Handling residual risks
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
Residual risks refer to the risks that remain after you apply all treatments you consider worthy, and you should consider these alternatives to treat them:
- If the risk level is below the acceptable level of risk, then you do nothing besides getting acceptance of the residual risk by top management
- If the risk level is above the acceptable level of risk, then you need to find out some new (and better) ways to mitigate those risks
- If the risk level is above the acceptable level of risk, and the costs of decreasing such risks would be higher than the impact itself, then you need to propose to the management to accept these high risks.
This article will provide you further explanation about residual risks:
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
- 4 mitigation options in risk treatment acc ording to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
Comment as guest or Sign in
Apr 08, 2019