Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Asset owner and risk owner - how exactly are the two differentiated?

  Quote
Guest
DejanK Created:   Jan 12, 2016

Asset owner and risk owner - how exactly are the two differentiated?

I've received this question:
"Regarding the “asset owner” and “risk owner” when it comes to people. How exactly are the two differentiated? For example – a Network Administrator. Would the asset owner be “self” and risk owner be “department manager”?
Answer: I assume you are asking a question related to people as assets in terms of ISO 27001. For Network Administrator, the asset owner would be his direct boss - e.g. the Head of IT department; risk owners should be people who can resolve particular risks - e.g.:
risk of performing wrong activities because of non-existing rules - risk owner could be Head of IT department risk of performing wrong activities because of lack of training - risk owner could be Head of HR department
This article can also help you: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016