Guest
)n the example of the Risk Treatment Plan used in the ISO 27001 online training, there was mention of reference to risks like:-
Risk no 16. Unavailability of electronic records due to accidental loss.
Risk no 32. Laptops could be stolen by external persons.
How do I get a list of this referenced risks and numbers?
Quick question: 6.1.3 (f) requires Risk owner to accept the risk treatment plan and residual risks. In your templates (risk treatment plan, Method for risk evaluation and treatment), the risk can be accepted by TOP management. Is this still conform with 6.1.3 (f) or do we have to get approval from all risk owners?