LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Conformio - acceptance of residual risk in reports

  Quote
Guest
Guest user Created:   Jan 11, 2022 Last commented:   Jan 11, 2022

Conformio - acceptance of residual risk in reports

My recollection is that where the residual risk was 3 or more, i.e., unacceptable, we reviewed the risk and the risk owner could decide to accept the residual risk. The fact that the risk owner accepted the risk does not seem to be recorded anywhere in the reports. Where can I find that? I can’t see where we say that a residual risk is accepted
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

Expert
Rhand Leal Jan 11, 2022

The residual risk is accepted in the Risk Register module, in the risk treatment step. After the definition of the risk treatment option and selection of applicable controls, the residual risk is automatically calculated and approved by the risk owner.

Additionally, in the Risk Assessment and Treatment Report, the accepted residual risks are listed, and in the Statement of Acceptance of Residual Risks, there is a summary of the accepted residual risks and their respective risk owners. These documents can be found in the Documents module, ISO 27001 folder, Lists Reports Statements, and Plans sub-folder.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 11, 2022

Jan 11, 2022