Guest
Risk Acceptance Criteria
Our org is ISO 27001 certified. I want to design a Risk acceptance criteria policy and need help with that. Actually, a few control on risk contain high finance, so in this scenario how could we accept it by the approval of Mgmt?
Assign topic to the user
The organization can accept the risk, but as you know it is necessary to establish a criteria. What criteria? Please read this article Risk appetite and its influence over ISO 27001 implementation: https://advisera.com/27001academy/blog/2014/09/08/risk-appetite-influence-iso-27001-implementation/
And always you have to generate evidences, in this case for the approval of the Top Management you can use a record of a meeting.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016