Welcome to Meharipedia.org.
This site is focused on the risk management methods
based on the Mehari risk model.
The objectives of Meharipedia are:
- To facilitate the exchange of experiences and ideas in the domain of information security and risk management;
- To share knowledge between the practitioners of the method;
- To provide synthetic views on the state of the art and related techniques;
- To contribute to the creation and diffusion of the Mehari applications (knowledge bases).
- To reference additional actions (education, certification, trainings, services, …) concerning Mehari.
MEHARI is an Open Source and free methodology
integrated and achieved for the assessment and management of risks associated to information and its treatments.
MEHARI is developed and updated since 1996 by CLUSIF and CLUSIQ.
MEHARI is compliant to the guidelines set by ISO 27005:2011 standard, itself aligned on ISO 31000, and allows the seamless integration of risk into an ISO 27001:2013 ISMS process, thanks to management involvement and awareness of the users, stakeholders and operation managers.
Following the risk assessment, MEHARI proposes additional management directions, security measures and plans, thus creating the basis for coherent information security policies.
MEHARI Expert knowledge base is a 2017 revision of Mehari 2010 providing links to ISO 27001:2013 update
plus several facilitating additions .
The other knowledge bases of MEHARI (Standard, Manager and Pro) are available only in French. Volunteers are seeked for English and other language editions.
Please take time to fill the contact form used exclusively for future notifications to you, like notice of revision or new information. It is an opportunity for us to dialog with you.
To preserve your anonymity, you can let empty any field of the form below.
User guides and documents (English and other languages)
MEHARI is a trademark of CLUSIF