Within the file 06.1_Appendix_1_Risk_Assessment_Table_27001_EN.xlsx, example given for laptops' Asset owner is "User".
Considering ISO 27002 recommendations, the laptop "User" seems not fitting the role of Asset Owner in accordance to ISO 27002:2022. May I know how to counter the auditor's response if he or she raise the concern?
Hello, In 10.1 Appendix 1 the risk assessment table, do we need to enter each individual laptop/desktop computer with the various risks and vulnerabilities? Or is it acceptable to have an entry for laptops that goes through all the various risks and vulnerabilities that all laptops our company owns faces?
I bought in the past the the Advisera - ISO 27001-EU GDPR templates, but when I started using the Risk_Assessment_Table_27A_EN I found that the catalogue of Threats and Vulnerabilities is not enough and complete to manage a risk assessment in a good way. if there is a more detailed list of Threats and Vulnerabilities ?
Hello Advisera Team,
I have a question about Vulnerabilities in Risk assessment in ISO 27001: is it something which already has place, or something which could potentially happen in the future?
I mean, in your example below, if we have UPS, fire extinguisher, and fire protection, are all those risks not relevant for us? So we don’t enter them in our Risk Assessment Table?