Cramm

Product identity card

General information
Basic information to identify the product

Method or tool name : CRAMM (CCTA Risk Analysis and Management Method)
Vendor name : Insight Consulting
Country of origin : United Kingdom

Level of reference of the product
Details about the type of initiator of the product

Public / government organisation : British CCTA (Central Communication and Telecommunication Agency)

Identification
Specify the phases this method supports and a short description

R.A. Method phases supported

• Risk identification : In CRAMM tool
• Risk analysis : In CRAMM tool
• Risk evaluation : In CRAMM tool

Brief description of the product

• CRAMM is a risk analysis method developed by the British government organization CCTA (Central Communication and Telecommunication Agency), now renamed zhe Office of Government Commerce (OGC). A tool having the same name supports the method: CRAMM. The CRAMM method is rather difficult to use without the CRAMM tool. The first releases of CRAMM (method and tool) were based on best practices of British government organizations. At present CRAMM is the UK government’s preferred risk analysis method, but CRAMM is also used in many countries outside the UK. CRAMM is especially appropriate for large organizations, like government bodies and industry.

Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 1985
Date and identification of the last version : 2003 (version 5)

Useful links
Link for further information

Official web site : http://www.cramm.com
User group web site : http://www.crammgebruiksgroep.nl (in Dutch)
Relevant web site : http://www.insight.co.uk

Languages
List the available languages that the tool supports

Availability in European languages : English, Dutch, Czech

Price
Specify the price for the method

• Unknown

Page top

Scope

Target organisations
Defines the most appropriate type of organisations the product aims at

• Government, agencies
• Large companies

Specific sector : N/A

Geographical spread
Information concerning the spread of this tool

Used in EU member states : Many
Used in non-EU member states : Many

Level of detail
Specify the target kind of users

• Management
• Operational
• Technical

License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : No
Existing certification scheme : No

Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

• To introduce : Specialist
• To use : Specialist
• To maintain : Specialist

Consultancy support
Specify the kind of support available

Consultancy :Open market

Regulatory compliance
There is a given compliance of the product with international regulations

• GLBA
• HIPPA

Compliance to IT standards
There is a compliance with a national or international standard

• ISO/IEC 17799

Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

Availability : Registration required

Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No

Tools supporting the method
List of tools that support the product

Non commercial tools

• N/A

Commercial tools

• CRAMM expert (Insight)
• CRAMM express (Insight)

Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : No

Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : No

Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : No