Risk acceptance criteria
Assign topic to the user
Please let me know if this is sufficient for the ISO 27001 audit.
Answer: Yes. If your risk evaluation, considering your acceptance criteria, has defined that only 5 risks are considered unacceptable, you can have treatment plans only for these 5 risks.
This article will provide you further explanation about Risk acceptance criteria:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
In the video tutorials that came with your toolkit, you have access to a video about Risk Assessment Methodology that can provide you more information about risk acceptance criteria.
Comment as guest or Sign in
May 18, 2017