Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Doing risk assessment department wise

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Doing risk assessment department wise

One question why risk assessment in ISO 27001 needs to be done department wise like for IT is different, Sales it is different so what is the need to do it separately.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Guest
DejanK Jan 12, 2016

ISO 27001 does not define how you should organize risk assessment - in any case, for all of your departments you should use the same risk assessment methodology. However, if your company is not very small, i.e. if it is bigger than 20 employees, it would be good to organize risk assessment by departments because it makes it easier to speak to the right people.

See also this article: How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016