Expert Advice Community

Home / ISO 27001 & 22301 / A clarification on risk assessment/ treatment

Guest

A clarification on risk assessment/ treatment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

A clarification on risk assessment/ treatment

ISO 27001 & 22301
ISO 27001:2013 aligns its risk assessment & treatment  with ISO 31000 (see clause 6.1.3) but ISO 27002:2013, clause 0.2  says such guidelines are provided by ISO 27005. Which one should be followed?
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.
Guest
DejanK Jan 12, 2016

ISO 27001:2013 does not require you to comply with ISO 31000, nor with ISO 27005 when performing your risk assessment - basically, you have to create your own risk assessment methodology (compliant with ISO 27001) that suits your company.

See also these articles:

How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Manuel Lopez Created:   17h ago ISO 27001 & 22301
Replies: 0
0 0

We completed the Treatment for the SOA but the SEND APPROVAL is grayed out (to send for Resource approval)
Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 0
0 0

Risk treatment plan
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks