Expert Advice Community

Guest

External vendor performing the Risk assessmentPhone handset, Asset?

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

External vendor performing the Risk assessmentPhone handset, Asset?

0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Guest
AntonioS Jan 13, 2016

Is there any part of the risk assessment methodology and process, per your template, that an external vendor performing the assessment and consulting on the isms can not do?
 

Answer:

I am not sure what you mean, but any part of the risk assessment methodology and process of our templates can be done by any person that knows your business, so you can have external help for this (although the evaluation of impact and likelihood in most cases cannot be done by external consultant), but it won’t be necessary because if you buy our templates you will have our support.
Generally if you hire an external company, or external experts, to perform all activities related to the risk assessment, it will be most expensive.
Finally, these articles can be interesting for you:
“5 criteria for choosing an ISO 22301 / ISO 27001 consultant” : https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/ 
“Do you really need a consultant for ISO 27001 / BS 25999 implementation?” : https://advisera.com/27001academy/blog/2011/12/06/do-you-really-need-a-consultant-for-iso-27001-bs-25999-implementation/ We have received this question:

Would a phone handset be considered an asset falling under the jurisdiction of iso 27001?
 

Answer:

From my point of view, generally no. In accordance with ISO 27000 (this standard defines terms of information security) an asset is “anything that has value to the organisation”, and I think that a phone handset has low value for an organization, although can be important to consider phones, smartphones, etc.
Anyway if you want, or if in your business a phone handset is important, you can have in your asset inventory this asset.
Regarding the asset inventory, this article can be interesting for you “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations