Guest
Filling the risk assessment template
Our company has bought the documentation package for ISO 27001 from you. At the moment we are in Chapter 6 in the Risk Assessment and are currently setting the level of risk. Does the information value about the threat, vulnerability, extent of damage and likelihood of occurrence fall into an area where the risk is initially accepted and monitored, does one have to enter an "existing measure" in the last column?
Assign topic to the user
Expert
Rhand Leal
Jul 06, 2018
Answer: If you have existing measures you believe are related to the identified risk, you have to include them in the last column, even if the risk value falls as an acceptable risk. Probably these measures are the reason for the low value of the risk and your organization must be aware of them in the risk assessment and treatment process.
By the way, included in the toolkit you have access to a video tutorial that can help you fill the risk assessment template.
Comment as guest or Sign in
Jul 06, 2018
Jul 06, 2018
Jul 06, 2018