Expert Advice Community

Guest

27001 Risk Management

  Quote
Guest
Guest user Created:   Nov 25, 2020 Last commented:   Nov 25, 2020

27001 Risk Management

Just wondering if Risk Management in 27001 differs in anyway from the 31000:2018 as far as the methodology.

IE should IS Risks under 27001 be managed differently to other business risks which typically fall under 31000?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 25, 2020

Please note that ISO 27001 only defines requirements for a risk assessment and risk treatment process, while ISO 31000 defines a methodology.
 
ISO 27001 has a note just after clause 6.1.3 informing that its risk assessment and treatment process is aligned with ISO 31000.

These articles will provide you a further explanation about risk management:
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
- How to address opportunities in ISO 27001 risk management using ISO 31000 https://advisera.com/27001academy/blog/2018/04/13/how-to-address-opportunities-in-iso-27001-risk-management-using-iso-31000/
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/ 

This material will also help you regarding risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 25, 2020

Nov 25, 2020

Suggested Topics