Guest
Changing risk scale in Conformio
Could you provide more clarification about why a scale from 1-3 was used for the risks instead of 1-5?
Assign topic to the user
Expert
Rhand Leal
Sep 01, 2021
ISO 27001 does not prescribe which scale to be adopted, so we adopted a 1-3 scale to make risk assessment simpler and practical (a 1-5 scale will involve more values and alternatives).
These articles will help you:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
By the way, the risk assessment process is also explained in this free online training:
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Sep 01, 2021
Sep 01, 2021
Sep 01, 2021