Expert Advice Community

Home / ISO 27001 & 22301 / Combining ISO 27001 and ISO 9001 risk assessment

Guest

Combining ISO 27001 and ISO 9001 risk assessment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Sep 19, 2016 Last commented:   Sep 19, 2016

Combining ISO 27001 and ISO 9001 risk assessment

ISO 27001 & 22301
How can we combine the risk register of ISMS to QMS Risk Clause (6)?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.
Expert
Dejan Kosutic Sep 19, 2016

Answer:

At the moment we do not see a practical way to combine risk assessment according to ISO 27001 and ISO 9001 - the methodologies are different, types of risks are quite different, and also the treatment is different. So we think it is better to do a separate risk assessment for ISMS and for QMS.

However, risk assessment in ISO 9001 is quite a new topic, and we're watching closely how the best practice will develop - if some methodology appears that will cover both standards, we will certainly recommend it.

There articles may also help you:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- Methodology for ISO 9001 Risk Analysis https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 19, 2016

Sep 19, 2016

Suggested Topics
Anna Browne Created:   Feb 13, 2025 ISO 27001 & 22301
Replies: 0
0 0

Edit Risk register
LindaK Created:   Sep 08, 2024 ISO 27001 & 22301
Replies: 1
0 0

Template for ISO27001 Audit program
Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan