Combining ISO 27001 and ISO 9001 risk assessment
Assign topic to the user
Answer:
At the moment we do not see a practical way to combine risk assessment according to ISO 27001 and ISO 9001 - the methodologies are different, types of risks are quite different, and also the treatment is different. So we think it is better to do a separate risk assessment for ISMS and for QMS.
However, risk assessment in ISO 9001 is quite a new topic, and we're watching closely how the best practice will develop - if some methodology appears that will cover both standards, we will certainly recommend it.
There articles may also help you:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- Methodology for ISO 9001 Risk Analysis https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
Comment as guest or Sign in
Sep 19, 2016