Home 2017-11-17T10:36:15+00:00

Welcome to Meharipedia.org. This site is focused on the risk management methods based on the Mehari risk model.

The objectives of Meharipedia are:

  • To facilitate the exchange of experiences and ideas in the domain of information security and risk management;
  • To share knowledge between the practitioners of the method;
  • To provide synthetic views on the state of the art and related techniques;
  • To contribute to the creation and diffusion of the Mehari tools (knowledge bases).

MEHARI is an Open Source and free methodology
integrated and achieved for the assessment and management of risks associated to information and its treatments.
MEHARI is developed and updated since 1996 by CLUSIF and CLUSIQ.

MEHARI is compliant to the guidelines set by ISO 27005:2011 standard, itself aligned on ISO 31000, and allows the seamless integration of risk into an ISO 27001:2013 ISMS process, thanks to management involvement and awareness of the users, stakeholders and operation managers.

Following the risk assessment, MEHARI proposes additional management directions and security measures and plans, thus creating the basis for coherent information security policies.

MEHARI Expert is a revision of Mehari 2010 providing links to ISO 27001:2013 update plus several additions.
Other knowledge bases of MEHARI (Standard, Manager and Pro) are available only in French. Volunteers are seeked for English translations.

Please take time to fill the contact form used exclusively for future notifications to you, like notice of revision or new information.
We will respect your anonymity, if you let the form empty.

Download MEHARI Expert knowledge base.

A rigorous risk management method aimed at security professionals.

User guides and documents (English and other languages)

MEHARI is a trademark of CLUSIF