European law dictates that companies, financial corporations and government agencies are required to secure their sensitive personal data. Although every sector has their own security regulations they all work in similar way: software and hardware must comply to strict and detailed rules and procedures. The organisations have to prove their continuous efforts to comply to these regulations, failures to comply are heavily fined. Every organisation is responsible for their own security, meaning that risk assessments are essential. In this article Infosecurity Magazine asked SRC Secure Solutions about their field experiences with independent risk assessments.