Guest
Are residual risks mandatory?
Regarding the residual risk review (after controls applied) – does this have to be done for the standard?
Assign topic to the user
Expert
Dejan Kosutic
Dec 09, 2016
Answer: Clause 6.1.3 f) of ISO 27001 requires risk owners to accept the residual risks, therefore you need to identify the residual risks, and evaluate the level of those residual risks.
See also this article: Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
Comment as guest or Sign in
Dec 09, 2016
Dec 09, 2016
Dec 09, 2016