ISO 27001 Implementation
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
We want to buy https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/
For example risk department want to make risk assessments and treatment is it true?
Answer:
In general, the Chief Risk Officer (CRO) role is to identify, analyze and treat significant risks to business considering its various segments (e.g., quality, legal, financial, environmental, information, etc.). This is an independent role in organizations where there are multiple processes that require risk management and it is necessary to ensure a systemic approach.
So the CRO role in implementation of ISO 27001 is to help identify and analyze (by means of risk assessment), and treat significant risks to business regarding information security.
Since this role is separated in your organization, I understand that it has the prerogative to perform the risk assessment and treatment (the project team implementing ISO 27001 would be a customer to this "service"), to ensure the use of the general approach on risk management adopted by the organization, and the application of few adjustments where and when necessary.
Regarding the purchase of the ISO 27001 and 22301 Premium Documentation Toolkit, you should consider it only if you intend to also implement ISO 22301 (for the management system for business continuity). The content of ISO 27001 Documentation Toolkit is sufficient to cover the requirements of ISO 27001, including those related to business continuity.
These articles will provide you further explanation about ISO 27001 and risk management:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
These materials will also help you regarding ISO 27001 and risk management:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 16, 2019