Getting certification after risk assessment
I researched about ISO 27001 and this is the latest in the market. If you can help me with providing a bit about how do we actually get the certification after the risk assessment. Like how do we approach and plan? I will be very thankful to you.
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
Generally speaking, after risk assessment you need to:
- define risk treatment
- elaborate and approve the statement of applicability
- develop and implement the risk treatment plan
- operate and monitor controls (implementing corrections and improvements as necessary)
- perform internal audit
- perform management review
- implement management review decisions (including the implementation of corrections and improvements as necessary)
These articles will provide you a further explanation about ISO 27001 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Project checklist for ISO 27001 implementation (MS Word) https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
Comment as guest or Sign in
Jun 09, 2020