Today, risk management has become a key activity in the management of organisations and the reporting to regulators. Many regulations and standards require organisations to have a risk-based approach for service management, quality management and information security management. However, it remains a challenge to develop a pragmatic, compliant and efficient risk management approach that will produce relevant and maintainable results. With this in mind, the Luxembourg Institute of Science and Technology (LIST) offers TISRIM, a tool that guides organisations in implementing risk management in an easy, efficient and autonomous manner.


TISRIM is currently provided as a Microsoft Excel Sheet and includes the information required for risk management within the guidelines of ISO/IEC 31000, developed by specialists in risk management. Fully aligned with international best practices in risk management and national requirements, the application also includes numerous macros to increase the timeliness of such a study and automate most of the process.

The target markets for this application are organizations (from small to large) with a security manager or risk manager leading the process and gathering relevant information from different stakeholders. It includes companies performing several risk management processes on different scopes within the company.

TISRIM is under development to be accessible on the RegTech national platform through a web access.


  • compliance with the standards ISO 31000, ISO/IEC 27005, ENISA guidelines, CSSF circulars, makes the tool suitable for any type of organization including SME.
  • facilitates and accelerates the risk assessment process and related reporting to regulators
  • produces comparable, reproducible and maintainable results
  • extensions available for Telecommunications Service Providers (TSP), Support PSF and others (under development)

Potential Applications

TISRIM can be used for:

  • consultants who want to perform a risk assessment for their clients
  • the internal risk managers, compliance managers, IT team and the SSI practitioners to carry out a risk assessment of their company
  • certification and reporting
Domaines de recherche
  • IT

Partager cette page :

Propriété Intellectuelle

The application and the supporting method are protected by copyrights and registered through I-depots at the OBPI.

Types de collaboration

LIST is currently seeking partners or companies interested in using or commercializing this application.

License Agreement

Joint further development

Research Collaboration


Dr Nicolas MAYER
Dr Nicolas MAYER

Department: IT for Innovative Services (ITIS)

Envoyer un e-mail
 Jennifer DOS SANTOS

Valorisation and Transfer Officer

Envoyer un e-mail