Guest
Doing risk assessment department wise
One question why risk assessment in ISO 27001 needs to be done department wise like for IT is different, Sales it is different so what is the need to do it separately.
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 does not define how you should organize risk assessment - in any case, for all of your departments you should use the same risk assessment methodology. However, if your company is not very small, i.e. if it is bigger than 20 employees, it would be good to organize risk assessment by departments because it makes it easier to speak to the right people.
See also this article: How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016