A clarification on risk assessment/ treatment
Assign topic to the user
ISO 27001:2013 does not require you to comply with ISO 31000, nor with ISO 27005 when performing your risk assessment - basically, you have to create your own risk assessment methodology (compliant with ISO 27001) that suits your company.
See also these articles:
How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
ISO 31000 and ISO 27001 How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
Comment as guest or Sign in
Jan 12, 2016