LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Are residual risks mandatory?

  Quote
Guest
Guest user Created:   Dec 09, 2016 Last commented:   Dec 09, 2016

Are residual risks mandatory?

Regarding the residual risk review (after controls applied) – does this have to be done for the standard?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Expert
Dejan Kosutic Dec 09, 2016

Answer: Clause 6.1.3 f) of ISO 27001 requires risk owners to accept the residual risks, therefore you need to identify the residual risks, and evaluate the level of those residual risks.

See also this article: Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 09, 2016

Dec 09, 2016

Suggested Topics