operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001
Live virtual
CHF
550
7 hours
View module
HAM-AI-DF-02
AI Limitations & Failure Modes
AI uncertainty, limitations and common failure modes across predictive and generative AI systems
Live virtual
CHF
550
7 hours
View module
HAM-AI-S-02
AI Risk, Impact & Harm Assessment
Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system
Live virtual
CHF
550
7 hours
View module
HAM-AI-S-03
Operational Control of AI Systems
Define, implement and maintain operational controls for AI systems across deployment, change and monitoring
Live virtual
CHF
550
7 hours
View module
HAM-BC-S-01
Business Impact Analysis
Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements
Live virtual
CHF
550
7 hours
View module
HAM-DP-DF-01
Data Protection Principles
Privacy roles, obligations and controls in organisations, aligned with common national and international data protection requirements
Live virtual
CHF
550
7 hours
View module
HAM-DP-S-02
Privacy Risk & Impact Assessment (DPIA)
Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS
Live virtual
CHF
550
7 hours
View module
HAM-DP-S-03
Operational Privacy Controls
Implement role-based privacy controls and data subject rights handling within an ISO/IEC 27701-aligned PIMS
Live virtual
CHF
550
7 hours
View module
HAM-EM-S-01
Environmental Aspects & Impacts Assessment
Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context
Live virtual
CHF
550
7 hours
View module
HAM-EM-S-02
Environmental Operational Control
Control operations in an environmentally sound and compliant manner in line with ISO 14001
Live virtual
CHF
550
7 hours
View module
HAM-AG-A-03
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Live virtual
CHF
550
7 hours
View module
HAM-IS-A-01
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Live virtual
CHF
550
7 hours
View module
HAM-AI-A-01
Auditing AI Risk & Impact Management
Evaluate harm, impact and risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Live virtual
CHF
550
7 hours
View module
HAM-EM-A-01
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Live virtual
CHF
550
7 hours
View module
HAM-BC-A-01
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Live virtual
CHF
550
7 hours
View module
HAM-DP-A-01
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Live virtual
CHF
550
7 hours
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.