How detailed should be the risk assessment?
Assign topic to the user
Answer: No, in most cases people tend to over-complicate the risk assessment - essentially, ISO 27001 requires you only the following 5 elements:
- Identifying the risk
- Risk owner
- Risk impact
- Risk likelihood
- Level of risk
Therefore, if you want your risk assessment to be simple, you just need to limit it to these 5 elements. This article will explain you how to do it: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
2) What are the points more relevant to perform the risk assessment in a consistent way?
Besides having a clear risk assessment methodology, you have to perform all the 6 steps in the risk assessment process - see this article for explanation: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Comment as guest or Sign in
Apr 12, 2016