I'm helping a organisation with their ISO27001 work.
I've seen the instructions on how to setup the riskregister which seems easy but do you have any instructions on how to work with the risk register the upcoming years and cycles after certification. (our mutal customer has implemented and certified ISO27001 in yoor tool)
It looks like you need to go through the process all over again to reach the register and all risks seems to get the riskvalus zero after a plan.
I'm looking to se the progress of making the risk smaller, filter and work with all risks in prioritization order which the auditors demand.
Can you guide me to any information, manual or video on how to work with the register after implemantation? (Or are you supposed to extract it and work in excel or alike)