Expert Advice Community

Guest

Asset based or process based?

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Asset based or process based?

0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

I need one clarification on risk assessment , risk treatment and SOA, for ISO27001:2013 is based on "Business process" or it is Asset base.
This is a confusion, some say's it is Asset base and some says as per new revision it is "business process base".
I need your audiences or related link for more information, on the said subject.
 

Answer:

ISO 27001:2013 is not based on asset and neither on business process, this mean that you are free to develop your methodology on the base that you want (asset or business process). Although generally is recommendable a risk methodology based on asset.
This article can be interesting for you “What has changed in risk assessment in ISO 27001:2013” : https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016