SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Are residual risks mandatory?

Guest

Are residual risks mandatory?

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Dec 09, 2016 Last commented:   Dec 09, 2016

Are residual risks mandatory?

ISO 27001 & 22301
Regarding the residual risk review (after controls applied) – does this have to be done for the standard?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.
Expert
Dejan Kosutic Dec 09, 2016

Answer: Clause 6.1.3 f) of ISO 27001 requires risk owners to accept the residual risks, therefore you need to identify the residual risks, and evaluate the level of those residual risks.

See also this article: Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 09, 2016

Dec 09, 2016

Suggested Topics
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations
Guest user Created:   Aug 10, 2023 ISO 27001 & 22301
Replies: 1
0 0

What asset to list when Risks relate to general or high-level assets?