Budgeting the selected controls
Assign topic to the user
Answer:
Actually, clause 6.2 of ISO 27001 requires creation of a plan which will include what resources will be required for the implementation of controls - this also includes the planning of financial resources.
We have included this financial planning in our Risk treatment plan, you can see how the template looks like here: https://advisera.com/27001academy/documentation/risk-treatment-plan/
This article may also help you: Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Thank you for the answer Dejan. Can it alternatively be documented separately if the client considers this is more convenient?
Sure, you can document the budget separately, but then you have to refer to that budget from your Risk treatment plan.
Comment as guest or Sign in
Jun 10, 2016