Expert Advice Community

Home / ISO 27001 & 22301 / Evaluating risk assessment results

Guest

Evaluating risk assessment results

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 20, 2018 Last commented:   Feb 20, 2018

Evaluating risk assessment results

ISO 27001 & 22301
In the risk assessment conducted...i am using activity based approach. So for each activity assets would have been identified in the bia. How do i determine the result if one asset owner rates a laptop high compared to another asset owner who rates it as low?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.
Expert
Rhand Leal Feb 20, 2018

Answer: Considering they have used the same assessment criteria, then you should evaluate the impact of each activity to the business as a whole to make a decision. If both activities have similar impact, then you should rate the laptop as High, to ensure proper controls to the worst case scenario considered in your scope.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 20, 2018

Feb 20, 2018

Suggested Topics
Nika Created:   Jan 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

A.9.4.3 Password Management System
Guest user Created:   Mar 24, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment and SOA
Jean-Marc Desbiens Created:   Aug 27, 2025 ISO 27001 & 22301
Replies: 0
0 0

Risk level = 4, how to bring the residual risk at zero