Hi, in based on iso27001 and 2, which area is responsibale of make the patching process after the discorvery procees from any security process
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I'm assuming that by discovery process you are referring to the risk assessment process and by patching process you are referring to the risk treatment process.
Considering that, please note that ISO 27001 does not prescribe who must be responsible for activities in the risk management process, so organizations are free to define them the best fit their needs.
In a general way, the responsible for treating risk is the risk owner and it must be chosen based on his/her interest and authority to treat the risk.
For example, the risk owner for systems that need to be patched could be the System administrator, or the Head of IT.
These articles will provide you a further explanation about risk management process and risk owner:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
This material will also help you regarding risk management process and risk owner:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Aug 19, 2020