CRAMM is method for information security risk analysis and management.
CRAMM was applicable to all types of information systems and networks and can be applied at all stages in the information system lifecycle, from planning and feasibility, through development and implementation to live operation. RAC it replace RAC RAMSES own methodology, which is based on the recommendations and procedures of ISO/IEC 27005.
Support for the CRAMM tool will be available until the end of 2014. Licensed sales of CRAMM are not currently available. We offer the existing users of CRAMM the possibility to use our analytical tool RAMSES that was created using RAC RAMSES based methodology. One of its features is the possibility of transforming and utilizing the existing analytical outputs, taken in previous periods with CRAMM. Find out more on the RAMSES website.