Expert Advice Community

Guest

Asset based or process based?

  Quote
Guest
Guest user Created:   Mar 22, 2016 Last commented:   Mar 22, 2016

Asset based or process based?

If we are free to choose between process based RA and asset based RA or as per the new standard, we are strictly supposed to follow the process based RA methodology
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia Mar 22, 2016

Answer:
I am not sure if I have understood your question, but in the new ISO 27001:2013 it is not established that the risk assessment needs to be based on assets or process, we are free to select the best methodology for the organization, although our recommendation is to use the risk assessment asset based, because generally this approach is easier.

Maybe this article about how to write your own methodology can be interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

This article can be also interesting for you “ISO 27001 risk assessment & treatment – 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

And this article can be also interesting “What has changed in risk assessment in ISO 27001:2013 ” : https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/

And our online course can be also interesting for you because we give more detailed information about the risk assessment & treatment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 22, 2016

Mar 22, 2016