Doing risk assessment department wise
Assign topic to the user
ISO 27001 does not define how you should organize risk assessment - in any case, for all of your departments you should use the same risk assessment methodology. However, if your company is not very small, i.e. if it is bigger than 20 employees, it would be good to organize risk assessment by departments because it makes it easier to speak to the right people.
See also this article: How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 12, 2016