Using risk assessment and treatment templates
Assign topic to the user
Answer:
Assuming that you are considering to be compliant with ISO 27001, then you have to document information related to the risk assessment and risk treatment processes. You can document this information in a single sheet, but we do not recommend this approach, because this way you will have a document that will be too big to be manageable and useful.
Fine , would you please clarify the aim from using the 07.3_Appendix_3_Risk_Assessment_and_Treatment_Report_Integrated_EN , i note that there is a redundancy of information at its contents from the methodology and risk assessment and risk treatment
though all the data regarding the risk assessment and risk treatment already mentioned at another documents with same names..so why using it ?
Answer: Besides being one of the documents required for the certification audit, the Risk Assessment and Treatment Report is a summarized version of what is defined in the Risk Assessment and Treatment Methodology, as well as of the results of the risk assessment and treatment processes, to be presented to Top Management. With this report you can present only the relevant information for top management (for example, you do not need to include in the report all risks that were accepted according your risk acceptance criteria) and make the information easier to understand.
Comment as guest or Sign in
Jan 04, 2019