Tag: "Product: ISO 27001/Risk Assessment Table" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Asset Owner

    Within the file 06.1_Appendix_1_Risk_Assessment_Table_27001_EN.xlsx, example given for laptops' Asset owner is "User".

    Considering ISO 27002 recommendations, the laptop "User" seems not fitting the role of Asset Owner in accordance to ISO 27002:2022. May I know how to counter the auditor's response if he or she raise the concern?

  • Risk Assessment Table

    Hello, In 10.1 Appendix 1 the risk assessment table, do we need to enter each individual laptop/desktop computer with the various risks and vulnerabilities? Or is it acceptable to have an entry for laptops that goes through all the various risks and vulnerabilities that all laptops our company owns faces?

  • Risk Assessment Table

    I bought in the past the the Advisera - ISO 27001-EU GDPR templates, but  when I started using the Risk_Assessment_Table_27A_EN I found that the catalogue of Threats and Vulnerabilities is not enough and complete to manage a risk assessment in a good way. if there is a more detailed list of  Threats and Vulnerabilities ?

  • Vulnerabilities

    Hello Advisera Team,

    I have a question about Vulnerabilities in Risk assessment in ISO 27001: is it something which already has place, or something which could potentially happen in the future?

    I mean, in your example below, if we have UPS, fire extinguisher, and fire protection, are all those risks not relevant for us? So we don’t enter them in our Risk Assessment Table?

    https://i.imgur.com/5JLEMo8.png