Risk assessment monitoring
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
Answer:
Risk assessment should be monitored against recorded events, incidents and non-compliances, processes performance results, and changes on the context of the organization.
All these inputs can show trends on risks that may require risks on the risk assessment to be adjusted to fix it, either by means of including/excluding risks, changing probability and/or impact values of existent risks, or by changing the treatment or controls for those risks.
These inputs are often considered during periodic process performance evaluation or during management review.
These articles will provide you further explanation about monitoring:
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Nov 26, 2018