Expert Advice Community

Guest

6.1.3 (f) and acceptance by top management

  Quote
Guest
Guest user Created:   Aug 03, 2020 Last commented:   Aug 03, 2020

6.1.3 (f) and acceptance by top management

Quick question: 6.1.3 (f) requires Risk owner to accept the risk treatment plan and residual risks. In your templates (risk treatment plan, Method for risk evaluation and treatment), the risk can be accepted by TOP management. Is this still conform with 6.1.3 (f) or do we have to get approval from all risk owners?

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 03, 2020

Please note that in the template the risks are accepted by top management on behalf of the risk owners, i.e., the acceptance is made according to what is defined by risk owners, so this approach fulfills clause 6.1.3 (f), and approval of all risk owners is not needed.

This article will provide you a further explanation about risk owner:

This material will also help you regarding risk management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 03, 2020

Aug 03, 2020

Suggested Topics